VAR-200902-0500
Vulnerability from variot - Updated: 2025-04-10 22:26GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified program module. Vulnerabilities in the way GE Fanuc iFIX handles authentication could allow a remote attacker to log on to the system with elevated privileges. Microsoft Windows fails to properly handle the NoDriveTypeAutoRun registry value, which may prevent Windows from effectively disabling AutoRun and AutoPlay features. GE Fanuc iFIX Is Human Machine Interface With components, Microsoft Windows CE , NT , 2000 , Server 2003 , XP and Vista Work on SCADA client / Server software. iFIX Vulnerabilities exist in authentication. The user name and password are stored in a local file on the client side, and the password is encrypted with a low-strength algorithm. GE Fanuc according to: Attackers can gain copies of this file in two ways. The first way requires that an attacker have an interactive session with the computer containing the file, such as a direct login, or through a remote terminal session, VNC, or some other remote session providing access to a command shell. Using the shell, the attacker can simply copy the file and extract the passwords at some later point. Another way an attacker can gain access to this file is by intercepting the file over the network. This can occur if the file is shared between two computers using Microsoft WindowsR network sharing. In this case, an attacker may be able to recreate the file by using a network sniffer to monitor network traffic between them. iFIX Since authentication is performed within the client, an attacker could tamper and replace the authentication module. GE Fanuc according to: Authentication and authorization of users are implemented through certain program modules. These modules can be modified at the binary level to bypass user authentication. To exploit this type of attack, an attacker needs to be able to launch unauthorized applications from an interactive shell. Also, iFIX Is Technical Cyber Security Alert TA09-020A Published on “Microsoft Windows Notes on disabling the auto-execution function ” There is a possibility of being affected. Any code executed using the auto-execution function iFIX Enviroment Protection May result in the authentication module being tampered with and replaced.An attacker could gain access to a file containing authentication information or intercept network traffic. As a result, by the attacker iFIX Unauthorized access to the system is possible. GE Fanuc iFIX 5.0 are earlier are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA09-020A
Microsoft Windows Does Not Disable AutoRun Properly
Original release date: January 20, 2009 Last revised: -- Source: US-CERT
Systems Affected
* Microsoft Windows
Overview
Disabling AutoRun on Microsoft Windows systems can help prevent the spread of malicious code. However, Microsoft's guidelines for disabling AutoRun are not fully effective, which could be considered a vulnerability.
I. Description
Microsoft Windows includes an AutoRun feature, which can automatically run code when removable devices are connected to the computer. AutoRun (and the closely related AutoPlay) can unexpectedly cause arbitrary code execution in the following situations:
-
A removable device is connected to a computer. This includes, but is not limited to, inserting a CD or DVD, connecting a USB or Firewire device, or mapping a network drive. This connection can result in code execution without any additional user interaction.
-
A user clicks the drive icon for a removable device in Windows Explorer. Rather than exploring the drive's contents, this action can cause code execution.
-
The user selects an option from the AutoPlay dialog that is displayed when a removable device is connected. Malicious software, such as W32.Downadup, is using AutoRun to spread. Disabling AutoRun, as specified in the CERT/CC Vulnerability Analysis blog, is an effective way of helping to prevent the spread of malicious code. It will, however, disable Media Change Notification (MCN) messages, which may prevent Windows from detecting when a CD or DVD is changed.
II. Impact
By placing an Autorun.inf file on a device, an attacker may be able to automatically execute arbitrary code when the device is connected to a Windows system. Code execution may also take place when the user attempts to browse to the software location with Windows Explorer.
III. We recommend restarting Windows after making the registry change so that any cached mount points are reinitialized in a way that ignores the Autorun.inf file. Alternatively, the following registry key may be deleted:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
Once these changes have been made, all of the AutoRun code execution scenarios described above will be mitigated because Windows will no longer parse Autorun.inf files to determine which actions to take. Further details are available in the CERT/CC Vulnerability Analysis blog. Thanks to Nick Brown and Emin Atac for providing the workaround.
