Find a vulnerability
Search criteria
8 vulnerabilities by scada
CVE-2025-4216 (GCVE-0-2025-4216)
Vulnerability from nvd – Published: 2025-06-14 08:23 – Updated: 2026-04-08 16:40- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Vendor | Product | Version | |
|---|---|---|---|
| scada | DIOT SCADA with MQTT |
Affected:
0 , ≤ 1.0.5.1
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4216",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T16:46:05.363497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T18:39:45.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DIOT SCADA with MQTT",
"vendor": "scada",
"versions": [
{
"lessThanOrEqual": "1.0.5.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gilang Asra Bilhadi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The DIOT SCADA with MQTT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s \u0027diot\u0027 shortcode in all versions up to, and including, 1.0.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:40:31.391Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1cf23d79-5bd3-4224-835d-174653ddd504?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ecava-diot-scada/trunk/includes/shortcodes.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-13T19:42:24.000Z",
"value": "Disclosed"
}
],
"title": "DIOT SCADA with MQTT \u003c= 1.0.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-4216",
"datePublished": "2025-06-14T08:23:22.614Z",
"dateReserved": "2025-05-02T12:53:43.180Z",
"dateUpdated": "2026-04-08T16:40:31.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4216 (GCVE-0-2025-4216)
Vulnerability from cvelistv5 – Published: 2025-06-14 08:23 – Updated: 2026-04-08 16:40- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Vendor | Product | Version | |
|---|---|---|---|
| scada | DIOT SCADA with MQTT |
Affected:
0 , ≤ 1.0.5.1
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4216",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-16T16:46:05.363497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T18:39:45.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DIOT SCADA with MQTT",
"vendor": "scada",
"versions": [
{
"lessThanOrEqual": "1.0.5.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gilang Asra Bilhadi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The DIOT SCADA with MQTT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s \u0027diot\u0027 shortcode in all versions up to, and including, 1.0.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:40:31.391Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1cf23d79-5bd3-4224-835d-174653ddd504?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ecava-diot-scada/trunk/includes/shortcodes.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-13T19:42:24.000Z",
"value": "Disclosed"
}
],
"title": "DIOT SCADA with MQTT \u003c= 1.0.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-4216",
"datePublished": "2025-06-14T08:23:22.614Z",
"dateReserved": "2025-05-02T12:53:43.180Z",
"dateUpdated": "2026-04-08T16:40:31.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
VAR-201708-1408
Vulnerability from variot - Updated: 2025-04-20 23:32An Uncontrolled Search Path Element issue was discovered in SIMPlight SCADA Software version 4.3.0.27 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to place a malicious DLL file within the search path resulting in execution of arbitrary code. SIMPlight SCADA The software contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SIMPlight SCADA is a building management system and automation equipment software. SIMPlight SCADA Software is prone to a local arbitrary code-execution vulnerability because it fails to sanitize user-supplied input. A local attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. SIMPlight SCADA Software 4.3.0.27 and prior versions are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1408",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scada",
"scope": "lte",
"trust": 1.8,
"vendor": "simplight",
"version": "4.3.0.27"
},
{
"model": "scada software",
"scope": "lte",
"trust": 0.6,
"vendor": "simplight",
"version": "\u003c=4.3.0.27"
},
{
"model": "scada",
"scope": "eq",
"trust": 0.6,
"vendor": "simplight",
"version": "4.3.0.27"
},
{
"model": "scada software",
"scope": "eq",
"trust": 0.3,
"vendor": "simplight",
"version": "4.3.0.27"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "3e61f582-ea7a-474a-a72f-c8ec0d1bd8ff"
},
{
"db": "CNVD",
"id": "CNVD-2017-22811"
},
{
"db": "BID",
"id": "100263"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007181"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-576"
},
{
"db": "NVD",
"id": "CVE-2017-9661"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:simplight:scada",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007181"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "BID",
"id": "100263"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9661",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2017-9661",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 1.9,
"id": "CNVD-2017-22811",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 1.9,
"id": "3e61f582-ea7a-474a-a72f-c8ec0d1bd8ff",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"id": "CVE-2017-9661",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9661",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9661",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-22811",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-576",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "3e61f582-ea7a-474a-a72f-c8ec0d1bd8ff",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "3e61f582-ea7a-474a-a72f-c8ec0d1bd8ff"
},
{
"db": "CNVD",
"id": "CNVD-2017-22811"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007181"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-576"
},
{
"db": "NVD",
