Search
Find a vulnerability
Search criteria
12 vulnerabilities by meteocontrol
VAR-201703-0231
Vulnerability from variot - Updated: 2025-04-20 23:13A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function. plural Meteocontrol WEB'log The product contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Meteocontrol WEB'log is a SCADA system from Meteocontrol, Germany, which provides different energy and power configuration management functions based on the Web using different connection (energy/industrial) equipment. A cross-site request forgery vulnerability exists in several Meteocontrol WEB'log products. A remote attacker could exploit this vulnerability to perform unauthorized operations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0231",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "weblog",
"scope": "eq",
"trust": 1.6,
"vendor": "meteocontrol",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "weblog",
"version": null
},
{
"model": "web\u0027log basic 100",
"scope": null,
"trust": 0.8,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\u0027log light",
"scope": null,
"trust": 0.8,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\u0027log pro",
"scope": null,
"trust": 0.8,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\u0027log pro unlimited",
"scope": null,
"trust": 0.8,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\u0027log",
"scope": null,
"trust": 0.6,
"vendor": "meteocontrol",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "57149dcc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03358"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008063"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-429"
},
{
"db": "NVD",
"id": "CVE-2016-4504"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:meteocontrol:web%27log_basic_100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:meteocontrol:web%27log_light",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:meteocontrol:web%27log_pro",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:meteocontrol:web%27log_pro_unlimited",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008063"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-429"
}
],
"trust": 0.6
},
"cve": "CVE-2016-4504",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-4504",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-03358",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "57149dcc-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-4504",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4504",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-4504",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-03358",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-429",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "57149dcc-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "57149dcc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03358"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008063"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-429"
},
{
"db": "NVD",
"id": "CVE-2016-4504"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB\u0027log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function. plural Meteocontrol WEB\u0027log The product contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Meteocontrol WEB\u0027log is a SCADA system from Meteocontrol, Germany, which provides different energy and power configuration management functions based on the Web using different connection (energy/industrial) equipment. A cross-site request forgery vulnerability exists in several Meteocontrol WEB\u0027log products. A remote attacker could exploit this vulnerability to perform unauthorized operations",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4504"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008063"
},
{
"db": "CNVD",
"id": "CNVD-2016-03358"
},
{
"db": "IVD",
"id": "57149dcc-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4504",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-16-133-01",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2016-03358",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201605-429",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008063",
"trust": 0.8
},
{
"db": "IVD",
"id": "57149DCC-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "57149dcc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03358"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008063"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-429"
},
{
"db": "NVD",
"id": "CVE-2016-4504"
}
]
},
"id": "VAR-201703-0231",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "57149dcc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03358"
}
],
"trust": 1.657142865
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "57149dcc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03358"
}
]
},
"last_update_date": "2025-04-20T23:13:26.276000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WEB\u0027LOG",
"trust": 0.8,
"url": "https://www.meteocontrol.com/en/industrial-line/data-logger-weblogs/weblog/"
},
{
"title": "Patches for multiple Meteocontrol WEB\u0027log products across site request forgery vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/76083"
},
{
"title": "Multiple Meteocontrol WEB\u0027log Repair measures for product cross-site request forgery vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61744"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03358"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008063"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-429"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008063"
},
{
"db": "NVD",
"id": "CVE-2016-4504"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-133-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4504"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4504"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03358"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008063"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-429"
},
{
"db": "NVD",
"id": "CVE-2016-4504"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "57149dcc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03358"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008063"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-429"
},
{
"db": "NVD",
"id": "CVE-2016-4504"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-20T00:00:00",
"db": "IVD",
"id": "57149dcc-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-05-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03358"
},
{
"date": "2017-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008063"
},
{
"date": "2016-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-429"
},
{
"date": "2017-03-21T16:59:00.163000",
"db": "NVD",
"id": "CVE-2016-4504"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03358"
},
{
"date": "2017-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008063"
},
{
"date": "2017-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-429"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-4504"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-429"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Meteocontrol WEB\u0027log Product cross-site request forgery vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008063"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-429"
}
],
"trust": 0.6
}
}
VAR-201605-0032
