Vulnerabilites related to hoytech - antiweb
Vulnerability from fkie_nvd
Published
2017-12-27 17:08
Modified
2024-11-21 03:18
Severity ?
Summary
cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary OS commands via crafted multipart/form-data content, a different vulnerability than CVE-2017-9097.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/ezelf/AntiWeb_testing-Suite/tree/master/RCE | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://www.seebug.org/vuldb/ssvid-96555 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://www.youtube.com/watch?v=HdkZA1DO08Y | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ezelf/AntiWeb_testing-Suite/tree/master/RCE | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.seebug.org/vuldb/ssvid-96555 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.youtube.com/watch?v=HdkZA1DO08Y | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hoytech:antiweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E1A03EF-D59E-4045-9A1C-022BE576FA74",
"versionEndIncluding": "3.8.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hoytech:antiweb:3.0.7:hms2:*:*:*:*:*:*",
"matchCriteriaId": "E69C56A5-2A87-45C8-BC6A-7663AC417BA7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --\u003e AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary OS commands via crafted multipart/form-data content, a different vulnerability than CVE-2017-9097."
},
{
"lang": "es",
"value": "gi-bin/write.cgi en Anti-Web hasta la versi\u00f3n 3.8.7, como se utilizaba en dispositivos NetBiter / HMS, Ouman EH-net, Alliance System WS100 --\u003e AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA y ASCON DY WebServer, permite que usuarios autenticados remotos ejecuten comandos arbitrarios de sistema operativo mediante contenidos tipo multipart/form-data manipulados. Esta vulnerabilidad es diferente de CVE-2017-9097."
}
],
"id": "CVE-2017-17888",
"lastModified": "2024-11-21T03:18:54.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-27T17:08:21.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/ezelf/AntiWeb_testing-Suite/tree/master/RCE"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://www.seebug.org/vuldb/ssvid-96555"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=HdkZA1DO08Y"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/ezelf/AntiWeb_testing-Suite/tree/master/RCE"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://www.seebug.org/vuldb/ssvid-96555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://www.youtube.com/watch?v=HdkZA1DO08Y"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-16 03:29
Modified
2024-11-21 03:35
Severity ?
Summary
In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hoytech:antiweb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E1A03EF-D59E-4045-9A1C-022BE576FA74",
"versionEndIncluding": "3.8.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hoytech:antiweb:3.0.7:hms2:*:*:*:*:*:*",
"matchCriteriaId": "E69C56A5-2A87-45C8-BC6A-7663AC417BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hoytech:antiweb:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AA87DB52-ACBF-447D-8890-FF6E2CA26676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hoytech:antiweb:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66FBB2D5-903C-4744-B415-AA9E67DE4364",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hoytech:antiweb:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D1F9411-BDB6-4A64-AA59-9B076DFCB4D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hoytech:antiweb:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "013E037C-EFDD-47EA-88C3-2F65F5D1381B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hoytech:antiweb:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62658ADB-AFF8-4E8A-91C4-8D8C2FC4C4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hoytech:antiweb:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E212BC-C04E-4421-B988-716312AECF2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hoytech:antiweb:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEE5220-1468-4BD3-85B3-4E199060887D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hoytech:antiweb:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E49BD5F4-8773-4B50-BB53-4834F34216D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hoytech:antiweb:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB108B76-FD67-442E-BA85-B8AD86EB9317",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file."
},
{
"lang": "es",
"value": "En Anti-Web hasta la versi\u00f3n 3.8.7, tal y como se emplea en dispositivos NetBiter FGW200 hasta la versi\u00f3n 3.21.2, dispositivos WS100 hasta la versi\u00f3n 3.30.5, dispositivos EC150 hasta la versi\u00f3n 1.40.0, dispositivos WS200 hasta la versi\u00f3n3.30.4, dispositivos EC250 hasta la versi\u00f3n 1.40.0 y otros productos, una vulnerabilidad LFI permite que un atacante remoto lea o modifique archivos mediante una t\u00e9cnica de salto de directorio. Esto se demuestra por la lectura del archivo de contrase\u00f1a o mediante el uso del par\u00e1metro template en cgi-bin/write.cgi para escribir en un archivo arbitrario."