"id": "CVE-2017-9661"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Uncontrolled Search Path Element issue was discovered in SIMPlight SCADA Software version 4.3.0.27 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to place a malicious DLL file within the search path resulting in execution of arbitrary code. SIMPlight SCADA The software contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SIMPlight SCADA is a building management system and automation equipment software. SIMPlight SCADA Software is prone to a local arbitrary code-execution vulnerability because it fails to sanitize user-supplied input. \nA local attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. \nSIMPlight SCADA Software 4.3.0.27 and prior versions are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9661"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007181"
},
{
"db": "CNVD",
"id": "CNVD-2017-22811"
},
{
"db": "BID",
"id": "100263"
},
{
"db": "IVD",
"id": "3e61f582-ea7a-474a-a72f-c8ec0d1bd8ff"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9661",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-222-01",
"trust": 3.3
},
{
"db": "BID",
"id": "100263",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-22811",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-576",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007181",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "37418",
"trust": 0.6
},
{
"db": "IVD",
"id": "3E61F582-EA7A-474A-A72F-C8EC0D1BD8FF",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "3e61f582-ea7a-474a-a72f-c8ec0d1bd8ff"
},
{
"db": "CNVD",
"id": "CNVD-2017-22811"
},
{
"db": "BID",
"id": "100263"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007181"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-576"
},
{
"db": "NVD",
"id": "CVE-2017-9661"
}
]
},
"id": "VAR-201708-1408",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "3e61f582-ea7a-474a-a72f-c8ec0d1bd8ff"
},
{
"db": "CNVD",
"id": "CNVD-2017-22811"
}
],
"trust": 1.55
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "3e61f582-ea7a-474a-a72f-c8ec0d1bd8ff"
},
{
"db": "CNVD",
"id": "CNVD-2017-22811"
}
]
},
"last_update_date": "2025-04-20T23:32:51.055000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://simplight.ru/"
},
{
"title": "SIMPlight SCADA Software DLL loads patches for native code execution vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/100824"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22811"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007181"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007181"
},
{
"db": "NVD",
"id": "CVE-2017-9661"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-222-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9661"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/100263"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9661"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/37418"
},
{
"trust": 0.3,
"url": "https://simplight.ru"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22811"
},
{
"db": "BID",
"id": "100263"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007181"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-576"
},
{
"db": "NVD",
"id": "CVE-2017-9661"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "3e61f582-ea7a-474a-a72f-c8ec0d1bd8ff"
},
{
"db": "CNVD",
"id": "CNVD-2017-22811"
},
{
"db": "BID",
"id": "100263"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007181"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-576"
},
{
"db": "NVD",
"id": "CVE-2017-9661"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "3e61f582-ea7a-474a-a72f-c8ec0d1bd8ff"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22811"
},
{
"date": "2017-08-10T00:00:00",
"db": "BID",
"id": "100263"
},
{
"date": "2017-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007181"
},
{
"date": "2017-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-576"
},
{
"date": "2017-08-14T16:29:00.380000",
"db": "NVD",
"id": "CVE-2017-9661"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22811"
},
{
"date": "2017-08-10T00:00:00",
"db": "BID",
"id": "100263"
},
{
"date": "2017-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007181"
},
{
"date": "2017-08-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-576"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9661"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-576"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SIMPlight SCADA Software DLL Load Local Code Execution Vulnerability",
"sources": [
{
"db": "IVD",
"id": "3e61f582-ea7a-474a-a72f-c8ec0d1bd8ff"
},
{
"db": "CNVD",
"id": "CNVD-2017-22811"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-576"
}
],
"trust": 0.6
}
}
VAR-201102-0181
Vulnerability from variot - Updated: 2025-04-11 23:04Stack-based buffer overflow in WTclient.dll in SCADA Engine BACnet OPC Client before 1.0.25 allows user-assisted remote attackers to execute arbitrary code via a crafted .csv file, related to a status log message. This vulnerability WTclient.dll Due to the library. SCADA is the data acquisition and monitoring control system. BACnet OPC Client is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will likely result in denial-of-service conditions. ----------------------------------------------------------------------
Windows Applications Insecure Library Loading
The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/
The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected.
TITLE: SCADA Engine BACnet OPC Client Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA41466
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41466/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41466
RELEASE DATE: 2010-09-18
DISCUSS ADVISORY: http://secunia.com/advisories/41466/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/41466/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=41466
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been discovered in SCADA Engine BACnet OPC Client, which can be exploited by malicious people to compromise a user's system. tricking a user into opening a specially crafted *.csv file.
The vulnerability is confirmed in version 1.0.24. Other versions may also be affected.
SOLUTION: Do not open untrusted files.