Vulnerability from variot - Updated: 2025-04-13 23:09Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors. plural meteocontrol WEB'log The product contains a vulnerability that allows it to obtain important plaintext information.A third party may obtain important plaintext information. Meteocontrol WEB'log is a SCADA system based on the Web that uses different connected devices to provide energy and power configuration management functions. Multiple Meteocontrol WEB'log products are prone to an information-disclosure vulnerability. Successful exploits will lead to other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0032",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web\\\u0027log pro unlimited",
"scope": "eq",
"trust": 1.6,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\\\u0027log light",
"scope": "eq",
"trust": 1.6,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\\\u0027log pro",
"scope": "eq",
"trust": 1.6,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\\\u0027log basic 100",
"scope": "eq",
"trust": 1.6,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\u0027log light",
"scope": null,
"trust": 1.4,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\u0027log basic 100",
"scope": null,
"trust": 0.8,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\u0027log pro",
"scope": null,
"trust": 0.8,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\u0027log pro unlimited",
"scope": null,
"trust": 0.8,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\u0027log basic",
"scope": "eq",
"trust": 0.6,
"vendor": "meteocontrol",
"version": "100"
},
{
"model": "web\u0027log propro unlimited",
"scope": null,
"trust": 0.6,
"vendor": "meteocontrol",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "web log basic 100",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "web log light",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "web log pro",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "web log pro unlimited",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "553312ae-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03190"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002744"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-375"
},
{
"db": "NVD",
"id": "CVE-2016-2298"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:meteocontrol:web%27log_basic_100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:meteocontrol:web%27log_light",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:meteocontrol:web%27log_pro",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:meteocontrol:web%27log_pro_unlimited",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002744"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "BID",
"id": "90629"
}
],
"trust": 0.3
},
"cve": "CVE-2016-2298",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-2298",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-03190",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "553312ae-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-2298",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2298",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-2298",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-03190",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-375",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "553312ae-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "553312ae-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03190"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002744"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-375"
},
{
"db": "NVD",
"id": "CVE-2016-2298"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Meteocontrol WEB\u0027log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors. plural meteocontrol WEB\u0027log The product contains a vulnerability that allows it to obtain important plaintext information.A third party may obtain important plaintext information. Meteocontrol WEB\u0027log is a SCADA system based on the Web that uses different connected devices to provide energy and power configuration management functions. Multiple Meteocontrol WEB\u0027log products are prone to an information-disclosure vulnerability. Successful exploits will lead to other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2298"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002744"
},
{
"db": "CNVD",
"id": "CNVD-2016-03190"
},
{
"db": "BID",
"id": "90629"
},
{
"db": "IVD",
"id": "553312ae-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2298",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-133-01",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2016-03190",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201605-375",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002744",
"trust": 0.8
},
{
"db": "BID",
"id": "90629",
"trust": 0.3
},
{
"db": "IVD",
"id": "553312AE-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "553312ae-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03190"
},
{
"db": "BID",
"id": "90629"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002744"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-375"
},
{
"db": "NVD",
"id": "CVE-2016-2298"
}
]
},
"id": "VAR-201605-0032",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "553312ae-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03190"
}
],
"trust": 1.70476191
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "553312ae-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03190"
}
]
},
"last_update_date": "2025-04-13T23:09:36.032000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WEB\u0027LOG",
"trust": 0.8,
"url": "http://www.meteocontrol.com/en/industrial-line/data-logger-weblogs/weblog/"
},
{
"title": "DOWNLOADS",
"trust": 0.8,
"url": "http://us.meteocontrol.com/downloads/"
},
{
"title": "Patch for Meteocontrol WEB\u0027log Information Disclosure Vulnerability (CNVD-2016-03190)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/75959"
},
{
"title": "Meteocontrol WEB\u0027log Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61693"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03190"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002744"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-375"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002744"
},
{
"db": "NVD",
"id": "CVE-2016-2298"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-133-01"
},
{
"trust": 1.0,
"url": "http://seclists.org/fulldisclosure/2016/may/52"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2298"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2298"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03190"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002744"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-375"
},
{
"db": "NVD",
"id": "CVE-2016-2298"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "553312ae-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03190"
},
{
"db": "BID",
"id": "90629"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002744"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-375"
},
{
"db": "NVD",
"id": "CVE-2016-2298"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-17T00:00:00",
"db": "IVD",
"id": "553312ae-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03190"
},
{
"date": "2016-05-12T00:00:00",
"db": "BID",
"id": "90629"
},
{
"date": "2016-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002744"
},
{
"date": "2016-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-375"
},
{
"date": "2016-05-14T16:59:04.243000",
"db": "NVD",
"id": "CVE-2016-2298"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03190"
},
{
"date": "2016-05-12T00:00:00",
"db": "BID",
"id": "90629"
},
{
"date": "2016-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002744"
},
{
