Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
23 vulnerabilities by microsys
VAR-201204-0098
Vulnerability from variot - Updated: 2023-12-18 13:44Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file. PROMOTIC is a Windows-based SCADA software. PROMOTIC is prone to a remote code-execution vulnerability due to a use-after-free error. This may allow lead to corruption of valid data. Versions prior to PROMOTIC 8.1.7 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201204-0098",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.5"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.1"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.2"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.6"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.7"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.0"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.1.0"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.1.2"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.4"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.3"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.9"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.1.4"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.11"
},
{
"model": "promotic",
"scope": "lte",
"trust": 1.0,
"vendor": "microsys",
"version": "8.1.6"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.1.3"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.10"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.1.5"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.12"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.13"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.1.1"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.8"
},
{
"model": "promotic",
"scope": "lt",
"trust": 0.8,
"vendor": "microsys",
"version": "8.1.7"
},
{
"model": "spol. s r.o. microsys",
"scope": "eq",
"trust": 0.6,
"vendor": "microsys",
"version": "8.1.3"
},
{
"model": "spol. s r.o. microsys",
"scope": "eq",
"trust": 0.6,
"vendor": "microsys",
"version": "8.1.4"
},
{
"model": "spol. s r.o. microsys",
"scope": "eq",
"trust": 0.6,
"vendor": "microsys",
"version": "8.1.5"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.3,
"vendor": "promotic",
"version": "8.1.5"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.3,
"vendor": "promotic",
"version": "8.1.4"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.3,
"vendor": "promotic",
"version": "8.1.3"
},
{
"model": "promotic",
"scope": "ne",
"trust": 0.3,
"vendor": "promotic",
"version": "8.1.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.1.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.1.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.1.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.1.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "f287df9c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1895"
},
{
"db": "BID",
"id": "52988"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002065"
},
{
"db": "NVD",
"id": "CVE-2011-4874"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-288"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4874"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "52988"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4874",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.5,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-4874",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.5,
"id": "f287df9c-2353-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4874",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201204-288",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "f287df9c-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f287df9c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002065"
},
{
"db": "NVD",
"id": "CVE-2011-4874"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-288"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file. PROMOTIC is a Windows-based SCADA software. PROMOTIC is prone to a remote code-execution vulnerability due to a use-after-free error. This may allow lead to corruption of valid data. \nVersions prior to PROMOTIC 8.1.7 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4874"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002065"
},
{
"db": "CNVD",
"id": "CNVD-2012-1895"
},
{
"db": "BID",
"id": "52988"
},
{
"db": "IVD",
"id": "f287df9c-2353-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4874",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-102-03",
"trust": 3.3
},
{
"db": "BID",
"id": "52988",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2012-1895",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201204-288",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002065",
"trust": 0.8
},
{
"db": "IVD",
"id": "F287DF9C-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "f287df9c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1895"
},
{
"db": "BID",
"id": "52988"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002065"
},
{
"db": "NVD",
"id": "CVE-2011-4874"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-288"
}
]
},
"id": "VAR-201204-0098",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f287df9c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1895"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "f287df9c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1895"
}
]
},
"last_update_date": "2023-12-18T13:44:39.687000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Version 8.1.7 (from 2.2.2012) - stable version",
"trust": 0.8,
"url": "http://www.promotic.eu/en/pmdoc/news.htm#ver80107"
},
{
"title": "PROMOTIC",
"trust": 0.8,
"url": "http://www.promotic.eu/en/promotic/scada-pm.htm"
},
{
"title": "PROMOTIC memory error reference patch for remote code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/15799"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-1895"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002065"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002065"
},
{
"db": "NVD",
"id": "CVE-2011-4874"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-102-03.pdf"
},
{
"trust": 1.6,
"url": "http://www.promotic.eu/en/pmdoc/news.htm#ver80107"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/52988"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74846"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4874"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4874"
},
{
"trust": 0.3,
"url": "http://www.promotic.eu/en/promotic/scada-pm.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-1895"
},
{
"db": "BID",
"id": "52988"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002065"
},
{
"db": "NVD",
"id": "CVE-2011-4874"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-288"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f287df9c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1895"
},
{
"db": "BID",
"id": "52988"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002065"
},
{
"db": "NVD",
"id": "CVE-2011-4874"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-288"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-04-16T00:00:00",