PROVIDED AND/OR DISCOVERED BY: Jeremy Brown
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201102-0181",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "engine bacnet opc client",
"scope": "eq",
"trust": 1.0,
"vendor": "scada",
"version": "1.0.24"
},
{
"model": "bacnet opc client",
"scope": "lte",
"trust": 1.0,
"vendor": "scadaengine",
"version": "1.0.24"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "scada engine",
"version": null
},
{
"model": "bacnet opc client",
"scope": "eq",
"trust": 0.8,
"vendor": "scada engine",
"version": "version 1.0.24"
},
{
"model": "bacnet opc client",
"scope": "eq",
"trust": 0.6,
"vendor": "scadaengine",
"version": "1.0.24"
}
],
"sources": [
{
"db": "IVD",
"id": "7d7a45c1-463f-11e9-bbb9-000c29342cb1"
},
{
"db": "IVD",
"id": "8cb14b48-1fae-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#660688"
},
{
"db": "CNVD",
"id": "CNVD-2010-2060"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001152"
},
{
"db": "CNNVD",
"id": "CNNVD-201102-232"
},
{
"db": "NVD",
"id": "CVE-2010-4740"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:scadaengine:bacnet_opc_client",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001152"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jeremy Brown",
"sources": [
{
"db": "BID",
"id": "43289"
},
{
"db": "CNNVD",
"id": "CNNVD-201102-232"
}
],
"trust": 0.9
},
"cve": "CVE-2010-4740",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2010-4740",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d7a45c1-463f-11e9-bbb9-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "8cb14b48-1fae-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-4740",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#660688",
"trust": 0.8,
"value": "3.22"
},
{
"author": "NVD",
"id": "CVE-2010-4740",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201102-232",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7d7a45c1-463f-11e9-bbb9-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "8cb14b48-1fae-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d7a45c1-463f-11e9-bbb9-000c29342cb1"
},
{
"db": "IVD",
"id": "8cb14b48-1fae-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#660688"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001152"
},
{
"db": "CNNVD",
"id": "CNNVD-201102-232"
},
{
"db": "NVD",
"id": "CVE-2010-4740"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in WTclient.dll in SCADA Engine BACnet OPC Client before 1.0.25 allows user-assisted remote attackers to execute arbitrary code via a crafted .csv file, related to a status log message. This vulnerability WTclient.dll Due to the library. SCADA is the data acquisition and monitoring control system. BACnet OPC Client is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will likely result in denial-of-service conditions. ----------------------------------------------------------------------\n\n\nWindows Applications Insecure Library Loading\n\nThe Official, Verified Secunia List:\nhttp://secunia.com/advisories/windows_insecure_library_loading/\n\nThe list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. \n\n\n----------------------------------------------------------------------\n\nTITLE:\nSCADA Engine BACnet OPC Client Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA41466\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/41466/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41466\n\nRELEASE DATE:\n2010-09-18\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/41466/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/41466/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41466\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been discovered in SCADA Engine BACnet OPC\nClient, which can be exploited by malicious people to compromise a\nuser\u0027s system. tricking a user into opening a\nspecially crafted *.csv file. \n\nThe vulnerability is confirmed in version 1.0.24. Other versions may\nalso be affected. \n\nSOLUTION:\nDo not open untrusted files. \n\nPROVIDED AND/OR DISCOVERED BY:\nJeremy Brown\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-4740"
},
{
"db": "CERT/CC",
"id": "VU#660688"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001152"
},
{
"db": "CNVD",
"id": "CNVD-2010-2060"
},
{
"db": "BID",
"id": "43289"
},
{
"db": "IVD",
"id": "7d7a45c1-463f-11e9-bbb9-000c29342cb1"
},
{
"db": "IVD",
"id": "8cb14b48-1fae-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "93978"
}
],
"trust": 3.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "41466",
"trust": 3.9
},
{
"db": "BID",
"id": "43289",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-10-264-01",
"trust": 3.2
},
{
"db": "CERT/CC",
"id": "VU#660688",
"trust": 3.2
},
{
"db": "NVD",
"id": "CVE-2010-4740",
"trust": 2.7
},
{
"db": "CNVD",
"id": "CNVD-2010-2060",
"trust": 1.0
},
{
"db": "SREASON",
"id": "8083",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001152",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201102-232",
"trust": 0.6
},
{
"db": "IVD",
"id": "7D7A45C1-463F-11E9-BBB9-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "8CB14B48-1FAE-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "93978",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d7a45c1-463f-11e9-bbb9-000c29342cb1"
},
{
"db": "IVD",
"id": "8cb14b48-1fae-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#660688"
},
{
"db": "CNVD",
"id": "CNVD-2010-2060"
},
{
"db": "BID",
"id": "43289"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001152"
},
{
"db": "PACKETSTORM",
"id": "93978"
},
{
"db": "CNNVD",
"id": "CNNVD-201102-232"
},
{
"db": "NVD",
"id": "CVE-2010-4740"
}
]
},
"id": "VAR-201102-0181",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d7a45c1-463f-11e9-bbb9-000c29342cb1"
},
{
"db": "IVD",
"id": "8cb14b48-1fae-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2010-2060"
}
],
"trust": 1.84375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d7a45c1-463f-11e9-bbb9-000c29342cb1"
},
{
"db": "IVD",