"date": "2016-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-375"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-2298"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-375"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural meteocontrol WEB\u0027log Vulnerabilities in which important plaintext information is obtained in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002744"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-375"
}
],
"trust": 0.6
}
}
VAR-201605-0031
Vulnerability from variot - Updated: 2025-04-13 23:09Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature.". Meteocontrol WEB'log is a SCADA system based on the Web that uses different connected devices to provide energy and power configuration management functions. Multiple Meteocontrol WEB'log products are prone to a remote command-execution vulnerability. An attacker can execute arbitrary system commands within the context of the affected application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0031",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web\\\u0027log pro unlimited",
"scope": "eq",
"trust": 1.6,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\\\u0027log light",
"scope": "eq",
"trust": 1.6,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\\\u0027log pro",
"scope": "eq",
"trust": 1.6,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\\\u0027log basic 100",
"scope": "eq",
"trust": 1.6,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\u0027log light",
"scope": null,
"trust": 1.4,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\u0027log basic 100",
"scope": null,
"trust": 0.8,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\u0027log pro",
"scope": null,
"trust": 0.8,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\u0027log pro unlimited",
"scope": null,
"trust": 0.8,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\u0027log basic",
"scope": "eq",
"trust": 0.6,
"vendor": "meteocontrol",
"version": "100"
},
{
"model": "web\u0027log propro unlimited",
"scope": null,
"trust": 0.6,
"vendor": "meteocontrol",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "web log basic 100",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "web log light",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "web log pro",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "web log pro unlimited",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "55321782-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03196"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002743"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-374"
},
{
"db": "NVD",
"id": "CVE-2016-2297"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:meteocontrol:web%27log_basic_100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:meteocontrol:web%27log_light",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:meteocontrol:web%27log_pro",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:meteocontrol:web%27log_pro_unlimited",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002743"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "BID",
"id": "90632"
}
],
"trust": 0.3
},
"cve": "CVE-2016-2297",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 9.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-2297",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-03196",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "55321782-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-2297",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2297",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-2297",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-03196",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-374",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "55321782-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "55321782-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03196"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002743"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-374"
},
{
"db": "NVD",
"id": "CVE-2016-2297"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Meteocontrol WEB\u0027log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an \"access command shell-like feature.\". Meteocontrol WEB\u0027log is a SCADA system based on the Web that uses different connected devices to provide energy and power configuration management functions. Multiple Meteocontrol WEB\u0027log products are prone to a remote command-execution vulnerability. \nAn attacker can execute arbitrary system commands within the context of the affected application",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2297"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002743"
},
{
"db": "CNVD",
"id": "CNVD-2016-03196"
},
{
"db": "BID",
"id": "90632"
},
{
"db": "IVD",
"id": "55321782-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2297",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-133-01",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2016-03196",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201605-374",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002743",
"trust": 0.8
},
{
"db": "BID",
"id": "90632",
"trust": 0.3
},
{
"db": "IVD",
"id": "55321782-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "55321782-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03196"
},
{
"db": "BID",
"id": "90632"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002743"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-374"
},
{
"db": "NVD",
"id": "CVE-2016-2297"
}
]
},
"id": "VAR-201605-0031",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "55321782-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03196"
}
],
"trust": 1.70476191
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "55321782-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03196"
}
]
},
"last_update_date": "2025-04-13T23:09:35.996000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WEB\u0027LOG",
"trust": 0.8,
"url": "http://www.meteocontrol.com/en/industrial-line/data-logger-weblogs/weblog/"
},
{
"title": "DOWNLOADS",
"trust": 0.8,
"url": "http://us.meteocontrol.com/downloads/"
},
{
"title": "Meteocontrol WEB\u0027log patch for arbitrary command execution vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/75961"
},
{
"title": "Meteocontrol WEB\u0027log Fixes for arbitrary command execution vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61692"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03196"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002743"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-374"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2297"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-133-01"
},
{
"trust": 1.0,
"url": "http://seclists.org/fulldisclosure/2016/may/52"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2297"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2297"
},
{
"trust": 0.3,
"url": "http://www.meteocontrol.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03196"
},
{
"db": "BID",
"id": "90632"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002743"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-374"
},
{
"db": "NVD",
"id": "CVE-2016-2297"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "55321782-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03196"
},
{
"db": "BID",
"id": "90632"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002743"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-374"
},
{
"db": "NVD",
"id": "CVE-2016-2297"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-17T00:00:00",
"db": "IVD",
"id": "55321782-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03196"
},
{
"date": "2016-05-12T00:00:00",
"db": "BID",
"id": "90632"
},
{
"date": "2016-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002743"
},
{