"db": "IVD",
"id": "f287df9c-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-04-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-1895"
},
{
"date": "2012-04-11T00:00:00",
"db": "BID",
"id": "52988"
},
{
"date": "2012-04-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002065"
},
{
"date": "2012-04-13T10:41:49.697000",
"db": "NVD",
"id": "CVE-2011-4874"
},
{
"date": "2012-04-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-288"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-04-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-1895"
},
{
"date": "2012-04-11T00:00:00",
"db": "BID",
"id": "52988"
},
{
"date": "2012-04-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002065"
},
{
"date": "2017-08-29T01:30:37.053000",
"db": "NVD",
"id": "CVE-2011-4874"
},
{
"date": "2012-04-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-288"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201204-288"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MICROSYS PROMOTIC Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002065"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "f287df9c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-288"
}
],
"trust": 0.8
}
}
VAR-202002-0773
Vulnerability from variot - Updated: 2023-12-18 13:43Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Overflow vulnerability which can lead to denial of service. Microsys PROMOTIC Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be put into a state. MICROSYS PROMOTIC is a SCADA software. The MICROSYS PROMOTIC PmTrends.dll ActiveX control start function fails to properly filter user input, allowing an attacker to exploit a vulnerability to build a malicious WEB page, enticing the user to resolve and crashing the application. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0773",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "promotic",
"version": "8.2.13"
},
{
"model": "spol. s r.o. microsys",
"scope": "eq",
"trust": 0.8,
"vendor": "microsys",
"version": "8.2.13"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.8,
"vendor": "microsys",
"version": "8.2.13"
}
],
"sources": [
{
"db": "IVD",
"id": "47c6315e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00933"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008918"
},
{
"db": "NVD",
"id": "CVE-2014-1617"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:promotic:promotic:8.2.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1617"
}
]
},
"cve": "CVE-2014-1617",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2014-008918",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2014-00933",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "47c6315e-2352-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2014-008918",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-1617",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2014-008918",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-00933",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-777",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "47c6315e-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "47c6315e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00933"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008918"
},
{
"db": "NVD",
"id": "CVE-2014-1617"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-777"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Overflow vulnerability which can lead to denial of service. Microsys PROMOTIC Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be put into a state. MICROSYS PROMOTIC is a SCADA software. The MICROSYS PROMOTIC PmTrends.dll ActiveX control start function fails to properly filter user input, allowing an attacker to exploit a vulnerability to build a malicious WEB page, enticing the user to resolve and crashing the application. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1617"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008918"
},
{
"db": "CNVD",
"id": "CNVD-2014-00933"
},
{
"db": "IVD",
"id": "47c6315e-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1617",
"trust": 3.2
},
{
"db": "CNVD",
"id": "CNVD-2014-00933",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202002-777",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008918",
"trust": 0.8
},
{
"db": "IVD",
"id": "47C6315E-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "47c6315e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00933"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008918"
},
{
"db": "NVD",
"id": "CVE-2014-1617"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-777"
}
]
},
"id": "VAR-202002-0773",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "47c6315e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00933"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "47c6315e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00933"
}
]
},
"last_update_date": "2023-12-18T13:43:03.116000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.promotic.eu/"
},
{
"title": "Microsys PROMOTIC ActiveX (PmTrends.dll) Start Function Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/43570"
},
{
"title": "Microsys PROMOTIC Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110215"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00933"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008918"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-777"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008918"
},
{
"db": "NVD",
"id": "CVE-2014-1617"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://fortiguardcenter.com/encyclopedia/ips/38068"
},
{
"trust": 1.6,
"url": "https://packetstormsecurity.com/files/cve/cve-2014-1617"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1617"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1617"
},
{
"trust": 0.6,
"url": "http://osvdb.org/ref/102/microsys_promotic_8.2.13_start_activex_control_dos.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00933"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008918"
},
{
"db": "NVD",
"id": "CVE-2014-1617"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-777"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "47c6315e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00933"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008918"
},
{
"db": "NVD",
"id": "CVE-2014-1617"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-777"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-13T00:00:00",
"db": "IVD",
"id": "47c6315e-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-02-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00933"
},
{
"date": "2020-03-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008918"
},
{
"date": "2020-02-13T22:15:11.127000",
"db": "NVD",
"id": "CVE-2014-1617"
},
{
"date": "2020-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-777"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00933"
},
{
"date": "2020-03-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008918"
},
{
"date": "2020-02-20T19:30:14.327000",
"db": "NVD",