"id": "8cb14b48-1fae-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2010-2060"
}
]
},
"last_update_date": "2025-04-11T23:04:23.321000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Distributors",
"trust": 0.8,
"url": "http://www.scadaengine.com/distributor.html"
},
{
"title": "SCADA Engine - Downloads",
"trust": 0.8,
"url": "http://www.scadaengine.com/downloads.html"
},
{
"title": "SCADA Engine - Home",
"trust": 0.8,
"url": "http://www.scadaengine.com/index.html"
},
{
"title": "Patch for SCADA Engine BACnet OPC Client Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/3032"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-2060"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001152"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001152"
},
{
"db": "NVD",
"id": "CVE-2010-4740"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://www.securityfocus.com/bid/43289"
},
{
"trust": 3.2,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-10-264-01.pdf"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/41466"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/660688"
},
{
"trust": 1.6,
"url": "http://packetstormsecurity.org/1009-exploits/bacnet-overflow.py.txt"
},
{
"trust": 1.5,
"url": "http://secunia.com/advisories/41466/"
},
{
"trust": 1.0,
"url": "http://securityreason.com/securityalert/8083"
},
{
"trust": 0.8,
"url": "http://www.scadaengine.com/software1.html"
},
{
"trust": 0.8,
"url": "http://www.scadaengine.com/downloads.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4740"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu660688"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4740"
},
{
"trust": 0.3,
"url": "http://www.scadaengine.com/software7.html"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=41466"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/41466/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/windows_insecure_library_loading/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#660688"
},
{
"db": "CNVD",
"id": "CNVD-2010-2060"
},
{
"db": "BID",
"id": "43289"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001152"
},
{
"db": "PACKETSTORM",
"id": "93978"
},
{
"db": "CNNVD",
"id": "CNNVD-201102-232"
},
{
"db": "NVD",
"id": "CVE-2010-4740"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d7a45c1-463f-11e9-bbb9-000c29342cb1"
},
{
"db": "IVD",
"id": "8cb14b48-1fae-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#660688"
},
{
"db": "CNVD",
"id": "CNVD-2010-2060"
},
{
"db": "BID",
"id": "43289"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001152"
},
{
"db": "PACKETSTORM",
"id": "93978"
},
{
"db": "CNNVD",
"id": "CNNVD-201102-232"
},
{
"db": "NVD",
"id": "CVE-2010-4740"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-09-19T00:00:00",
"db": "IVD",
"id": "7d7a45c1-463f-11e9-bbb9-000c29342cb1"
},
{
"date": "2010-09-19T00:00:00",
"db": "IVD",
"id": "8cb14b48-1fae-11e6-abef-000c29c66e3d"
},
{
"date": "2011-02-03T00:00:00",
"db": "CERT/CC",
"id": "VU#660688"
},
{
"date": "2010-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-2060"
},
{
"date": "2010-09-16T00:00:00",
"db": "BID",
"id": "43289"
},
{
"date": "2011-03-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001152"
},
{
"date": "2010-09-18T10:27:24",
"db": "PACKETSTORM",
"id": "93978"
},
{
"date": "2011-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201102-232"
},
{
"date": "2011-02-16T03:00:03.633000",
"db": "NVD",
"id": "CVE-2010-4740"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-02-03T00:00:00",
"db": "CERT/CC",
"id": "VU#660688"
},
{
"date": "2010-09-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-2060"
},
{
"date": "2011-02-16T06:29:00",
"db": "BID",
"id": "43289"
},
{
"date": "2011-03-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001152"
},
{
"date": "2011-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201102-232"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2010-4740"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201102-232"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SCADA engine BACnet OPC Client Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d7a45c1-463f-11e9-bbb9-000c29342cb1"
},
{
"db": "IVD",
"id": "8cb14b48-1fae-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#660688"
},
{
"db": "CNVD",
"id": "CNVD-2010-2060"
}
],
"trust": 1.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "7d7a45c1-463f-11e9-bbb9-000c29342cb1"
},
{
"db": "IVD",
"id": "8cb14b48-1fae-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201102-232"
}
],
"trust": 1.0
}
}
VAR-201806-1263
Vulnerability from variot - Updated: 2024-11-23 22:12CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs. CirCarLife Scada Contains an input validation vulnerability.Information may be tampered with. Circontrol CirCarLife Scada is a parking lot automation management system from Circontrol, Spain. A security vulnerability exists in Circontrol CirCarLife Scada version 4.2.4. An attacker could exploit the vulnerability to disclose sensitive information by sending a request to the html/upgrade.html and services/system/firmware.upgrade URIs
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-1263",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scada",
"scope": "eq",
"trust": 1.6,
"vendor": "circontrol",
"version": "4.2.4"
},
{
"model": "circarlife scada",
"scope": "eq",
"trust": 0.8,
"vendor": "circontrol s a",
"version": "4.2.4"
},
{
"model": "circarlife scada",
"scope": "eq",
"trust": 0.6,
"vendor": "circontrol",
"version": "4.2.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada",
"version": "4.2.4"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f4b6b1-39ab-11e9-8b68-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11983"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006526"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-1090"
},
{
"db": "NVD",
"id": "CVE-2018-12635"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:circontrol:scada",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006526"