"date": "2016-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-374"
},
{
"date": "2016-05-14T16:59:03.227000",
"db": "NVD",
"id": "CVE-2016-2297"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03196"
},
{
"date": "2016-07-06T14:41:00",
"db": "BID",
"id": "90632"
},
{
"date": "2016-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002743"
},
{
"date": "2016-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-374"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-2297"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-374"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Meteocontrol WEB\u0027log Arbitrary command execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "55321782-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03196"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-374"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-374"
}
],
"trust": 0.6
}
}
VAR-201605-0030
Vulnerability from variot - Updated: 2025-04-13 23:09Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. plural meteocontrol WEB'log Products, "post-admin" There is a vulnerability in which important information is obtained or data is changed because the login page is not required to be authenticated. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlA third party may obtain important information or change data. Meteocontrol WEB'log is a SCADA system based on the Web that uses different connected devices to provide energy and power configuration management functions. Multiple Meteocontrol WEB'log products are prone to an information-disclosure vulnerability. Successful exploits will lead to other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0030",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web\\\u0027log pro unlimited",
"scope": "eq",
"trust": 1.6,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\\\u0027log light",
"scope": "eq",
"trust": 1.6,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\\\u0027log pro",
"scope": "eq",
"trust": 1.6,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\\\u0027log basic 100",
"scope": "eq",
"trust": 1.6,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\u0027log light",
"scope": null,
"trust": 1.4,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\u0027log basic 100",
"scope": null,
"trust": 0.8,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\u0027log pro",
"scope": null,
"trust": 0.8,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\u0027log pro unlimited",
"scope": null,
"trust": 0.8,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\u0027log basic",
"scope": "eq",
"trust": 0.6,
"vendor": "meteocontrol",
"version": "100"
},
{
"model": "web\u0027log propro unlimited",
"scope": null,
"trust": 0.6,
"vendor": "meteocontrol",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "web log basic 100",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "web log light",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "web log pro",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "web log pro unlimited",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "5531494c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03195"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002742"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-373"
},
{
"db": "NVD",
"id": "CVE-2016-2296"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:meteocontrol:web%27log_basic_100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:meteocontrol:web%27log_light",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:meteocontrol:web%27log_pro",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:meteocontrol:web%27log_pro_unlimited",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002742"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "BID",
"id": "90638"
}
],
"trust": 0.3
},
"cve": "CVE-2016-2296",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-2296",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-03195",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "5531494c-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-2296",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2296",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-2296",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-03195",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-373",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "5531494c-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5531494c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03195"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002742"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-373"
},
{
"db": "NVD",
"id": "CVE-2016-2296"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Meteocontrol WEB\u0027log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for \"post-admin\" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. plural meteocontrol WEB\u0027log Products, \"post-admin\" There is a vulnerability in which important information is obtained or data is changed because the login page is not required to be authenticated. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlA third party may obtain important information or change data. Meteocontrol WEB\u0027log is a SCADA system based on the Web that uses different connected devices to provide energy and power configuration management functions. Multiple Meteocontrol WEB\u0027log products are prone to an information-disclosure vulnerability. Successful exploits will lead to other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2296"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002742"
},
{
"db": "CNVD",
"id": "CNVD-2016-03195"
},
{
"db": "BID",
"id": "90638"
},
{
"db": "IVD",
"id": "5531494c-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2296",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-133-01",
"trust": 3.3
},
{
"db": "EXPLOIT-DB",
"id": "39822",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2016-03195",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201605-373",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002742",
"trust": 0.8
},
{
"db": "BID",
"id": "90638",
"trust": 0.3
},
{
"db": "IVD",
"id": "5531494C-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "5531494c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03195"
},
{
"db": "BID",
"id": "90638"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002742"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-373"
},
{
"db": "NVD",
"id": "CVE-2016-2296"
}
]
},
"id": "VAR-201605-0030",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5531494c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03195"
}
],
"trust": 1.70476191
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "5531494c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03195"
}
]
},
"last_update_date": "2025-04-13T23:09:35.959000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WEB\u0027LOG",
"trust": 0.8,
"url": "http://www.meteocontrol.com/en/industrial-line/data-logger-weblogs/weblog/"
},
{
"title": "DOWNLOADS",
"trust": 0.8,
"url": "http://us.meteocontrol.com/downloads/"
},
{
"title": "Meteocontrol WEB\u0027log patch for information disclosure vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/75960"
},
{
"title": "Meteocontrol WEB\u0027log Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61691"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03195"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002742"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-373"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002742"
},
{
"db": "NVD",
"id": "CVE-2016-2296"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-133-01"
},
{
"trust": 1.0,