"id": "CVE-2014-1617"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-777"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-777"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsys PROMOTIC ActiveX (PmTrends.dll) Start Function Denial of Service Vulnerability",
"sources": [
{
"db": "IVD",
"id": "47c6315e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00933"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "47c6315e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-777"
}
],
"trust": 0.8
}
}
VAR-201601-0028
Vulnerability from variot - Updated: 2023-12-18 12:45Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document. MICROSYS PROMOTIC is a Windows-based monitoring and data acquisition human-machine interface software programming suite for industrial applications. MICROSYS PROMOTIC is prone to a local heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to cause denial-of-service condition. Due to the nature of this issue, code-execution may be possible; however this has not been confirmed
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201601-0028",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "promotic",
"scope": "lt",
"trust": 1.4,
"vendor": "microsys",
"version": "8.3.11"
},
{
"model": "promotic",
"scope": "lte",
"trust": 1.0,
"vendor": "microsys",
"version": "8.3.10"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.6,
"vendor": "microsys",
"version": "8.3.10"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.3,
"vendor": "microsys",
"version": "8.3.2"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.3,
"vendor": "microsys",
"version": "8.2.19"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.3,
"vendor": "microsys",
"version": "8.3"
},
{
"model": "promotic",
"scope": "ne",
"trust": 0.3,
"vendor": "microsys",
"version": "8.3.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "632dcf5c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-00720"
},
{
"db": "BID",
"id": "81989"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001332"
},
{
"db": "NVD",
"id": "CVE-2016-0869"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-634"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.3.10",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0869"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Praveen Darshanam of Versa Networks",
"sources": [
{
"db": "BID",
"id": "81989"
}
],
"trust": 0.3
},
"cve": "CVE-2016-0869",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-0869",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-00720",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "632dcf5c-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.3,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-0869",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-0869",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-00720",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201601-634",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "632dcf5c-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "632dcf5c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-00720"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001332"
},
{
"db": "NVD",
"id": "CVE-2016-0869"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-634"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document. MICROSYS PROMOTIC is a Windows-based monitoring and data acquisition human-machine interface software programming suite for industrial applications. MICROSYS PROMOTIC is prone to a local heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nAn attacker can exploit this issue to cause denial-of-service condition. Due to the nature of this issue, code-execution may be possible; however this has not been confirmed",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0869"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001332"
},
{
"db": "CNVD",
"id": "CNVD-2016-00720"
},
{
"db": "BID",
"id": "81989"
},
{
"db": "IVD",
"id": "632dcf5c-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0869",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-026-01",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2016-00720",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201601-634",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001332",
"trust": 0.8
},
{
"db": "ZDI",
"id": "ZDI-15-091",
"trust": 0.3
},
{
"db": "ICS CERT",
"id": "ICSA-15-062-01",
"trust": 0.3
},
{
"db": "BID",
"id": "81989",
"trust": 0.3
},
{
"db": "IVD",
"id": "632DCF5C-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "632dcf5c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-00720"
},
{
"db": "BID",
"id": "81989"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001332"
},
{
"db": "NVD",
"id": "CVE-2016-0869"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-634"
}
]
},
"id": "VAR-201601-0028",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "632dcf5c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-00720"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "632dcf5c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-00720"
}
]
},
"last_update_date": "2023-12-18T12:45:06.041000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Version 8.3.11 (from 19.1.2016) - stable version",
"trust": 0.8,
"url": "http://www.promotic.eu/en/pmdoc/newspm803.htm#ver80311"
},
{
"title": "Patch for MICROSYS PROMOTIC heap buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/70952"
},
{
"title": "MICROSYS PROMOTIC Fixes for heap-based buffer overflow vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=59949"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00720"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001332"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-634"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001332"
},
{
"db": "NVD",
"id": "CVE-2016-0869"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-026-01"
},
{
"trust": 1.6,
"url": "http://www.promotic.eu/en/pmdoc/newspm803.htm#ver80311"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0869"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0869"
},
{
"trust": 0.3,
"url": "http://www.promotic.eu/en/index.htm"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-062-01"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-091/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00720"
},
{
"db": "BID",
"id": "81989"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001332"
},
{
"db": "NVD",
"id": "CVE-2016-0869"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-634"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "632dcf5c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-00720"
},
{
"db": "BID",
"id": "81989"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001332"
},
{
"db": "NVD",
"id": "CVE-2016-0869"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-634"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-01T00:00:00",
"db": "IVD",
"id": "632dcf5c-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-02-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00720"
},
{
"date": "2016-01-26T00:00:00",
"db": "BID",
"id": "81989"
},
{