IV. References
-
The Dangers of Windows AutoRun - http://www.cert.org/blogs/vuls/2008/04/the_dangers_of_windows_autorun.html
-
US-CERT Vulnerability Note VU#889747 - http://www.kb.cert.org/vuls/id/889747
-
Nick Brown's blog: Memory stick worms - http://nick.brown.free.fr/blog/2007/10/memory-stick-worms
-
TR08-004 Disabling Autorun - http://www.publicsafety.gc.ca/prg/em/ccirc/2008/tr08-004-eng.aspx
-
How to Enable or Disable Automatically Running CD-ROMs - http://support.microsoft.com/kb/155217
-
NoDriveTypeAutoRun - http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/91525.mspx
-
Autorun.inf Entries - http://msdn.microsoft.com/en-us/library/bb776823(VS.85).aspx
-
W32.Downadup - http://www.symantec.com/security_response/writeup.jsp?docid=2008-112203-2408-99
-
MS08-067 Worm, Downadup/Conflicker - http://www.f-secure.com/weblog/archives/00001576.html
-
Social Engineering Autoplay and Windows 7 - http://www.f-secure.com/weblog/archives/00001586.html
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-020A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-020A Feedback VU#889747" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
January 20, 2009: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSXYqQnIHljM+H4irAQL9EAgAwE5XWd+83CTwTl1vAbDW3sNfCaucmj79 VmXJ+GktQorbcp29fktYaQxXZ2A6qBREJ1FfwlM5BT0WftvGppLoQcQO3vbbwEQF M0VG5xZhTOi8tf4nedBDgDj0ENJBgh6C73G5uZfVatQdFi79TFkf9SVe6xn5BkQm 5kKsly0d/CX/te15zZLd05AJVEVilbZcECUeDVAYDvWcQSkx2OsJFb+WkuWI9Loh zkB7uOeZFY9bgrC04nr9DPHpaPFd8KCXegsxjqN1nIraaCabfvNamriqyUFHwAhK sk/DFSjdI6xJ4fXjDQ77wfgLYyTeYQ/b2U/1sqkbOTdCgXqSop5RrA== =6/cp -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: Windows Vista "NoDriveTypeAutoRun" Security Issue
SECUNIA ADVISORY ID: SA29458
VERIFY ADVISORY: http://secunia.com/advisories/29458/
CRITICAL: Not critical
IMPACT: Security Bypass
WHERE: Local system
OPERATING SYSTEM: Microsoft Windows Vista http://secunia.com/product/13223/
DESCRIPTION: CERT/CC has reported a security issue in Windows Vista, which can be exploited by malicious people to bypass certain security settings.
AutoPlay is a feature designed to immediately begin reading from a drive (e.g. run a setup file) when a media is inserted.
Successful exploitation may result in execution of arbitrary code, but requires physical access to a vulnerable system or that a user is tricked into inserting a malicious media (e.g. USB device).
SOLUTION: Restrict access to affected systems.
Do not insert any untrusted media even with the registry key value set to disable AutoPlay for all drives.
PROVIDED AND/OR DISCOVERED BY: Will Dormann and Jeff Gennari, CERT/CC.
ORIGINAL ADVISORY: US-CERT VU#889747: http://www.kb.cert.org/vuls/id/889747
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This can be exploited to gain knowledge of user names and passwords by obtaining (e.g. by modifying certain used modules.