"url": "https://www.exploit-db.com/exploits/39822/"
},
{
"trust": 1.0,
"url": "http://seclists.org/fulldisclosure/2016/may/52"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2296"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2296"
},
{
"trust": 0.3,
"url": "http://www.meteocontrol.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03195"
},
{
"db": "BID",
"id": "90638"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002742"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-373"
},
{
"db": "NVD",
"id": "CVE-2016-2296"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5531494c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03195"
},
{
"db": "BID",
"id": "90638"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002742"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-373"
},
{
"db": "NVD",
"id": "CVE-2016-2296"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-17T00:00:00",
"db": "IVD",
"id": "5531494c-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03195"
},
{
"date": "2016-05-12T00:00:00",
"db": "BID",
"id": "90638"
},
{
"date": "2016-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002742"
},
{
"date": "2016-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-373"
},
{
"date": "2016-05-14T16:59:02.227000",
"db": "NVD",
"id": "CVE-2016-2296"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03195"
},
{
"date": "2016-07-06T14:41:00",
"db": "BID",
"id": "90638"
},
{
"date": "2016-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002742"
},
{
"date": "2016-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-373"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-2296"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-373"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Meteocontrol WEB\u0027log Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "5531494c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03195"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-373"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-373"
}
],
"trust": 0.6
}
}
CVE-2016-4504 (GCVE-0-2016-4504)
Vulnerability from nvd – Published: 2017-03-21 16:00 – Updated: 2024-08-06 00:32
VLAI
Summary
A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function.
Severity
No CVSS data available.
CWE
- CSRF
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Meteocontrol WEB'log |
Affected:
Meteocontrol WEB'log
|
Date Public
2017-03-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Meteocontrol WEB\u0027log",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Meteocontrol WEB\u0027log"
}
]
}
],
"datePublic": "2017-03-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB\u0027log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSRF",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-21T15:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-4504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Meteocontrol WEB\u0027log",
"version": {
"version_data": [
{
"version_value": "Meteocontrol WEB\u0027log"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB\u0027log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-4504",
"datePublished": "2017-03-21T16:00:00.000Z",
"dateReserved": "2016-05-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:32:25.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2298 (GCVE-0-2016-2298)
Vulnerability from nvd – Published: 2016-05-14 16:00 – Updated: 2024-08-05 23:24
VLAI
Summary
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2016/May/52 | mailing-listx_refsource_FULLDISC |
| https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01 | x_refsource_MISC |
Date Public
2016-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160517 [ICS] Meteocontrol WEB\u0027log Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/May/52"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Meteocontrol WEB\u0027log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T20:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "20160517 [ICS] Meteocontrol WEB\u0027log Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/May/52"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Meteocontrol WEB\u0027log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160517 [ICS] Meteocontrol WEB\u0027log Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/May/52"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-2298",
"datePublished": "2016-05-14T16:00:00.000Z",
"dateReserved": "2016-02-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2297 (GCVE-0-2016-2297)
Vulnerability from nvd – Published: 2016-05-14 16:00 – Updated: 2024-08-05 23:24
VLAI
Summary
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2016/May/52 | mailing-listx_refsource_FULLDISC |
| https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01 | x_refsource_MISC |
Date Public
2016-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160517 [ICS] Meteocontrol WEB\u0027log Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/May/52"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Meteocontrol WEB\u0027log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an \"access command shell-like feature.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T20:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "20160517 [ICS] Meteocontrol WEB\u0027log Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/May/52"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Meteocontrol WEB\u0027log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an \"access command shell-like feature.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160517 [ICS] Meteocontrol WEB\u0027log Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/May/52"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-2297",
"datePublished": "2016-05-14T16:00:00.000Z",
"dateReserved": "2016-02-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2296 (GCVE-0-2016-2296)
Vulnerability from nvd – Published: 2016-05-14 16:00 – Updated: 2024-08-05 23:24
VLAI
Summary
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2016/May/52 | mailing-listx_refsource_FULLDISC |
| https://www.exploit-db.com/exploits/39822/ | exploitx_refsource_EXPLOIT-DB |
| https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01 | x_refsource_MISC |
Date Public
2016-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160517 [ICS] Meteocontrol WEB\u0027log Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/May/52"
},
{
"name": "39822",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39822/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Meteocontrol WEB\u0027log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for \"post-admin\" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-06T09:57:02.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "20160517 [ICS] Meteocontrol WEB\u0027log Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/May/52"
},
{
"name": "39822",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39822/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Meteocontrol WEB\u0027log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for \"post-admin\" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160517 [ICS] Meteocontrol WEB\u0027log Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/May/52"
},
{
"name": "39822",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39822/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-2296",
"datePublished": "2016-05-14T16:00:00.000Z",
"dateReserved": "2016-02-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4504 (GCVE-0-2016-4504)
Vulnerability from cvelistv5 – Published: 2017-03-21 16:00 – Updated: 2024-08-06 00:32
VLAI
Summary
A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function.