"date": "2016-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001332"
},
{
"date": "2016-01-26T19:59:02.373000",
"db": "NVD",
"id": "CVE-2016-0869"
},
{
"date": "2016-01-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-634"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00720"
},
{
"date": "2016-01-26T00:00:00",
"db": "BID",
"id": "81989"
},
{
"date": "2016-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001332"
},
{
"date": "2016-02-23T16:26:09.593000",
"db": "NVD",
"id": "CVE-2016-0869"
},
{
"date": "2016-01-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-634"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-634"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MICROSYS PROMOTIC Heap-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001332"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-634"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "632dcf5c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-634"
}
],
"trust": 0.8
}
}
VAR-201503-0332
Vulnerability from variot - Updated: 2023-12-18 12:45Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data. Authentication is not required to exploit this vulnerability.The program blindly copies attacker-supplied data into a fixed-sized buffer without validating the length of this data resulting in a stack buffer overflow. The specific flaw exists within the PmBase64Decode function which ignores the passed-in length of the destination buffer. An attacker can exploit this condition to achieve code execution under the context of the process. MICROSYS PROMOTIC is a SCADA software. Failed exploit attempts will result in a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201503-0332",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "promotic",
"scope": "lte",
"trust": 1.0,
"vendor": "microsys",
"version": "8.2.18"
},
{
"model": "promotic",
"scope": "lte",
"trust": 1.0,
"vendor": "microsys",
"version": "8.3.1"
},
{
"model": "promotic",
"scope": "lt",
"trust": 0.8,
"vendor": "microsys",
"version": "8.2.19 (stable)"
},
{
"model": "promotic",
"scope": "lt",
"trust": 0.8,
"vendor": "microsys",
"version": "8.3.2 (development)"
},
{
"model": "promotic",
"scope": null,
"trust": 0.7,
"vendor": "microsys",
"version": null
},
{
"model": "spol. s r.o. promotic",
"scope": null,
"trust": 0.6,
"vendor": "microsys",
"version": null
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.6,
"vendor": "microsys",
"version": "8.2.18"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.6,
"vendor": "microsys",
"version": "8.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "*"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.3,
"vendor": "microsys",
"version": "0"
},
{
"model": "promotic",
"scope": "ne",
"trust": 0.3,
"vendor": "microsys",
"version": "8.3.2"
},
{
"model": "promotic",
"scope": "ne",
"trust": 0.3,
"vendor": "microsys",
"version": "8.2.19"
}
],
"sources": [
{
"db": "IVD",
"id": "9a45265c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-091"
},
{
"db": "CNVD",
"id": "CNVD-2015-01544"
},
{
"db": "BID",
"id": "72874"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007997"
},
{
"db": "NVD",
"id": "CVE-2014-9205"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-211"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:*:*:*:*:development:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.3.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:*:*:*:*:stable:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.18",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9205"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-091"
}
],
"trust": 0.7
},
"cve": "CVE-2014-9205",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-9205",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-01544",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "9a45265c-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-9205",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2014-9205",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-01544",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201503-211",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "9a45265c-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9a45265c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-091"
},
{
"db": "CNVD",
"id": "CNVD-2015-01544"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007997"
},
{
"db": "NVD",
"id": "CVE-2014-9205"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-211"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data. Authentication is not required to exploit this vulnerability.The program blindly copies attacker-supplied data into a fixed-sized buffer without validating the length of this data resulting in a stack buffer overflow. The specific flaw exists within the PmBase64Decode function which ignores the passed-in length of the destination buffer. An attacker can exploit this condition to achieve code execution under the context of the process. MICROSYS PROMOTIC is a SCADA software. Failed exploit attempts will result in a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9205"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007997"
},
{
"db": "ZDI",
"id": "ZDI-15-091"
},
{
"db": "CNVD",
"id": "CNVD-2015-01544"
},
{
"db": "BID",
"id": "72874"
},
{
"db": "IVD",
"id": "9a45265c-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9205",
"trust": 4.2
},
{
"db": "ZDI",
"id": "ZDI-15-091",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-15-062-01",
"trust": 2.7
},
{
"db": "BID",
"id": "72874",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2015-01544",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201503-211",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007997",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2543",
"trust": 0.7
},
{
"db": "IVD",
"id": "9A45265C-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9a45265c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-091"
},
{
"db": "CNVD",
"id": "CNVD-2015-01544"
},
{
"db": "BID",
"id": "72874"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007997"
},
{
"db": "NVD",
"id": "CVE-2014-9205"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-211"
}
]
},
"id": "VAR-201503-0332",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9a45265c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01544"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "9a45265c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01544"
}
]
},
"last_update_date": "2023-12-18T12:45:06.004000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PROMOTIC 8 system news",
"trust": 0.8,
"url": "http://www.promotic.eu/en/pmdoc/news.htm"
},
{
"title": "MICROSYS has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-062-01"
},
{
"title": "Patch for MICROSYS PROMOTIC Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/56082"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-091"
},
{
"db": "CNVD",
"id": "CNVD-2015-01544"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007997"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007997"
},
{
"db": "NVD",
"id": "CVE-2014-9205"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-062-01"