3) It is possible to bypass the run-time Environment Protection via the Autoplay feature by attaching an external storage device containing an automatically launched script. Use in a trusted network environment only. Description
The presence of a Conficker infection may be detected if a user is unable to surf to the following websites:
- http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm
- http://www.mcafee.com
If a user is unable to reach either of these websites, a Conficker infection may be indicated (the most current variant of Conficker interferes with queries for these sites, preventing a user from visiting them). If a Conficker infection is suspected, the infected system should be removed from the network. Major anti-virus vendors and Microsoft have released several free tools that can verify the presence of a Conficker infection and remove the worm. Instructions for manually removing a Conficker infection from a system have been published by Microsoft in http://support.microsoft.com/kb/962007. Solution
US-CERT encourages users to prevent a Conficker infection by ensuring all systems have the MS08-067 patch (part of Security Update KB958644, which was published by Miscrosoft in October 2008), disabling AutoRun functionality (see http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and maintaining up-to-date anti-virus software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200902-0500",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ifix",
"scope": "eq",
"trust": 1.6,
"vendor": "ge fanuc",
"version": "2.21"
},
{
"model": "ifix",
"scope": "eq",
"trust": 1.6,
"vendor": "ge fanuc",
"version": "4.0"
},
{
"model": "ifix",
"scope": "eq",
"trust": 1.6,
"vendor": "ge fanuc",
"version": "2.0"
},
{
"model": "ifix",
"scope": "eq",
"trust": 1.6,
"vendor": "ge fanuc",
"version": "3.0"
},
{
"model": "ifix",
"scope": "eq",
"trust": 1.6,
"vendor": "ge fanuc",
"version": "3.5"
},
{
"model": "ifix",
"scope": "eq",
"trust": 1.6,
"vendor": "ge fanuc",
"version": "2.6"
},
{
"model": "ifix",
"scope": "eq",
"trust": 1.6,
"vendor": "ge fanuc",
"version": "2.5"
},
{
"model": "ifix",
"scope": "eq",
"trust": 1.6,
"vendor": "ge fanuc",
"version": "4.5"
},
{
"model": "ifix",
"scope": "eq",
"trust": 1.6,
"vendor": "ge fanuc",
"version": "2.2"
},
{
"model": "ifix",
"scope": "lte",
"trust": 1.0,
"vendor": "ge fanuc",
"version": "5.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ge fanuc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "hmi/scada - ifix",
"scope": "lte",
"trust": 0.8,
"vendor": "ge fanuc",
"version": "5.0"
},
{
"model": "ifix",
"scope": "eq",
"trust": 0.6,
"vendor": "ge fanuc",
"version": "5.0"
},
{
"model": "fanuc ifix pde",
"scope": null,
"trust": 0.3,
"vendor": "ge",
"version": null
},
{
"model": "fanuc ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "5.0"
},
{
"model": "fanuc ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "4.5"
},
{
"model": "fanuc ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "4.0"
},
{
"model": "fanuc ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "3.5"
},
{
"model": "fanuc ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "3.0"
},
{
"model": "fanuc ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "2.6"
},
{
"model": "fanuc ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "2.5"
},
{
"model": "fanuc ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "2.21"
},
{
"model": "fanuc ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "2.2"
},
{
"model": "fanuc ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "2.0"
},
{
"model": "fanuc ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ifix",
"version": "2.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ifix",
"version": "2.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ifix",
"version": "2.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ifix",
"version": "2.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ifix",
"version": "2.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ifix",
"version": "3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ifix",
"version": "3.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ifix",
"version": "4.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ifix",
"version": "4.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ifix",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a6178710-23cc-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#310355"
},
{
"db": "CERT/CC",
"id": "VU#889747"
},
{
"db": "BID",
"id": "33739"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001086"
},
{
"db": "CNNVD",
"id": "CNNVD-200902-293"
},
{
"db": "NVD",
"id": "CVE-2009-0216"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge_fanuc:ifix",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001086"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rayford Vaughn and Robert Wesley McGrew at Mississippi State University.",
"sources": [
{
"db": "BID",
"id": "33739"
}
],
"trust": 0.3
},
"cve": "CVE-2009-0216",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2009-0216",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "a6178710-23cc-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-0216",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#310355",
"trust": 0.8,
"value": "1.62"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#889747",
"trust": 0.8,
"value": "0.19"
},
{
"author": "NVD",