}
]
},
"cve": "CVE-2018-12635",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-12635",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-11983",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2f4b6b1-39ab-11e9-8b68-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-12635",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-12635",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-12635",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-11983",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-1090",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2f4b6b1-39ab-11e9-8b68-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f4b6b1-39ab-11e9-8b68-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11983"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006526"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-1090"
},
{
"db": "NVD",
"id": "CVE-2018-12635"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs. CirCarLife Scada Contains an input validation vulnerability.Information may be tampered with. Circontrol CirCarLife Scada is a parking lot automation management system from Circontrol, Spain. A security vulnerability exists in Circontrol CirCarLife Scada version 4.2.4. An attacker could exploit the vulnerability to disclose sensitive information by sending a request to the html/upgrade.html and services/system/firmware.upgrade URIs",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12635"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006526"
},
{
"db": "CNVD",
"id": "CNVD-2018-11983"
},
{
"db": "IVD",
"id": "e2f4b6b1-39ab-11e9-8b68-000c29342cb1"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12635",
"trust": 3.2
},
{
"db": "SEEBUG",
"id": "SSVID-97353",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2018-11983",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-1090",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006526",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F4B6B1-39AB-11E9-8B68-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f4b6b1-39ab-11e9-8b68-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11983"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006526"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-1090"
},
{
"db": "NVD",
"id": "CVE-2018-12635"
}
]
},
"id": "VAR-201806-1263",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f4b6b1-39ab-11e9-8b68-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11983"
}
],
"trust": 1.37051283
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f4b6b1-39ab-11e9-8b68-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11983"
}
]
},
"last_update_date": "2024-11-23T22:12:30.480000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CirCarLife",
"trust": 0.8,
"url": "http://circontrol.com/intelligent-charging-solutions/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006526"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006526"
},
{
"db": "NVD",
"id": "CVE-2018-12635"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.seebug.org/vuldb/ssvid-97353"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12635"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12635"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11983"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006526"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-1090"
},
{
"db": "NVD",
"id": "CVE-2018-12635"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f4b6b1-39ab-11e9-8b68-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11983"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006526"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-1090"
},
{
"db": "NVD",
"id": "CVE-2018-12635"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-25T00:00:00",
"db": "IVD",
"id": "e2f4b6b1-39ab-11e9-8b68-000c29342cb1"
},
{
"date": "2018-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11983"
},
{
"date": "2018-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006526"
},
{
"date": "2018-06-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-1090"
},
{
"date": "2018-06-22T00:29:00.377000",
"db": "NVD",
"id": "CVE-2018-12635"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11983"
},
{
"date": "2018-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006526"
},
{
"date": "2018-06-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-1090"
},
{
"date": "2024-11-21T03:45:35.293000",
"db": "NVD",
"id": "CVE-2018-12635"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-1090"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CirCarLife Scada Unauthorized upgrade vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2f4b6b1-39ab-11e9-8b68-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11983"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "e2f4b6b1-39ab-11e9-8b68-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-1090"
}
],
"trust": 0.8
}
}
VAR-201908-1829
Vulnerability from variot - Updated: 2024-11-23 21:36A type confusion vulnerability may be exploited when LAquis SCADA 4.3.1.71 processes a specially crafted project file. This may allow an attacker to execute remote code. The attacker must have local access to the system. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). LAquis SCADA Contains an illegal type conversion vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. A security vulnerability exists in the LCDS LAquis SCADA version 4.3.1.71
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "laquis scada",
"scope": "eq",
"trust": 1.4,
"vendor": "lcds",
"version": "4.3.1.71"
},
{
"_id": null,
"model": "scada",
"scope": "eq",
"trust": 1.0,
"vendor": "laquisscada",
"version": "4.3.1.71"
},
{
"_id": null,
"model": "scada",
"scope": null,
"trust": 0.7,
"vendor": "laquis",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada",
"version": "4.3.1.71"
}
],
"sources": [
{
"db": "IVD",
"id": "946f2366-28b8-45eb-a406-6894c7dfd9ed"
},
{
"db": "ZDI",
"id": "ZDI-19-689"
},
{