Severity
No CVSS data available.
CWE
- CSRF
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Meteocontrol WEB'log |
Affected:
Meteocontrol WEB'log
|
Date Public
2017-03-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Meteocontrol WEB\u0027log",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Meteocontrol WEB\u0027log"
}
]
}
],
"datePublic": "2017-03-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB\u0027log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSRF",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-21T15:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-4504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Meteocontrol WEB\u0027log",
"version": {
"version_data": [
{
"version_value": "Meteocontrol WEB\u0027log"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB\u0027log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-4504",
"datePublished": "2017-03-21T16:00:00.000Z",
"dateReserved": "2016-05-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:32:25.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2298 (GCVE-0-2016-2298)
Vulnerability from cvelistv5 – Published: 2016-05-14 16:00 – Updated: 2024-08-05 23:24
VLAI
Summary
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2016/May/52 | mailing-listx_refsource_FULLDISC |
| https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01 | x_refsource_MISC |
Date Public
2016-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160517 [ICS] Meteocontrol WEB\u0027log Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/May/52"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Meteocontrol WEB\u0027log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T20:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "20160517 [ICS] Meteocontrol WEB\u0027log Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/May/52"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Meteocontrol WEB\u0027log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160517 [ICS] Meteocontrol WEB\u0027log Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/May/52"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-2298",
"datePublished": "2016-05-14T16:00:00.000Z",
"dateReserved": "2016-02-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2296 (GCVE-0-2016-2296)
Vulnerability from cvelistv5 – Published: 2016-05-14 16:00 – Updated: 2024-08-05 23:24
VLAI
Summary
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2016/May/52 | mailing-listx_refsource_FULLDISC |
| https://www.exploit-db.com/exploits/39822/ | exploitx_refsource_EXPLOIT-DB |
| https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01 | x_refsource_MISC |
Date Public
2016-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160517 [ICS] Meteocontrol WEB\u0027log Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/May/52"
},
{
"name": "39822",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39822/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Meteocontrol WEB\u0027log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for \"post-admin\" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-06T09:57:02.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "20160517 [ICS] Meteocontrol WEB\u0027log Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/May/52"
},
{
"name": "39822",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39822/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Meteocontrol WEB\u0027log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for \"post-admin\" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160517 [ICS] Meteocontrol WEB\u0027log Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/May/52"
},
{
"name": "39822",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39822/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-2296",
"datePublished": "2016-05-14T16:00:00.000Z",
"dateReserved": "2016-02-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2297 (GCVE-0-2016-2297)
Vulnerability from cvelistv5 – Published: 2016-05-14 16:00 – Updated: 2024-08-05 23:24
VLAI
Summary
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2016/May/52 | mailing-listx_refsource_FULLDISC |
| https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01 | x_refsource_MISC |
Date Public
2016-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160517 [ICS] Meteocontrol WEB\u0027log Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/May/52"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Meteocontrol WEB\u0027log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an \"access command shell-like feature.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T20:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "20160517 [ICS] Meteocontrol WEB\u0027log Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/May/52"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Meteocontrol WEB\u0027log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an \"access command shell-like feature.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160517 [ICS] Meteocontrol WEB\u0027log Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/May/52"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-2297",
"datePublished": "2016-05-14T16:00:00.000Z",
"dateReserved": "2016-02-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}