"id": "CVE-2009-0216",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200902-293",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "a6178710-23cc-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a6178710-23cc-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#310355"
},
{
"db": "CERT/CC",
"id": "VU#889747"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001086"
},
{
"db": "CNNVD",
"id": "CNNVD-200902-293"
},
{
"db": "NVD",
"id": "CVE-2009-0216"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified program module. Vulnerabilities in the way GE Fanuc iFIX handles authentication could allow a remote attacker to log on to the system with elevated privileges. Microsoft Windows fails to properly handle the NoDriveTypeAutoRun registry value, which may prevent Windows from effectively disabling AutoRun and AutoPlay features. GE Fanuc iFIX Is Human Machine Interface With components, Microsoft Windows CE , NT , 2000 , Server 2003 , XP and Vista Work on SCADA client / Server software. iFIX Vulnerabilities exist in authentication. The user name and password are stored in a local file on the client side, and the password is encrypted with a low-strength algorithm. GE Fanuc according to: Attackers can gain copies of this file in two ways. The first way requires that an attacker have an interactive session with the computer containing the file, such as a direct login, or through a remote terminal session, VNC, or some other remote session providing access to a command shell. Using the shell, the attacker can simply copy the file and extract the passwords at some later point. Another way an attacker can gain access to this file is by intercepting the file over the network. This can occur if the file is shared between two computers using Microsoft WindowsR network sharing. In this case, an attacker may be able to recreate the file by using a network sniffer to monitor network traffic between them. iFIX Since authentication is performed within the client, an attacker could tamper and replace the authentication module. GE Fanuc according to: Authentication and authorization of users are implemented through certain program modules. These modules can be modified at the binary level to bypass user authentication. To exploit this type of attack, an attacker needs to be able to launch unauthorized applications from an interactive shell. Also, iFIX Is Technical Cyber Security Alert TA09-020A Published on \u201cMicrosoft Windows Notes on disabling the auto-execution function \u201d There is a possibility of being affected. Any code executed using the auto-execution function iFIX Enviroment Protection May result in the authentication module being tampered with and replaced.An attacker could gain access to a file containing authentication information or intercept network traffic. As a result, by the attacker iFIX Unauthorized access to the system is possible. \nGE Fanuc iFIX 5.0 are earlier are vulnerable. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n National Cyber Alert System\n\n Technical Cyber Security Alert TA09-020A\n\n\nMicrosoft Windows Does Not Disable AutoRun Properly\n\n Original release date: January 20, 2009\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n * Microsoft Windows\n\n\nOverview\n\n Disabling AutoRun on Microsoft Windows systems can help prevent the\n spread of malicious code. However, Microsoft\u0027s guidelines for\n disabling AutoRun are not fully effective, which could be\n considered a vulnerability. \n\n\nI. Description\n\n Microsoft Windows includes an AutoRun feature, which can\n automatically run code when removable devices are connected to the\n computer. AutoRun (and the closely related AutoPlay) can\n unexpectedly cause arbitrary code execution in the following\n situations:\n \n * A removable device is connected to a computer. This includes, but\n is not limited to, inserting a CD or DVD, connecting a USB or\n Firewire device, or mapping a network drive. This connection can\n result in code execution without any additional user interaction. \n \n * A user clicks the drive icon for a removable device in Windows\n Explorer. Rather than exploring the drive\u0027s contents, this action\n can cause code execution. \n\n * The user selects an option from the AutoPlay dialog that is\n displayed when a removable device is connected. Malicious\n software, such as W32.Downadup, is using AutoRun to\n spread. Disabling AutoRun, as specified in the CERT/CC\n Vulnerability Analysis blog, is an effective way of helping to\n prevent the spread of malicious code. It will, however, disable Media\n Change Notification (MCN) messages, which may prevent Windows from\n detecting when a CD or DVD is changed. \n\n\nII. Impact\n\n By placing an Autorun.inf file on a device, an attacker may be able\n to automatically execute arbitrary code when the device is\n connected to a Windows system. Code execution may also take place\n when the user attempts to browse to the software location with\n Windows Explorer. \n\n\nIII. We recommend\n restarting Windows after making the registry change so that any\n cached mount points are reinitialized in a way that ignores the\n Autorun.inf file. Alternatively, the following registry key may be\n deleted:\n \n HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\n \n Once these changes have been made, all of the AutoRun code\n execution scenarios described