VAR-201810-0832
Vulnerability from variot - Updated: 2024-11-23 22:41An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is reflected XSS in the SQUEAL search function. PTC ThingWorx Platform Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. PTC ThingWorx Platform is a set of platforms for developing and deploying industrial IoT applications and augmented reality (AR). A remote attacker could use a specially crafted URL to exploit this vulnerability to execute a script in a user's web browser. SEC Consult Vulnerability Lab Security Advisory < 20181001-0 >
title: Password disclosure vulnerability & XSS
product: PTC ThingWorx
vulnerable version: 6.5-7.4, 8.0.x, 8.1.x, 8.2.x fixed version: see Solution section CVE number: CVE-2018-17216, CVE-2018-17217, CVE-2018-17218 impact: critical homepage: https://www.ptc.com found: 2018-03-13 by: M. Tomaselli (Office Munich) SEC Consult Vulnerability Lab
An integrated part of SEC Consult
Europe | Asia | North America
https://www.sec-consult.com
=======================================================================
Vendor description:
"ThingWorx is more than an IoT platform; it provides the functionality, flexibility and scalability that businesses need to drive industrial innovationaincluding the ability to source, contextualize and synthesize data while orchestrating processes and delivering powerful web, mobile and AR experiences."
Source: https://www.ptc.com/en/thingworx8
Business recommendation:
ThingWorx allows to configure Things to communicate with other services over several protocols (e.g. LDAP integration via a DirectoryServices Thing). In order to communicate with services that require authentification, ThingWorx provides functionality to associate credentials to a Thing.
During a brief audit it was noticed that ThingWorx Composer leaks the following sensitive data:
1) The PBKDF2WithHmac512 password hash of a user Thing 2) The AES encrypted password of several Things containing password attributes
Furthermore, the password used for encryption is hard-coded and thus identical along all installations.
The vendor provides a patch which should be installed immediately. It is recommended to perform further thorough security audits as the product may be affected by other potential security vulnerabilities.
Vulnerability overview/description:
1) Disclosure of User Password Hashes to Privileged Users (CVE-2018-17216) ThingWorx discloses the PBKDF2WithHmac512 hashed passwords of its application users when doing exports with an administrative account. This enables an attacker to conduct offline brute-force or dictionary attacks against the obtained password hashes.
2) Disclosure of Encrypted Credentials and Use of Hard-Coded Passwords (CVE-2018-17217) A critical information disclosure vulnerability leaks the AES encrypted passwords of services configured within ThingWorx. Due to a hard-coded master password in the SecureData class, an attacker is able to decrypt the obtained passwords which grants him access to other services. The AES encrypted password gets disclosed in the server response when a user/attacker visits a Thing that contains credentials.
3) Reflected Cross-Site Scripting (CVE-2018-17218) The JavaScript part of the ThingWorx SQUEAL search functionality (searchExpression parameter) which is responsible for parsing the obtained JSON response fails to properly sanitize user supplied input. If the victim views attacker-prepared content (e.g. on a website or in an HTML email) an attacker is able to execute arbitrary actions in the context of its victims' sessions.
Proof of concept:
The proof of concept has been removed from this advisory.
Vulnerable / tested versions:
The vulnerabilities have been verified to exist in version 8.0.1-b39 which was the latest version available at the time of the test.
The vendor provided further affected version information. See the Solution section for reference.
Vendor contact timeline:
2018-03-14: Contacting vendor through email 2018-03-16: Advisory sent to vendor via encrypted mail 2018-03 - 2018-09: Multiple phone calls with PTC R&D department discussing release & multi-party disclosure 2018-08-15: Vendor provided private notifications to customers to give 45 days to upgrade 2018-10-01: Coordinated release of SEC Consult advisory
Solution:
Best recommendation is to upgrade to the latest version of ThingWorx to version 8.3.2 (at time of writing).
For newer verions, the issue of the hard coded password has been fixed and the SQUEAL function removed.
The minimum upgrade to obtain mitigations for all 3 issues depends on the version of ThingWorx in use.