"db": "CNVD",
"id": "CNVD-2019-28110"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007542"
},
{
"db": "NVD",
"id": "CVE-2019-10980"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lcds:laquis_scada",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007542"
}
]
},
"credits": {
"_id": null,
"data": "Francis Provencher {PRL}",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-689"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-141"
}
],
"trust": 1.3
},
"cve": "CVE-2019-10980",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-10980",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-28110",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "946f2366-28b8-45eb-a406-6894c7dfd9ed",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-10980",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-10980",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-10980",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-10980",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-10980",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2019-10980",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-28110",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-141",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "946f2366-28b8-45eb-a406-6894c7dfd9ed",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "946f2366-28b8-45eb-a406-6894c7dfd9ed"
},
{
"db": "ZDI",
"id": "ZDI-19-689"
},
{
"db": "CNVD",
"id": "CNVD-2019-28110"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007542"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-141"
},
{
"db": "NVD",
"id": "CVE-2019-10980"
}
]
},
"description": {
"_id": null,
"data": "A type confusion vulnerability may be exploited when LAquis SCADA 4.3.1.71 processes a specially crafted project file. This may allow an attacker to execute remote code. The attacker must have local access to the system. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). LAquis SCADA Contains an illegal type conversion vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. A security vulnerability exists in the LCDS LAquis SCADA version 4.3.1.71",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10980"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007542"
},
{
"db": "ZDI",
"id": "ZDI-19-689"
},
{
"db": "CNVD",
"id": "CNVD-2019-28110"
},
{
"db": "IVD",
"id": "946f2366-28b8-45eb-a406-6894c7dfd9ed"
}
],
"trust": 2.97
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-10980",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-19-213-06",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-689",
"trust": 1.3
},
{
"db": "AUSCERT",
"id": "ESB-2019.2899",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2019-28110",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-141",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007542",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8200",
"trust": 0.7
},
{
"db": "IVD",
"id": "946F2366-28B8-45EB-A406-6894C7DFD9ED",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "946f2366-28b8-45eb-a406-6894c7dfd9ed"
},
{
"db": "ZDI",
"id": "ZDI-19-689"
},
{
"db": "CNVD",
"id": "CNVD-2019-28110"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007542"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-141"
},
{
"db": "NVD",
"id": "CVE-2019-10980"
}
]
},
"id": "VAR-201908-1829",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "946f2366-28b8-45eb-a406-6894c7dfd9ed"
},
{
"db": "CNVD",
"id": "CNVD-2019-28110"
}
],
"trust": 1.3507122
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "946f2366-28b8-45eb-a406-6894c7dfd9ed"
},
{
"db": "CNVD",
"id": "CNVD-2019-28110"
}
]
},
"last_update_date": "2024-11-23T21:36:56.050000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://laquisscada.com/"
},
{
"title": "LAquis has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-06"
},
{
"title": "LCDS LAquis SCADA Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/176007"
},
{
"title": "LCDS LAquis SCADA Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95903"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-689"
},
{
"db": "CNVD",
"id": "CNVD-2019-28110"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007542"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-141"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-843",
"trust": 1.0
},
{
"problemtype": "CWE-704",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007542"
},
{
"db": "NVD",
"id": "CVE-2019-10980"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.1,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-06"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10980"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2899/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10980"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-689/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-689"
},
{
"db": "CNVD",
"id": "CNVD-2019-28110"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007542"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-141"
},
{
"db": "NVD",
"id": "CVE-2019-10980"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "946f2366-28b8-45eb-a406-6894c7dfd9ed",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-689",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2019-28110",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007542",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201908-141",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-10980",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-08-20T00:00:00",
"db": "IVD",
"id": "946f2366-28b8-45eb-a406-6894c7dfd9ed",
"ident": null
},
{
"date": "2019-08-05T00:00:00",
"db": "ZDI",
"id": "ZDI-19-689",
"ident": null
},
{
"date": "2019-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-28110",
"ident": null
},
{
"date": "2019-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007542",
"ident": null
},
{
"date": "2019-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-141",
"ident": null
},
{