}
],
"id": "CVE-2017-9097",
"lastModified": "2024-11-21T03:35:18.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-16T03:29:00.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://misteralfa-hack.blogspot.cl/2017/05/apps-industrial-ot-over-server-anti-web.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/ezelf/industrial_Tools/tree/master/scadas_server_antiweb/LFI"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.netbiter.com/docs/default-source/netbiter-english/software/hms-security-advisory-2017-05-24-001-ws100-ws200-ec150-ec250.zip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://misteralfa-hack.blogspot.cl/2017/05/apps-industrial-ot-over-server-anti-web.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/ezelf/industrial_Tools/tree/master/scadas_server_antiweb/LFI"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.netbiter.com/docs/default-source/netbiter-english/software/hms-security-advisory-2017-05-24-001-ws100-ws200-ec150-ec250.zip"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2017-17888
Vulnerability from cvelistv5
Published
2017-12-24 16:00
Modified
2024-09-17 00:20
Severity ?
EPSS score ?
Summary
cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary OS commands via crafted multipart/form-data content, a different vulnerability than CVE-2017-9097.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.youtube.com/watch?v=HdkZA1DO08Y | x_refsource_MISC | |
| https://www.seebug.org/vuldb/ssvid-96555 | x_refsource_MISC | |
| https://github.com/ezelf/AntiWeb_testing-Suite/tree/master/RCE | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:06:49.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.youtube.com/watch?v=HdkZA1DO08Y"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seebug.org/vuldb/ssvid-96555"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ezelf/AntiWeb_testing-Suite/tree/master/RCE"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --\u003e AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary OS commands via crafted multipart/form-data content, a different vulnerability than CVE-2017-9097."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-24T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.youtube.com/watch?v=HdkZA1DO08Y"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seebug.org/vuldb/ssvid-96555"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ezelf/AntiWeb_testing-Suite/tree/master/RCE"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --\u003e AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary OS commands via crafted multipart/form-data content, a different vulnerability than CVE-2017-9097."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.youtube.com/watch?v=HdkZA1DO08Y",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=HdkZA1DO08Y"
},
{
"name": "https://www.seebug.org/vuldb/ssvid-96555",
"refsource": "MISC",
"url": "https://www.seebug.org/vuldb/ssvid-96555"
},
{
"name": "https://github.com/ezelf/AntiWeb_testing-Suite/tree/master/RCE",
"refsource": "MISC",
"url": "https://github.com/ezelf/AntiWeb_testing-Suite/tree/master/RCE"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17888",
"datePublished": "2017-12-24T16:00:00Z",
"dateReserved": "2017-12-24T00:00:00Z",
"dateUpdated": "2024-09-17T00:20:41.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9097
Vulnerability from cvelistv5
Published
2017-06-16 03:00
Modified
2024-08-05 16:55
Severity ?
EPSS score ?