},
{
"trust": 2.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-091/"
},
{
"trust": 1.6,
"url": "http://www.promotic.eu/en/pmdoc/news.htm"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/72874"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9205"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9205"
},
{
"trust": 0.3,
"url": "http://www.promotic.eu/en/index.htm"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-091"
},
{
"db": "CNVD",
"id": "CNVD-2015-01544"
},
{
"db": "BID",
"id": "72874"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007997"
},
{
"db": "NVD",
"id": "CVE-2014-9205"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-211"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9a45265c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-091"
},
{
"db": "CNVD",
"id": "CNVD-2015-01544"
},
{
"db": "BID",
"id": "72874"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007997"
},
{
"db": "NVD",
"id": "CVE-2014-9205"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-211"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-11T00:00:00",
"db": "IVD",
"id": "9a45265c-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-03-12T00:00:00",
"db": "ZDI",
"id": "ZDI-15-091"
},
{
"date": "2015-03-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01544"
},
{
"date": "2015-03-03T00:00:00",
"db": "BID",
"id": "72874"
},
{
"date": "2015-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007997"
},
{
"date": "2015-03-29T10:59:02.727000",
"db": "NVD",
"id": "CVE-2014-9205"
},
{
"date": "2015-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-211"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-12T00:00:00",
"db": "ZDI",
"id": "ZDI-15-091"
},
{
"date": "2015-03-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01544"
},
{
"date": "2015-03-03T00:00:00",
"db": "BID",
"id": "72874"
},
{
"date": "2015-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007997"
},
{
"date": "2015-03-30T18:46:19.227000",
"db": "NVD",
"id": "CVE-2014-9205"
},
{
"date": "2015-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-211"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-211"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MICROSYS PROMOTIC Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "9a45265c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01544"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "9a45265c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-211"
}
],
"trust": 0.8
}
}
VAR-201305-0006
Vulnerability from variot - Updated: 2023-12-18 12:09Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors. PROMOTIC is a SCADA software. A directory traversal vulnerability exists in MICROSYS PROMOTIC. PROMOTIC is prone to multiple security vulnerabilities. Exploiting these issues may allow remote attackers to execute arbitrary code within the context of the affected application or disclose sensitive information. PROMOTIC 8.1.3 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201305-0006",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.5"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.9"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.6"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.7"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.1.0"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.1.3"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.1.2"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.1.1"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.8"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.1"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.2"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.11"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.0"
},
{
"model": "promotic",
"scope": "lte",
"trust": 1.0,
"vendor": "microsys",
"version": "8.1.4"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.10"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.4"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.12"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.13"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.3"
},
{
"model": "promotic",
"scope": "lt",
"trust": 0.8,
"vendor": "microsys",
"version": "8.1.5"
},
{
"model": "spol. s r.o. promotic",
"scope": "eq",
"trust": 0.6,
"vendor": "microsys",
"version": "8.1.4"
},
{
"model": "spol. s r.o. promotic",
"scope": "eq",
"trust": 0.6,
"vendor": "microsys",
"version": "8.1.3"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.6,
"vendor": "microsys",
"version": "8.1.4"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.3,
"vendor": "promotic",
"version": "8.1.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.1.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.1.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "ef3a1f72-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06169"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005230"
},
{
"db": "NVD",
"id": "CVE-2011-4518"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-482"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4518"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "50133"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-482"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4518",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-4518",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-06169",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ef3a1f72-2352-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4518",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-06169",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201205-482",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "ef3a1f72-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ef3a1f72-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06169"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005230"
},
{
"db": "NVD",
"id": "CVE-2011-4518"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-482"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors. PROMOTIC is a SCADA software. A directory traversal vulnerability exists in MICROSYS PROMOTIC. PROMOTIC is prone to multiple security vulnerabilities. \nExploiting these issues may allow remote attackers to execute arbitrary code within the context of the affected application or disclose sensitive information. \nPROMOTIC 8.1.3 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4518"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005230"
},
{
"db": "CNVD",
"id": "CNVD-2013-06169"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "IVD",
"id": "ef3a1f72-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4518",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-12-024-02",
"trust": 2.7
},
{
"db": "BID",
"id": "50133",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2013-06169",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201205-482",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005230",
"trust": 0.8
},
{
"db": "IVD",