"date": "2019-08-05T19:15:11.117000",
"db": "NVD",
"id": "CVE-2019-10980",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-08-05T00:00:00",
"db": "ZDI",
"id": "ZDI-19-689",
"ident": null
},
{
"date": "2019-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-28110",
"ident": null
},
{
"date": "2019-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007542",
"ident": null
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-141",
"ident": null
},
{
"date": "2024-11-21T04:20:17.320000",
"db": "NVD",
"id": "CVE-2019-10980",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-141"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "LCDS LAquis SCADA Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "946f2366-28b8-45eb-a406-6894c7dfd9ed"
},
{
"db": "CNVD",
"id": "CNVD-2019-28110"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "946f2366-28b8-45eb-a406-6894c7dfd9ed"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-141"
}
],
"trust": 0.8
}
}
VAR-201908-1839
Vulnerability from variot - Updated: 2024-11-23 21:36Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds read, which may allow an attacker to obtain sensitive information. The attacker must have local access to the system. A CVSS v3 base score of 2.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). LAquis SCADA Contains an out-of-bounds vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. A buffer overflow vulnerability exists in the LCDS LAquis SCADA version 4.3.1.71. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-1839",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "laquis scada",
"scope": "eq",
"trust": 1.4,
"vendor": "lcds",
"version": "4.3.1.71"
},
{
"model": "scada",
"scope": "eq",
"trust": 1.0,
"vendor": "laquisscada",
"version": "4.3.1.71"
},
{
"model": "scada",
"scope": null,
"trust": 0.7,
"vendor": "laquis",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scada",
"version": "4.3.1.71"
}
],
"sources": [
{
"db": "IVD",
"id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
},
{
"db": "ZDI",
"id": "ZDI-19-688"
},
{
"db": "CNVD",
"id": "CNVD-2019-28113"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007543"
},
{
"db": "NVD",
"id": "CVE-2019-10994"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lcds:laquis_scada",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007543"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Francis Provencher {PRL}",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-688"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-143"
}
],
"trust": 1.3
},
"cve": "CVE-2019-10994",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-10994",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-28113",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "82947e4f-7b47-4a27-8c05-80e16eed7572",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2019-10994",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.0,
"id": "CVE-2019-10994",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-10994",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2019-10994",
"trust": 0.8,
"value": "Low"
},
{
"author": "ZDI",
"id": "CVE-2019-10994",
"trust": 0.7,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2019-28113",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-143",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "82947e4f-7b47-4a27-8c05-80e16eed7572",
"trust": 0.2,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
},
{
"db": "ZDI",
"id": "ZDI-19-688"
},
{
"db": "CNVD",
"id": "CNVD-2019-28113"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007543"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-143"
},
{
"db": "NVD",
"id": "CVE-2019-10994"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds read, which may allow an attacker to obtain sensitive information. The attacker must have local access to the system. A CVSS v3 base score of 2.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). LAquis SCADA Contains an out-of-bounds vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of LQS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. A buffer overflow vulnerability exists in the LCDS LAquis SCADA version 4.3.1.71. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10994"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007543"
},
{
"db": "ZDI",
"id": "ZDI-19-688"
},
{
"db": "CNVD",
"id": "CNVD-2019-28113"
},
{
"db": "IVD",
"id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10994",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-19-213-06",
"trust": 3.0
},
{
"db": "ZDI",
"id": "ZDI-19-688",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2019-28113",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-143",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007543",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8198",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.2899",
"trust": 0.6
},
{
"db": "IVD",
"id": "82947E4F-7B47-4A27-8C05-80E16EED7572",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
},
{
"db": "ZDI",
"id": "ZDI-19-688"
},
{
"db": "CNVD",
"id": "CNVD-2019-28113"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007543"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-143"
},
{
"db": "NVD",
"id": "CVE-2019-10994"
}
]
},
"id": "VAR-201908-1839",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
},
{
"db": "CNVD",
"id": "CNVD-2019-28113"
}
],
"trust": 1.3507122
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
},
{
"db": "CNVD",
"id": "CNVD-2019-28113"
}
]
},
"last_update_date": "2024-11-23T21:36:56.015000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://laquisscada.com/"
},
{
"title": "LAquis has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-06"
},
{
"title": "Patch for LCDS LAquis SCADA Buffer Overflow Vulnerability (CNVD-2019-28113)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/176009"
},
{
"title": "LCDS LAquis SCADA Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95905"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-688"