Summary
In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:55:22.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ezelf/industrial_Tools/tree/master/scadas_server_antiweb/LFI"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://misteralfa-hack.blogspot.cl/2017/05/apps-industrial-ot-over-server-anti-web.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netbiter.com/docs/default-source/netbiter-english/software/hms-security-advisory-2017-05-24-001-ws100-ws200-ec150-ec250.zip"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-16T02:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ezelf/industrial_Tools/tree/master/scadas_server_antiweb/LFI"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://misteralfa-hack.blogspot.cl/2017/05/apps-industrial-ot-over-server-anti-web.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netbiter.com/docs/default-source/netbiter-english/software/hms-security-advisory-2017-05-24-001-ws100-ws200-ec150-ec250.zip"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ezelf/industrial_Tools/tree/master/scadas_server_antiweb/LFI",
"refsource": "MISC",
"url": "https://github.com/ezelf/industrial_Tools/tree/master/scadas_server_antiweb/LFI"
},
{
"name": "http://misteralfa-hack.blogspot.cl/2017/05/apps-industrial-ot-over-server-anti-web.html",
"refsource": "MISC",
"url": "http://misteralfa-hack.blogspot.cl/2017/05/apps-industrial-ot-over-server-anti-web.html"
},
{
"name": "https://www.netbiter.com/docs/default-source/netbiter-english/software/hms-security-advisory-2017-05-24-001-ws100-ws200-ec150-ec250.zip",
"refsource": "MISC",
"url": "https://www.netbiter.com/docs/default-source/netbiter-english/software/hms-security-advisory-2017-05-24-001-ws100-ws200-ec150-ec250.zip"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9097",
"datePublished": "2017-06-16T03:00:00",
"dateReserved": "2017-05-19T00:00:00",
"dateUpdated": "2024-08-05T16:55:22.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201712-0564
Vulnerability from variot
cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary OS commands via crafted multipart/form-data content, a different vulnerability than CVE-2017-9097. Anti-Web Is OS A command injection vulnerability exists. This vulnerability CVE-2017-9097 Is a different vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NetBiter/HMS, etc. are gateway devices produced by different companies. Anti-Web is an anti-virus component used in it. Security vulnerabilities exist in Anti-Web 3.8.7 and previous versions of cgi-bin/write.cgi files in various products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0564",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "antiweb",
"scope": "lte",
"trust": 1.8,
"vendor": "hoytech",
"version": "3.8.7"
},
{
"model": "antiweb",
"scope": "eq",
"trust": 1.6,
"vendor": "hoytech",
"version": "3.0.7"
},
{
"model": "antiweb",
"scope": "lte",
"trust": 0.6,
"vendor": "hoytech",
"version": "\u003c=3.8.7"
},
{
"model": "antiweb",
"scope": "eq",
"trust": 0.6,
"vendor": "hoytech",
"version": "3.8.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02334"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011885"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-995"
},
{
"db": "NVD",
"id": "CVE-2017-17888"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hoytech:antiweb",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011885"
}
]
},
"cve": "CVE-2017-17888",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2017-17888",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2018-02334",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-17888",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-17888",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-17888",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-02334",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-995",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02334"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011885"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-995"
},
{
"db": "NVD",
"id": "CVE-2017-17888"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --\u003e AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary OS commands via crafted multipart/form-data content, a different vulnerability than CVE-2017-9097. Anti-Web Is OS A command injection vulnerability exists. This vulnerability CVE-2017-9097 Is a different vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NetBiter/HMS, etc. are gateway devices produced by different companies. Anti-Web is an anti-virus component used in it. Security vulnerabilities exist in Anti-Web 3.8.7 and previous versions of cgi-bin/write.cgi files in various products",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17888"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011885"
},
{
"db": "CNVD",
"id": "CNVD-2018-02334"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17888",
"trust": 3.0
},
{
"db": "SEEBUG",
"id": "SSVID-96555",
"trust": 2.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011885",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-02334",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201712-995",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02334"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011885"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-995"
},
{
"db": "NVD",
"id": "CVE-2017-17888"
}
]
},
"id": "VAR-201712-0564",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02334"
}
],
"trust": 0.92142857
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02334"
}
]
},
"last_update_date": "2024-11-23T22:34:26.540000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "antiweb",
"trust": 0.8,
"url": "https://github.com/hoytech/antiweb"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011885"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011885"
},
{
"db": "NVD",
"id": "CVE-2017-17888"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://github.com/ezelf/antiweb_testing-suite/tree/master/rce"
},
{
"trust": 2.2,
"url": "https://www.seebug.org/vuldb/ssvid-96555"
},
{
"trust": 1.6,