"id": "EF3A1F72-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "ef3a1f72-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06169"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005230"
},
{
"db": "NVD",
"id": "CVE-2011-4518"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-482"
}
]
},
"id": "VAR-201305-0006",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ef3a1f72-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06169"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ef3a1f72-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06169"
}
]
},
"last_update_date": "2023-12-18T12:09:22.288000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Version 8.1.5 (from 28.11.2011) - stable version",
"trust": 0.8,
"url": "http://www.promotic.eu/en/pmdoc/news.htm#ver80105"
},
{
"title": "MICROSYS PROMOTIC directory traversal vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/34283"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-06169"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005230"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-005230"
},
{
"db": "NVD",
"id": "CVE-2011-4518"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.promotic.eu/en/pmdoc/news.htm#ver80105"
},
{
"trust": 2.4,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-12-024-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4518"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4518"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/50133"
},
{
"trust": 0.3,
"url": "http://www.promotic.eu/en/promotic/scada-pm.htm"
},
{
"trust": 0.3,
"url": "http://aluigi.altervista.org/adv/promotic_1-adv.txt"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-024-02.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-06169"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005230"
},
{
"db": "NVD",
"id": "CVE-2011-4518"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-482"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ef3a1f72-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06169"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005230"
},
{
"db": "NVD",
"id": "CVE-2011-4518"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-482"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-28T00:00:00",
"db": "IVD",
"id": "ef3a1f72-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-06169"
},
{
"date": "2011-10-14T00:00:00",
"db": "BID",
"id": "50133"
},
{
"date": "2013-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-005230"
},
{
"date": "2013-05-23T17:55:02.807000",
"db": "NVD",
"id": "CVE-2011-4518"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-482"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-06169"
},
{
"date": "2011-10-14T00:00:00",
"db": "BID",
"id": "50133"
},
{
"date": "2013-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-005230"
},
{
"date": "2013-06-03T04:00:00",
"db": "NVD",
"id": "CVE-2011-4518"
},
{
"date": "2013-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-482"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201205-482"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MICROSYS PROMOTIC Directory Traversal Vulnerability",
"sources": [
{
"db": "IVD",
"id": "ef3a1f72-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06169"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "ef3a1f72-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-482"
}
],
"trust": 0.8
}
}
VAR-201305-0007
Vulnerability from variot - Updated: 2023-12-18 12:09Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page. MICROSYS PROMOTIC is a SCADA software. PROMOTIC is prone to multiple security vulnerabilities. Exploiting these issues may allow remote attackers to execute arbitrary code within the context of the affected application or disclose sensitive information. PROMOTIC 8.1.3 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201305-0007",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.1"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.11"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.0"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.1.0"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.1.3"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.1.2"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.10"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.12"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.1.1"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.5"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.9"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.2"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.6"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.7"
},
{
"model": "promotic",
"scope": "lte",
"trust": 1.0,
"vendor": "microsys",
"version": "8.1.4"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.4"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.13"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.3"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.8"
},
{
"model": "promotic",
"scope": "lt",
"trust": 0.8,
"vendor": "microsys",
"version": "8.1.5"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.6,
"vendor": "promotic",
"version": "8.x"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.6,
"vendor": "microsys",
"version": "8.1.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.1.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.1.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "*"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.3,
"vendor": "promotic",
"version": "8.1.3"
}
],
"sources": [
{
"db": "IVD",
"id": "7d790d41-463f-11e9-9cea-000c29342cb1"
},
{
"db": "IVD",
"id": "ef3378f2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8766"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005231"
},
{
"db": "NVD",
"id": "CVE-2011-4519"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-483"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4519"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "50133"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-483"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4519",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-4519",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2012-8766",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "7d790d41-463f-11e9-9cea-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "ef3378f2-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4519",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2012-8766",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201205-483",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d790d41-463f-11e9-9cea-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "ef3378f2-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d790d41-463f-11e9-9cea-000c29342cb1"
},
{
"db": "IVD",
"id": "ef3378f2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8766"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005231"
},
{
"db": "NVD",