For ThingWorx versions 6.5-7.4, upgrade to 7.4.14+ For ThingWorx version 8.0.x, upgrade to 8.0.12+ For ThingWorx version 8.1.x, upgrade to 8.1.7+ For ThingWorx version 8.2.x, upgrade to 8.2.4+
The vendor always recommends upgrading to the latest availabe service pack.
See the following advisory by the vendor for further information: https://www.ptc.com/en/support/article?n=CS291004
Workaround:
1) Disclosure of User Password Hashes to Privileged Users To limit exposure, disabling all native ThingWorx users and solely rely on users that make use of Active Directory or Single Sign On (SSO) authentication, since the password hashes are then not saved within ThingWorx.
2) Disclosure of Encrypted Credentials and Use of Hard-Coded Passwords None. Removal of this function will eliminate the XSS issue. a. b. For versions older than 8.1.0, a workaround is available at the PTC support site.
Updating to fix all 3 issues is recommended.
Advisory URL:
https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html
SEC Consult Vulnerability Lab
SEC Consult
Europe | Asia | North America
About SEC Consult Vulnerability Lab
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It
ensures the continued knowledge gain of SEC Consult in the field of network
and application security to stay ahead of the attacker. The SEC Consult
Vulnerability Lab supports high-quality penetration testing and the evaluation
of new offensive and defensive technologies for our customers. Hence our
customers obtain the most current information about vulnerabilities and valid
recommendation about the risk profile of new technologies.
Interested to work with the experts of SEC Consult? Send us your application https://www.sec-consult.com/en/career/index.html
Interested in improving your cyber security with the experts of SEC Consult? Contact our local offices https://www.sec-consult.com/en/contact/index.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mail: research at sec-consult dot com Web: https://www.sec-consult.com Blog: http://blog.sec-consult.com Twitter: https://twitter.com/sec_consult
EOF M. Tomaselli / @2018
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0832",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thingworx platform",
"scope": "lte",
"trust": 1.0,
"vendor": "ptc",
"version": "8.2.0"
},
{
"model": "thingworx platform",
"scope": "gte",
"trust": 1.0,
"vendor": "ptc",
"version": "6.5.0"
},
{
"model": "thingworx platform",
"scope": "eq",
"trust": 0.8,
"vendor": "ptc",
"version": "6.5 to 8.2"
},
{
"model": "thingworx platform",
"scope": "gte",
"trust": 0.6,
"vendor": "ptc",
"version": "6.5,\u003c=8.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21621"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010348"
},
{
"db": "NVD",
"id": "CVE-2018-17218"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ptc:thingworx_platform",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010348"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "M. Tomaselli",
"sources": [
{
"db": "PACKETSTORM",
"id": "149650"
}
],
"trust": 0.1
},
"cve": "CVE-2018-17218",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2018-17218",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-17218",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-21621",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2018-17218",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-17218",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-17218",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-17218",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-21621",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-1345",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21621"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010348"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1345"
},
{
"db": "NVD",
"id": "CVE-2018-17218"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is reflected XSS in the SQUEAL search function. PTC ThingWorx Platform Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. PTC ThingWorx Platform is a set of platforms for developing and deploying industrial IoT applications and augmented reality (AR). A remote attacker could use a specially crafted URL to exploit this vulnerability to execute a script in a user\u0027s web browser. SEC Consult Vulnerability Lab Security Advisory \u003c 20181001-0 \u003e\n=======================================================================\n title: Password disclosure vulnerability \u0026 XSS\n product: PTC ThingWorx\n vulnerable version: 6.5-7.4, 8.0.x, 8.1.x, 8.2.x\n fixed version: see Solution section\n CVE number: CVE-2018-17216, CVE-2018-17217, CVE-2018-17218\n impact: critical\n homepage: https://www.ptc.com\n found: 2018-03-13\n by: M. Tomaselli (Office Munich)\n SEC Consult Vulnerability Lab\n\n An integrated part of SEC Consult\n Europe | Asia | North America\n\n https://www.sec-consult.com\n\n=======================================================================\n\nVendor description:\n-------------------\n\"ThingWorx is more than an IoT platform; it provides the functionality,\nflexibility and scalability that businesses need to drive industrial\ninnovationaincluding the ability to source, contextualize and synthesize\ndata while orchestrating processes and delivering powerful web, mobile\nand AR experiences.