above will be mitigated because\n Windows will no longer parse Autorun.inf files to determine which\n actions to take. Further details are available in the\n CERT/CC Vulnerability Analysis blog. Thanks to Nick Brown and Emin\n Atac for providing the workaround. \n\n\nIV. References\n\n * The Dangers of Windows AutoRun -\n \u003chttp://www.cert.org/blogs/vuls/2008/04/the_dangers_of_windows_autorun.html\u003e\n\n * US-CERT Vulnerability Note VU#889747 -\n \u003chttp://www.kb.cert.org/vuls/id/889747\u003e\n\n * Nick Brown\u0027s blog: Memory stick worms -\n \u003chttp://nick.brown.free.fr/blog/2007/10/memory-stick-worms\u003e\n\n * TR08-004 Disabling Autorun -\n \u003chttp://www.publicsafety.gc.ca/prg/em/ccirc/2008/tr08-004-eng.aspx\u003e\n\n * How to Enable or Disable Automatically Running CD-ROMs -\n \u003chttp://support.microsoft.com/kb/155217\u003e\n\n * NoDriveTypeAutoRun -\n \u003chttp://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/91525.mspx\u003e\n\n * Autorun.inf Entries -\n \u003chttp://msdn.microsoft.com/en-us/library/bb776823(VS.85).aspx\u003e\n\n * W32.Downadup -\n \u003chttp://www.symantec.com/security_response/writeup.jsp?docid=2008-112203-2408-99\u003e\n\n * MS08-067 Worm, Downadup/Conflicker -\n \u003chttp://www.f-secure.com/weblog/archives/00001576.html\u003e\n\n * Social Engineering Autoplay and Windows 7 -\n \u003chttp://www.f-secure.com/weblog/archives/00001586.html\u003e\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA09-020A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA09-020A Feedback VU#889747\" in\n the subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2009 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n \n January 20, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSXYqQnIHljM+H4irAQL9EAgAwE5XWd+83CTwTl1vAbDW3sNfCaucmj79\nVmXJ+GktQorbcp29fktYaQxXZ2A6qBREJ1FfwlM5BT0WftvGppLoQcQO3vbbwEQF\nM0VG5xZhTOi8tf4nedBDgDj0ENJBgh6C73G5uZfVatQdFi79TFkf9SVe6xn5BkQm\n5kKsly0d/CX/te15zZLd05AJVEVilbZcECUeDVAYDvWcQSkx2OsJFb+WkuWI9Loh\nzkB7uOeZFY9bgrC04nr9DPHpaPFd8KCXegsxjqN1nIraaCabfvNamriqyUFHwAhK\nsk/DFSjdI6xJ4fXjDQ77wfgLYyTeYQ/b2U/1sqkbOTdCgXqSop5RrA==\n=6/cp\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nWindows Vista \"NoDriveTypeAutoRun\" Security Issue\n\nSECUNIA ADVISORY ID:\nSA29458\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/29458/\n\nCRITICAL:\nNot critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\nLocal system\n\nOPERATING SYSTEM:\nMicrosoft Windows Vista\nhttp://secunia.com/product/13223/\n\nDESCRIPTION:\nCERT/CC has reported a security issue in Windows Vista, which can be\nexploited by malicious people to bypass certain security settings. \n\nAutoPlay is a feature designed to immediately begin reading from a\ndrive (e.g. run a setup file) when a media is inserted. \n\nSuccessful exploitation may result in execution of arbitrary code,\nbut requires physical access to a vulnerable system or that a user is\ntricked into inserting a malicious media (e.g. USB device). \n\nSOLUTION:\nRestrict access to affected systems. \n\nDo not insert any untrusted media even with the registry key value\nset to disable AutoPlay for all drives. \n\nPROVIDED AND/OR DISCOVERED BY:\nWill Dormann and Jeff Gennari, CERT/CC. \n\nORIGINAL ADVISORY:\nUS-CERT VU#889747:\nhttp://www.kb.cert.org/vuls/id/889747\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This can be exploited\nto gain knowledge of user names and passwords by obtaining (e.g. by modifying certain used modules. \n\n3) It is possible to bypass the run-time Environment Protection via\nthe Autoplay feature by attaching an external storage device\ncontaining an automatically launched script. Use in a\ntrusted network environment only. Description\n\n The presence of a Conficker infection may be detected if a user is\n unable to surf to the following websites:\n \n * http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm\u0026inid=us_ghp_link_conficker_worm\n * http://www.mcafee.com\n \n If a user is unable to reach either of these websites, a Conficker\n infection may be indicated (the most current variant of Conficker\n interferes with queries for these sites, preventing a user from\n visiting them). If a Conficker infection is suspected, the\n infected system should be removed from the network. Major\n anti-virus vendors and Microsoft have released several free tools\n that can verify the presence of a Conficker infection and remove\n the worm. Instructions for manually removing a Conficker infection\n from a system have been published by Microsoft in\n http://support.microsoft.com/kb/962007. Solution\n\n US-CERT encourages users to prevent a Conficker infection by\n ensuring all systems have the MS08-067 patch (part of Security\n Update KB958644, which was published by Miscrosoft in October\n 2008), disabling AutoRun functionality (see\n http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and\n maintaining up-to-date anti-virus software",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0216"
},
{
"db": "CERT/CC",
"id": "VU#310355"
},
{
"db": "CERT/CC",
"id": "VU#889747"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001086"
},
{
"db": "BID",
"id": "33739"
},
{
"db": "IVD",
"id": "a6178710-23cc-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "74183"
},
{
"db": "PACKETSTORM",
"id": "64807"
},
{
"db": "PACKETSTORM",
"id": "74973"
},
{
"db": "PACKETSTORM",
