VAR-201304-0443
Vulnerability from variot - Updated: 2022-05-17 02:10Clorius Controls ICS SCADA fails to properly restrict access to the /html/info.html URL, allowing remote attackers to exploit the vulnerability to directly submit requests for internal IP addresses, MAC addresses, and firmware version information. Clorius Controls ICS SCADA is an industrial control system software. An information disclosure vulnerability exists in Clorius Controls ICS SCADA. Attackers use this vulnerability to gain potentially sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201304-0443",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "controls a/s ics scada",
"scope": "eq",
"trust": 1.1,
"vendor": "clorius",
"version": "00.00.0095"
},
{
"model": "controls a/s ics scada",
"scope": "eq",
"trust": 0.9,
"vendor": "clorius",
"version": "00.00.0110"
},
{
"model": "controls a/s ics scada",
"scope": "eq",
"trust": 0.2,
"vendor": "clorius",
"version": "00.00.0110*"
}
],
"sources": [
{
"db": "IVD",
"id": "9e4cb01c-1f2d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02636"
},
{
"db": "BID",
"id": "58800"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Darius Freamon",
"sources": [
{
"db": "BID",
"id": "58800"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-122"
}
],
"trust": 0.9
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-02636",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "9e4cb01c-1f2d-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2013-02636",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "9e4cb01c-1f2d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9e4cb01c-1f2d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02636"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Clorius Controls ICS SCADA fails to properly restrict access to the /html/info.html URL, allowing remote attackers to exploit the vulnerability to directly submit requests for internal IP addresses, MAC addresses, and firmware version information. Clorius Controls ICS SCADA is an industrial control system software. \nAn information disclosure vulnerability exists in Clorius Controls ICS SCADA. Attackers use this vulnerability to gain potentially sensitive information",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02636"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-122"
},
{
"db": "BID",
"id": "58800"
},
{
"db": "IVD",
"id": "9e4cb01c-1f2d-11e6-abef-000c29c66e3d"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "58800",
"trust": 1.5
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-13-091-02",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-02636",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201304-122",
"trust": 0.6
},
{
"db": "IVD",
"id": "9E4CB01C-1F2D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9e4cb01c-1f2d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02636"
},
{
"db": "BID",
"id": "58800"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-122"
}
]
},
"id": "VAR-201304-0443",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9e4cb01c-1f2d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02636"
}
],
"trust": 1.6333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "9e4cb01c-1f2d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02636"
}
]
},
"last_update_date": "2022-05-17T02:10:40.314000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.9,
"url": "http://ics-cert.us-cert.gov/pdf/ics-alert-13-091-02.pdf"
},
{
"trust": 0.9,
"url": "http://dariusfreamon.wordpress.com/2013/03/11/two-minor-vulnerabilities-in-clorius-controls-ics-scada/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/58800"
},
{
"trust": 0.3,
"url": "http://www.cloriuscontrols.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02636"
},
{
"db": "BID",
"id": "58800"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-122"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9e4cb01c-1f2d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02636"
},
{
"db": "BID",
"id": "58800"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-122"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-07T00:00:00",
"db": "IVD",
"id": "9e4cb01c-1f2d-11e6-abef-000c29c66e3d"
},
{
"date": "2013-04-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02636"
},
{
"date": "2013-04-01T00:00:00",
"db": "BID",
"id": "58800"
},
{
"date": "2013-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-122"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02636"
},
{
"date": "2013-04-01T00:00:00",
"db": "BID",
"id": "58800"
},
{
"date": "2013-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-122"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-122"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Clorius Controls ICS SCADA Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "9e4cb01c-1f2d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02636"
},
{
"db": "BID",
"id": "58800"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-122"
}
],
"trust": 1.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-122"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…