\"\n\nSource: https://www.ptc.com/en/thingworx8\n\n\nBusiness recommendation:\n------------------------\nThingWorx allows to configure Things to communicate with other services over\nseveral protocols (e.g. LDAP integration via a DirectoryServices Thing). In\norder to communicate with services that require authentification, ThingWorx\nprovides functionality to associate credentials to a Thing. \n\nDuring a brief audit it was noticed that ThingWorx Composer leaks the\nfollowing sensitive data:\n\n 1) The PBKDF2WithHmac512 password hash of a user Thing\n 2) The AES encrypted password of several Things containing password attributes\n\nFurthermore, the password used for encryption is hard-coded and thus identical\nalong all installations. \n\nThe vendor provides a patch which should be installed immediately. \nIt is recommended to perform further thorough security audits as the product\nmay be affected by other potential security vulnerabilities. \n\n\nVulnerability overview/description:\n-----------------------------------\n1) Disclosure of User Password Hashes to Privileged Users (CVE-2018-17216)\nThingWorx discloses the PBKDF2WithHmac512 hashed passwords of its application\nusers when doing exports with an administrative account. This enables an\nattacker to conduct offline brute-force or dictionary attacks against the\nobtained password hashes. \n\n\n2) Disclosure of Encrypted Credentials and Use of Hard-Coded Passwords\n(CVE-2018-17217)\nA critical information disclosure vulnerability leaks the AES encrypted\npasswords of services configured within ThingWorx. Due to a hard-coded\nmaster password in the SecureData class, an attacker is able to decrypt the\nobtained passwords which grants him access to other services. The AES encrypted\npassword gets disclosed in the server response when a user/attacker visits a\nThing that contains credentials. \n\n\n3) Reflected Cross-Site Scripting (CVE-2018-17218)\nThe JavaScript part of the ThingWorx SQUEAL search functionality\n(searchExpression parameter) which is responsible for parsing the obtained JSON\nresponse fails to properly sanitize user supplied input. If the victim views\nattacker-prepared content (e.g. on a website or in an HTML email) an attacker\nis able to execute arbitrary actions in the context of its victims\u0027 sessions. \n\n\nProof of concept:\n-----------------\nThe proof of concept has been removed from this advisory. \n\n\nVulnerable / tested versions:\n-----------------------------\nThe vulnerabilities have been verified to exist in version 8.0.1-b39 which was\nthe latest version available at the time of the test. \n\nThe vendor provided further affected version information. See the Solution\nsection for reference. \n\n\nVendor contact timeline:\n------------------------\n2018-03-14: Contacting vendor through email\n2018-03-16: Advisory sent to vendor via encrypted mail\n2018-03 - 2018-09: Multiple phone calls with PTC R\u0026D department\n discussing release \u0026 multi-party disclosure\n2018-08-15: Vendor provided private notifications to customers to give\n 45 days to upgrade\n2018-10-01: Coordinated release of SEC Consult advisory\n\n\nSolution:\n---------\nBest recommendation is to upgrade to the latest version of ThingWorx\nto version 8.3.2 (at time of writing). \n\nFor newer verions, the issue of the hard coded password has been fixed\nand the SQUEAL function removed. \n\nThe minimum upgrade to obtain mitigations for all 3 issues depends\non the version of ThingWorx in use. \n\nFor ThingWorx versions 6.5-7.4, upgrade to 7.4.14+\nFor ThingWorx version 8.0.x, upgrade to 8.0.12+\nFor ThingWorx version 8.1.x, upgrade to 8.1.7+\nFor ThingWorx version 8.2.x, upgrade to 8.2.4+\n\nThe vendor always recommends upgrading to the latest availabe service pack. \n\nSee the following advisory by the vendor for further information:\nhttps://www.ptc.com/en/support/article?n=CS291004\n\n\nWorkaround:\n-----------\n1) Disclosure of User Password Hashes to Privileged Users\nTo limit exposure, disabling all native ThingWorx users and solely rely on\nusers that make use of Active Directory or Single Sign On (SSO) authentication,\nsince the password hashes are then not saved within ThingWorx. \n\n2) Disclosure of Encrypted Credentials and Use of Hard-Coded Passwords\nNone. Removal\nof this function will eliminate the XSS issue. \na. \nb. For versions older than 8.1.0, a workaround is available at the PTC support\n site. \n\nUpdating to fix all 3 issues is recommended. \n\n\nAdvisory URL:\n-------------\nhttps://www.sec-consult.com/en/vulnerability-lab/advisories/index.html\n\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSEC Consult Vulnerability Lab\n\nSEC Consult\nEurope | Asia | North America\n\nAbout SEC Consult Vulnerability Lab\nThe SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It\nensures the continued knowledge gain of SEC Consult in the field of network\nand application security to stay ahead of the attacker. The SEC Consult\nVulnerability Lab supports high-quality penetration testing and the evaluation\nof new offensive and defensive technologies for our customers. Hence our\ncustomers obtain the most current information about vulnerabilities and valid\nrecommendation about the risk profile of new technologies. