VAR-201902-0885
Vulnerability from variot - Updated: 2022-05-17 01:50MMSLite is a communication component development library based on the IEC61850 standard of substation network communication developed by SISCO Corporation of the United States. It is mainly used for intelligent electronic devices such as remote terminal units RTU, automatic relays, and programmable logic controllers PLC.
There is a denial of service vulnerability in a field of the SISCO MMS protocol. Sending malformed packets with a length value of 0 in a field in the MMS-Write service to a device developed using the SISCO MMS Lite suite can cause the device's MMS module to crash and the MMS protocol corresponding to port 102 cannot communicate
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0885",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mms lite protocol suite",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "v5.0"
}
],
"sources": [
{
"db": "IVD",
"id": "349bbb69-1c4b-45c5-8d21-0b23886531fb"
},
{
"db": "CNVD",
"id": "CNVD-2019-05652"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CNVD-2019-05652",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "349bbb69-1c4b-45c5-8d21-0b23886531fb",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2019-05652",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "349bbb69-1c4b-45c5-8d21-0b23886531fb",
"trust": 0.2,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "349bbb69-1c4b-45c5-8d21-0b23886531fb"
},
{
"db": "CNVD",
"id": "CNVD-2019-05652"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MMSLite is a communication component development library based on the IEC61850 standard of substation network communication developed by SISCO Corporation of the United States. It is mainly used for intelligent electronic devices such as remote terminal units RTU, automatic relays, and programmable logic controllers PLC. \n\nThere is a denial of service vulnerability in a field of the SISCO MMS protocol. Sending malformed packets with a length value of 0 in a field in the MMS-Write service to a device developed using the SISCO MMS Lite suite can cause the device\u0027s MMS module to crash and the MMS protocol corresponding to port 102 cannot communicate",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-05652"
},
{
"db": "IVD",
"id": "349bbb69-1c4b-45c5-8d21-0b23886531fb"
}
],
"trust": 0.72
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-05652",
"trust": 0.8
},
{
"db": "IVD",
"id": "349BBB69-1C4B-45C5-8D21-0B23886531FB",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "349bbb69-1c4b-45c5-8d21-0b23886531fb"
},
{
"db": "CNVD",
"id": "CNVD-2019-05652"
}
]
},
"id": "VAR-201902-0885",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "349bbb69-1c4b-45c5-8d21-0b23886531fb"
},
{
"db": "CNVD",
"id": "CNVD-2019-05652"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "349bbb69-1c4b-45c5-8d21-0b23886531fb"
},
{
"db": "CNVD",
"id": "CNVD-2019-05652"
}
]
},
"last_update_date": "2022-05-17T01:50:54.323000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Denial of Service Vulnerability in a Field of Cisco MMS Protocol Length = 0",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/149341"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-05652"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "349bbb69-1c4b-45c5-8d21-0b23886531fb"
},
{
"db": "CNVD",
"id": "CNVD-2019-05652"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-28T00:00:00",
"db": "IVD",
"id": "349bbb69-1c4b-45c5-8d21-0b23886531fb"
},
{
"date": "2019-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-05652"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-05652"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Denial of service vulnerability in a field of the SISCO MMS protocol",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-05652"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Denial of service",
"sources": [
{
"db": "IVD",
"id": "349bbb69-1c4b-45c5-8d21-0b23886531fb"
}
],
"trust": 0.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…