"url": "https://www.youtube.com/watch?v=hdkza1do08y"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17888"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17888"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02334"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011885"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-995"
},
{
"db": "NVD",
"id": "CVE-2017-17888"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-02334"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011885"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-995"
},
{
"db": "NVD",
"id": "CVE-2017-17888"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02334"
},
{
"date": "2018-02-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011885"
},
{
"date": "2017-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-995"
},
{
"date": "2017-12-27T17:08:21.577000",
"db": "NVD",
"id": "CVE-2017-17888"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02334"
},
{
"date": "2018-02-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011885"
},
{
"date": "2017-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-995"
},
{
"date": "2024-11-21T03:18:54.313000",
"db": "NVD",
"id": "CVE-2017-17888"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-995"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anti-Web In OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011885"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-995"
}
],
"trust": 0.6
}
}
var-201706-0833
Vulnerability from variot
In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file. plural NetBiter Used in products Antiweb Contains a path traversal vulnerability.Information may be obtained and information may be altered
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0833",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "antiweb",
"scope": "lte",
"trust": 1.8,
"vendor": "hoytech",
"version": "3.8.7"
},
{
"model": "antiweb",
"scope": "eq",
"trust": 1.6,
"vendor": "hoytech",
"version": "3.8.1"
},
{
"model": "antiweb",
"scope": "eq",
"trust": 1.6,
"vendor": "hoytech",
"version": "3.8.3"
},
{
"model": "antiweb",
"scope": "eq",
"trust": 1.6,
"vendor": "hoytech",
"version": "3.7.1"
},
{
"model": "antiweb",
"scope": "eq",
"trust": 1.6,
"vendor": "hoytech",
"version": "3.8.4"
},
{
"model": "antiweb",
"scope": "eq",
"trust": 1.6,
"vendor": "hoytech",
"version": "3.6.1"
},
{
"model": "antiweb",
"scope": "eq",
"trust": 1.6,
"vendor": "hoytech",
"version": "3.8.2"
},
{
"model": "antiweb",
"scope": "eq",
"trust": 1.6,
"vendor": "hoytech",
"version": "3.7.2"
},
{
"model": "antiweb",
"scope": "eq",
"trust": 1.6,
"vendor": "hoytech",
"version": "3.3.5"
},
{
"model": "antiweb",
"scope": "eq",
"trust": 1.6,
"vendor": "hoytech",
"version": "3.8.5"
},
{
"model": "antiweb",
"scope": "eq",
"trust": 1.0,
"vendor": "hoytech",
"version": "3.0.7"
},
{
"model": "antiweb",
"scope": "eq",
"trust": 0.6,
"vendor": "hoytech",
"version": "3.8.7"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005240"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1027"
},
{
"db": "NVD",
"id": "CVE-2017-9097"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hoytech:antiweb",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005240"
}
]
},
"cve": "CVE-2017-9097",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9097",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9097",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9097",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-9097",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-1027",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005240"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1027"
},
{
"db": "NVD",
"id": "CVE-2017-9097"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file. plural NetBiter Used in products Antiweb Contains a path traversal vulnerability.Information may be obtained and information may be altered",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9097"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005240"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9097",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005240",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1027",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005240"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1027"
},
{
"db": "NVD",
"id": "CVE-2017-9097"
}
]
},
"id": "VAR-201706-0833",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.32142857
},
"last_update_date": "2024-11-23T22:59:17.638000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "antiweb",
"trust": 0.8,
"url": "https://github.com/hoytech/antiweb"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005240"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005240"
},
{
"db": "NVD",
"id": "CVE-2017-9097"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/ezelf/industrial_tools/tree/master/scadas_server_antiweb/lfi"
},
{
"trust": 1.6,
"url": "http://misteralfa-hack.blogspot.cl/2017/05/apps-industrial-ot-over-server-anti-web.html"
},
{
"trust": 1.6,
"url": "https://www.netbiter.com/docs/default-source/netbiter-english/software/hms-security-advisory-2017-05-24-001-ws100-ws200-ec150-ec250.zip"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9097"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9097"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005240"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1027"
},
{
"db": "NVD",
"id": "CVE-2017-9097"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005240"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1027"
},
{
"db": "NVD",
"id": "CVE-2017-9097"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005240"
},
{
"date": "2017-05-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-1027"
},
{
"date": "2017-06-16T03:29:00.187000",
"db": "NVD",
"id": "CVE-2017-9097"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005240"
},
{
"date": "2017-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-1027"
},
{
"date": "2024-11-21T03:35:18.730000",
"db": "NVD",
"id": "CVE-2017-9097"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-1027"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NetBiter Used in products Antiweb Path traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005240"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-1027"
}
],
"trust": 0.6
}
}