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nInterested to work with the experts of SEC Consult?\nSend us your application https://www.sec-consult.com/en/career/index.html\n\nInterested in improving your cyber security with the experts of SEC Consult?\nContact our local offices https://www.sec-consult.com/en/contact/index.html\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nMail: research at sec-consult dot com\nWeb: https://www.sec-consult.com\nBlog: http://blog.sec-consult.com\nTwitter: https://twitter.com/sec_consult\n\nEOF M. Tomaselli / @2018\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17218"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010348"
},
{
"db": "CNVD",
"id": "CNVD-2018-21621"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1345"
},
{
"db": "PACKETSTORM",
"id": "149650"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-17218",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010348",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-21621",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1345",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "149650",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21621"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010348"
},
{
"db": "PACKETSTORM",
"id": "149650"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1345"
},
{
"db": "NVD",
"id": "CVE-2018-17218"
}
]
},
"id": "VAR-201810-0832",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21621"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21621"
}
]
},
"last_update_date": "2024-11-23T22:41:39.906000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Article - CS291004",
"trust": 0.8,
"url": "https://www.ptc.com/en/support/article?n=CS291004"
},
{
"title": "Patch for PTC ThingWorx Platform Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/143105"
},
{
"title": "PTC ThingWorx Platform Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85328"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21621"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010348"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1345"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010348"
},
{
"db": "NVD",
"id": "CVE-2018-17218"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.ptc.com/en/support/article?n=cs291004"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17218"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17218"
},
{
"trust": 0.1,
"url": "https://www.ptc.com"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html"
},
{
"trust": 0.1,
"url": "https://www.ptc.com/en/thingworx8"
},
{
"trust": 0.1,
"url": "https://twitter.com/sec_consult"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17216"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com/en/contact/index.html"
},
{
"trust": 0.1,
"url": "http://blog.sec-consult.com"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com/en/career/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17217"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21621"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010348"
},
{
"db": "PACKETSTORM",
"id": "149650"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1345"
},
{
"db": "NVD",
"id": "CVE-2018-17218"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-21621"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010348"
},
{
"db": "PACKETSTORM",
"id": "149650"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1345"
},
{
"db": "NVD",
"id": "CVE-2018-17218"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-21621"
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010348"
},
{
"date": "2018-10-03T05:40:15",
"db": "PACKETSTORM",
"id": "149650"
},
{
"date": "2018-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1345"
},
{
"date": "2018-10-01T01:29:00.513000",
"db": "NVD",
"id": "CVE-2018-17218"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-21621"
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010348"
},
{
"date": "2019-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1345"
},
{
"date": "2024-11-21T03:54:07.013000",
"db": "NVD",
"id": "CVE-2018-17218"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1345"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PTC ThingWorx Platform Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21621"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1345"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "149650"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1345"
}
],
"trust": 0.7
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…