"id": "76172"
}
],
"trust": 3.87
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#310355",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2009-0216",
"trust": 2.9
},
{
"db": "BID",
"id": "33739",
"trust": 2.7
},
{
"db": "USCERT",
"id": "TA09-020A",
"trust": 1.8
},
{
"db": "XF",
"id": "48691",
"trust": 1.4
},
{
"db": "CERT/CC",
"id": "VU#889747",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-200902-293",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001086",
"trust": 0.8
},
{
"db": "IVD",
"id": "A6178710-23CC-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "29458",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "33909",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "74183",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "64807",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "74973",
"trust": 0.1
},
{
"db": "USCERT",
"id": "TA09-088A",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "76172",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a6178710-23cc-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#310355"
},
{
"db": "CERT/CC",
"id": "VU#889747"
},
{
"db": "BID",
"id": "33739"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001086"
},
{
"db": "PACKETSTORM",
"id": "74183"
},
{
"db": "PACKETSTORM",
"id": "64807"
},
{
"db": "PACKETSTORM",
"id": "74973"
},
{
"db": "PACKETSTORM",
"id": "76172"
},
{
"db": "CNNVD",
"id": "CNNVD-200902-293"
},
{
"db": "NVD",
"id": "CVE-2009-0216"
}
]
},
"id": "VAR-200902-0500",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a6178710-23cc-11e6-abef-000c29c66e3d"
}
],
"trust": 0.7089285999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a6178710-23cc-11e6-abef-000c29c66e3d"
}
]
},
"last_update_date": "2025-04-10T22:26:47.131000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Issue: CERT Reported Vulnerabilities in iFIX Security",
"trust": 0.8,
"url": "http://support.gefanuc.com/support/index?page=kbchannel\u0026id=S:KB13253\u0026actp=search"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001086"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001086"
},
{
"db": "NVD",
"id": "CVE-2009-0216"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://support.gefanuc.com/support/index?page=kbchannel\u0026id=s:kb13253\u0026actp=search"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/310355"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/33739"
},
{
"trust": 1.9,
"url": "http://www.mcgrewsecurity.com/2009/02/10/ge-fanuc-releases-info-on-ifix-vulnerabilities-vu-310355/"
},
{
"trust": 1.6,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-020a.html"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/48691"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48691"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms08-038.mspx"
},
{
"trust": 0.8,
"url": "http://support.microsoft.com/kb/967715"
},
{
"trust": 0.8,
"url": "http://support.microsoft.com/kb/953252"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/91525.mspx"
},
{
"trust": 0.8,
"url": "http://support.microsoft.com/kb/155217"
},
{
"trust": 0.8,
"url": "http://support.microsoft.com/kb/895108"
},
{
"trust": 0.8,
"url": "http://windowshelp.microsoft.com/windows/en-us/help/40f23376-1351-49d5-8d48-5c05d35f2ac81033.mspx"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/30300.mspx"
},
{
"trust": 0.8,
"url": "http://technet.microsoft.com/en-us/magazine/cc137730.aspx"
},
{
"trust": 0.8,
"url": "http://nick.brown.free.fr/blog/2007/10/memory-stick-worms"
},
{
"trust": 0.8,
"url": "http://blogs.technet.com/steriley/archive/2007/10/30/more-on-autorun.aspx"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0216"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu310355/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0216"
},
{
"trust": 0.3,
"url": "http://www.gefanuc.com/"
},
{
"trust": 0.2,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-020a.html\u003e"
},
{
"trust": 0.2,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.2,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://msdn.microsoft.com/en-us/library/bb776823(vs.85).aspx\u003e"
},
{
"trust": 0.1,
"url": "http://www.f-secure.com/weblog/archives/00001576.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/889747\u003e"
},
{
"trust": 0.1,
"url": "http://support.microsoft.com/kb/155217\u003e"
},
{
"trust": 0.1,
"url": "http://www.cert.org/blogs/vuls/2008/04/the_dangers_of_windows_autorun.html\u003e"
},
{
"trust": 0.1,
"url": "http://nick.brown.free.fr/blog/2007/10/memory-stick-worms\u003e"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/security_response/writeup.jsp?docid=2008-112203-2408-99\u003e"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/91525.mspx\u003e"
},
{
"trust": 0.1,
"url": "http://www.f-secure.com/weblog/archives/00001586.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.publicsafety.gc.ca/prg/em/ccirc/2008/tr08-004-eng.aspx\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/29458/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13223/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/889747"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/33909/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.mcafee.com"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-020a.html),"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta09-088a.html\u003e"
},
{
"trust": 0.1,
"url": "http://support.microsoft.com/kb/962007."