"id": "CVE-2011-4519"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-483"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page. MICROSYS PROMOTIC is a SCADA software. PROMOTIC is prone to multiple security vulnerabilities. \nExploiting these issues may allow remote attackers to execute arbitrary code within the context of the affected application or disclose sensitive information. \nPROMOTIC 8.1.3 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4519"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005231"
},
{
"db": "CNVD",
"id": "CNVD-2012-8766"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "IVD",
"id": "7d790d41-463f-11e9-9cea-000c29342cb1"
},
{
"db": "IVD",
"id": "ef3378f2-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4519",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-12-024-02",
"trust": 3.3
},
{
"db": "BID",
"id": "50133",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2012-8766",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201205-483",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005231",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D790D41-463F-11E9-9CEA-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "EF3378F2-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d790d41-463f-11e9-9cea-000c29342cb1"
},
{
"db": "IVD",
"id": "ef3378f2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8766"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005231"
},
{
"db": "NVD",
"id": "CVE-2011-4519"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-483"
}
]
},
"id": "VAR-201305-0007",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d790d41-463f-11e9-9cea-000c29342cb1"
},
{
"db": "IVD",
"id": "ef3378f2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8766"
}
],
"trust": 0.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d790d41-463f-11e9-9cea-000c29342cb1"
},
{
"db": "IVD",
"id": "ef3378f2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8766"
}
]
},
"last_update_date": "2023-12-18T12:09:22.249000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Version 8.1.5 (from 28.11.2011) - stable version",
"trust": 0.8,
"url": "http://www.promotic.eu/en/pmdoc/news.htm#ver80105"
},
{
"title": "MICROSYS PROMOTIC ActiveX Component Stack Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/34303"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-8766"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005231"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-005231"
},
{
"db": "NVD",
"id": "CVE-2011-4519"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-12-024-02"
},
{
"trust": 1.9,
"url": "http://www.promotic.eu/en/pmdoc/news.htm#ver80105"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4519"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4519"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/50133"
},
{
"trust": 0.3,
"url": "http://www.promotic.eu/en/promotic/scada-pm.htm"
},
{
"trust": 0.3,
"url": "http://aluigi.altervista.org/adv/promotic_1-adv.txt"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-024-02.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-8766"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005231"
},
{
"db": "NVD",
"id": "CVE-2011-4519"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-483"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d790d41-463f-11e9-9cea-000c29342cb1"
},
{
"db": "IVD",
"id": "ef3378f2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8766"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005231"
},
{
"db": "NVD",
"id": "CVE-2011-4519"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-483"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-28T00:00:00",
"db": "IVD",
"id": "7d790d41-463f-11e9-9cea-000c29342cb1"
},
{
"date": "2012-05-28T00:00:00",
"db": "IVD",
"id": "ef3378f2-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2012-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8766"
},
{
"date": "2011-10-14T00:00:00",
"db": "BID",
"id": "50133"
},
{
"date": "2013-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-005231"
},
{
"date": "2013-05-23T17:55:02.830000",
"db": "NVD",
"id": "CVE-2011-4519"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-483"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8766"
},
{
"date": "2011-10-14T00:00:00",
"db": "BID",
"id": "50133"
},
{
"date": "2013-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-005231"
},
{
"date": "2013-05-24T04:00:00",
"db": "NVD",
"id": "CVE-2011-4519"
},
{
"date": "2013-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-483"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201205-483"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MICROSYS PROMOTIC ActiveX Component Stack Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d790d41-463f-11e9-9cea-000c29342cb1"
},
{
"db": "IVD",
"id": "ef3378f2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8766"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "7d790d41-463f-11e9-9cea-000c29342cb1"
},
{
"db": "IVD",
"id": "ef3378f2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-483"
}
],
"trust": 1.0
}
}
VAR-201305-0005
Vulnerability from variot - Updated: 2023-12-18 12:09Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page. MICROSYS PROMOTIC is a SCADA software. PROMOTIC is prone to multiple security vulnerabilities. Exploiting these issues may allow remote attackers to execute arbitrary code within the context of the affected application or disclose sensitive information. PROMOTIC 8.1.3 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201305-0005",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.5"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.1"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.2"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.11"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.0"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.10"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.4"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.12"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.13"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.3"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.9"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.6"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.7"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.1.0"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.1.3"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.1.2"
},
{
"model": "promotic",
"scope": "lte",
"trust": 1.0,
"vendor": "microsys",
"version": "8.1.4"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.1.1"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.8"
},
{
"model": "promotic",
"scope": "lt",
"trust": 0.8,
"vendor": "microsys",
"version": "8.1.5"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.6,
"vendor": "promotic",
"version": "8.x"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.1.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.1.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "*"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.3,
"vendor": "promotic",
"version": "8.1.3"
}
],
"sources": [
{
"db": "IVD",
"id": "7d78e62e-463f-11e9-baca-000c29342cb1"
},
{
"db": "IVD",
"id": "ef2d245c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8765"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005232"