},
{
"db": "CNVD",
"id": "CNVD-2019-28113"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007543"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-143"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007543"
},
{
"db": "NVD",
"id": "CVE-2019-10994"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-06"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10994"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10994"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2899/"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-688/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-688"
},
{
"db": "CNVD",
"id": "CNVD-2019-28113"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007543"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-143"
},
{
"db": "NVD",
"id": "CVE-2019-10994"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
},
{
"db": "ZDI",
"id": "ZDI-19-688"
},
{
"db": "CNVD",
"id": "CNVD-2019-28113"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007543"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-143"
},
{
"db": "NVD",
"id": "CVE-2019-10994"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-20T00:00:00",
"db": "IVD",
"id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
},
{
"date": "2019-08-05T00:00:00",
"db": "ZDI",
"id": "ZDI-19-688"
},
{
"date": "2019-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-28113"
},
{
"date": "2019-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007543"
},
{
"date": "2019-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-143"
},
{
"date": "2019-08-05T19:15:11.193000",
"db": "NVD",
"id": "CVE-2019-10994"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-05T00:00:00",
"db": "ZDI",
"id": "ZDI-19-688"
},
{
"date": "2019-08-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-28113"
},
{
"date": "2019-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007543"
},
{
"date": "2019-08-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-143"
},
{
"date": "2024-11-21T04:20:18.880000",
"db": "NVD",
"id": "CVE-2019-10994"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-143"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LAquis SCADA Vulnerable to out-of-bounds reading",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007543"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "82947e4f-7b47-4a27-8c05-80e16eed7572"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-143"
}
],
"trust": 0.8
}
}
VAR-201704-1594
Vulnerability from variot - Updated: 2022-05-17 02:08The SCADA system is a data acquisition and monitoring control system. BACnetOPCServer is the server software of SCADA engine.
The BACnSvrTest.exe component of the BACnetOPCServer software has a DLL hijacking vulnerability due to the insecure loading of library files. An attacker can construct a malicious application and place it in a specific path to make the application maliciously load the DLL and execute arbitrary commands. DLL , Execute any command
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-1594",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bacnetopcserver",
"scope": "eq",
"trust": 0.8,
"vendor": "scada",
"version": "2.1.371.24"
}
],
"sources": [
{
"db": "IVD",
"id": "d8c72433-e51b-4f53-b34f-df873cd4e910"
},
{
"db": "CNVD",
"id": "CNVD-2017-04198"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CNVD-2017-04198",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "d8c72433-e51b-4f53-b34f-df873cd4e910",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2017-04198",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "d8c72433-e51b-4f53-b34f-df873cd4e910",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "d8c72433-e51b-4f53-b34f-df873cd4e910"
},
{
"db": "CNVD",
"id": "CNVD-2017-04198"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The SCADA system is a data acquisition and monitoring control system. BACnetOPCServer is the server software of SCADA engine. \n\nThe BACnSvrTest.exe component of the BACnetOPCServer software has a DLL hijacking vulnerability due to the insecure loading of library files. An attacker can construct a malicious application and place it in a specific path to make the application maliciously load the DLL and execute arbitrary commands. DLL , Execute any command",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04198"
},
{
"db": "IVD",
"id": "d8c72433-e51b-4f53-b34f-df873cd4e910"
}
],
"trust": 0.72
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-04198",
"trust": 0.8
},
{
"db": "IVD",
"id": "D8C72433-E51B-4F53-B34F-DF873CD4E910",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "d8c72433-e51b-4f53-b34f-df873cd4e910"
},
{
"db": "CNVD",
"id": "CNVD-2017-04198"
}
]
},
"id": "VAR-201704-1594",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "d8c72433-e51b-4f53-b34f-df873cd4e910"
},
{
"db": "CNVD",
"id": "CNVD-2017-04198"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "d8c72433-e51b-4f53-b34f-df873cd4e910"
},
{
"db": "CNVD",
"id": "CNVD-2017-04198"
}
]
},
"last_update_date": "2022-05-17T02:08:58.258000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SCADA engine BACnetOPCServer has dll hijacking vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/91557"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04198"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "d8c72433-e51b-4f53-b34f-df873cd4e910"
},
{
"db": "CNVD",
"id": "CNVD-2017-04198"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-11T00:00:00",
"db": "IVD",
"id": "d8c72433-e51b-4f53-b34f-df873cd4e910"
},
{
"date": "2017-05-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04198"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04198"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SCADA engine BACnetOPCServer has dll hijacking vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04198"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code injection",
"sources": [
{
"db": "IVD",
"id": "d8c72433-e51b-4f53-b34f-df873cd4e910"
}
],
"trust": 0.2
}
}