},
{
"trust": 0.1,
"url": "http://support.microsoft.com/kb/958644\u003e"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm\u003e"
},
{
"trust": 0.1,
"url": "http://us.mcafee.com/root/campaign.asp?cid=54857\u003e"
},
{
"trust": 0.1,
"url": "http://support.microsoft.com/kb/962007\u003e"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx\u003e"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm\u0026inid=us_ghp_link_conficker_worm"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#310355"
},
{
"db": "CERT/CC",
"id": "VU#889747"
},
{
"db": "BID",
"id": "33739"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001086"
},
{
"db": "PACKETSTORM",
"id": "74183"
},
{
"db": "PACKETSTORM",
"id": "64807"
},
{
"db": "PACKETSTORM",
"id": "74973"
},
{
"db": "PACKETSTORM",
"id": "76172"
},
{
"db": "CNNVD",
"id": "CNNVD-200902-293"
},
{
"db": "NVD",
"id": "CVE-2009-0216"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a6178710-23cc-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#310355"
},
{
"db": "CERT/CC",
"id": "VU#889747"
},
{
"db": "BID",
"id": "33739"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001086"
},
{
"db": "PACKETSTORM",
"id": "74183"
},
{
"db": "PACKETSTORM",
"id": "64807"
},
{
"db": "PACKETSTORM",
"id": "74973"
},
{
"db": "PACKETSTORM",
"id": "76172"
},
{
"db": "CNNVD",
"id": "CNNVD-200902-293"
},
{
"db": "NVD",
"id": "CVE-2009-0216"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-02-13T00:00:00",
"db": "IVD",
"id": "a6178710-23cc-11e6-abef-000c29c66e3d"
},
{
"date": "2009-02-11T00:00:00",
"db": "CERT/CC",
"id": "VU#310355"
},
{
"date": "2008-03-20T00:00:00",
"db": "CERT/CC",
"id": "VU#889747"
},
{
"date": "2009-02-11T00:00:00",
"db": "BID",
"id": "33739"
},
{
"date": "2009-03-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001086"
},
{
"date": "2009-01-21T20:28:24",
"db": "PACKETSTORM",
"id": "74183"
},
{
"date": "2008-03-21T23:24:01",
"db": "PACKETSTORM",
"id": "64807"
},
{
"date": "2009-02-16T12:48:35",
"db": "PACKETSTORM",
"id": "74973"
},
{
"date": "2009-03-30T19:50:26",
"db": "PACKETSTORM",
"id": "76172"
},
{
"date": "2009-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200902-293"
},
{
"date": "2009-02-13T17:30:00.627000",
"db": "NVD",
"id": "CVE-2009-0216"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-02-24T00:00:00",
"db": "CERT/CC",
"id": "VU#310355"
},
{
"date": "2009-04-14T00:00:00",
"db": "CERT/CC",
"id": "VU#889747"
},
{
"date": "2009-02-12T00:18:00",
"db": "BID",
"id": "33739"
},
{
"date": "2009-03-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001086"
},
{
"date": "2009-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200902-293"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-0216"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200902-293"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ge_fanuc ifix Bypass access restriction vulnerability",
"sources": [
{
"db": "IVD",
"id": "a6178710-23cc-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-200902-293"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trust management",
"sources": [
{
"db": "IVD",
"id": "a6178710-23cc-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-200902-293"
}
],
"trust": 0.8
}
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.