},
{
"db": "NVD",
"id": "CVE-2011-4520"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-484"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4520"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "50133"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-484"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4520",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-4520",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2012-8765",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d78e62e-463f-11e9-baca-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ef2d245c-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4520",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2012-8765",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201205-484",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d78e62e-463f-11e9-baca-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "ef2d245c-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2011-4520",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d78e62e-463f-11e9-baca-000c29342cb1"
},
{
"db": "IVD",
"id": "ef2d245c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8765"
},
{
"db": "VULMON",
"id": "CVE-2011-4520"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005232"
},
{
"db": "NVD",
"id": "CVE-2011-4520"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-484"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page. MICROSYS PROMOTIC is a SCADA software. PROMOTIC is prone to multiple security vulnerabilities. \nExploiting these issues may allow remote attackers to execute arbitrary code within the context of the affected application or disclose sensitive information. \nPROMOTIC 8.1.3 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4520"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005232"
},
{
"db": "CNVD",
"id": "CNVD-2012-8765"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "IVD",
"id": "7d78e62e-463f-11e9-baca-000c29342cb1"
},
{
"db": "IVD",
"id": "ef2d245c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2011-4520"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=18049",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-4520"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4520",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-024-02",
"trust": 3.4
},
{
"db": "BID",
"id": "50133",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2012-8765",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201205-484",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005232",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D78E62E-463F-11E9-BACA-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "EF2D245C-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "18049",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2011-4520",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d78e62e-463f-11e9-baca-000c29342cb1"
},
{
"db": "IVD",
"id": "ef2d245c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8765"
},
{
"db": "VULMON",
"id": "CVE-2011-4520"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005232"
},
{
"db": "NVD",
"id": "CVE-2011-4520"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-484"
}
]
},
"id": "VAR-201305-0005",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d78e62e-463f-11e9-baca-000c29342cb1"
},
{
"db": "IVD",
"id": "ef2d245c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8765"
}
],
"trust": 0.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d78e62e-463f-11e9-baca-000c29342cb1"
},
{
"db": "IVD",
"id": "ef2d245c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8765"
}
]
},
"last_update_date": "2023-12-18T12:09:22.208000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Version 8.1.5 (from 28.11.2011) - stable version",
"trust": 0.8,
"url": "http://www.promotic.eu/en/pmdoc/news.htm#ver80105"
},
{
"title": "MICROSYS PROMOTIC ActiveX Component Heap Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/34304"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-8765"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005232"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-005232"
},
{
"db": "NVD",
"id": "CVE-2011-4520"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-12-024-02"
},
{
"trust": 2.0,
"url": "http://www.promotic.eu/en/pmdoc/news.htm#ver80105"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4520"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4520"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/50133"
},
{
"trust": 0.3,
"url": "http://www.promotic.eu/en/promotic/scada-pm.htm"
},
{
"trust": 0.3,
"url": "http://aluigi.altervista.org/adv/promotic_1-adv.txt"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-024-02.pdf"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/18049/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-8765"
},
{
"db": "VULMON",
"id": "CVE-2011-4520"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005232"
},
{
"db": "NVD",
"id": "CVE-2011-4520"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-484"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d78e62e-463f-11e9-baca-000c29342cb1"
},
{
"db": "IVD",
"id": "ef2d245c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8765"
},
{
"db": "VULMON",
"id": "CVE-2011-4520"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005232"
},
{
"db": "NVD",
"id": "CVE-2011-4520"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-484"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-28T00:00:00",
"db": "IVD",
"id": "7d78e62e-463f-11e9-baca-000c29342cb1"
},
{
"date": "2012-05-28T00:00:00",
"db": "IVD",
"id": "ef2d245c-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2012-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8765"
},
{
"date": "2013-05-23T00:00:00",
"db": "VULMON",
"id": "CVE-2011-4520"
},
{
"date": "2011-10-14T00:00:00",
"db": "BID",
"id": "50133"
},
{
"date": "2013-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-005232"
},
{
"date": "2013-05-23T17:55:02.850000",
"db": "NVD",
"id": "CVE-2011-4520"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-484"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8765"
},
{
"date": "2013-05-24T00:00:00",
"db": "VULMON",
"id": "CVE-2011-4520"
},
{
"date": "2011-10-14T00:00:00",
"db": "BID",
"id": "50133"
},
{
"date": "2013-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-005232"
},
{
"date": "2013-05-24T04:00:00",
"db": "NVD",
"id": "CVE-2011-4520"
},
{
"date": "2013-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-484"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201205-484"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MICROSYS PROMOTIC ActiveX Component Heap Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d78e62e-463f-11e9-baca-000c29342cb1"
},
{
"db": "IVD",
"id": "ef2d245c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8765"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "7d78e62e-463f-11e9-baca-000c29342cb1"
},
{
"db": "IVD",
"id": "ef2d245c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-484"
}
],
"trust": 1.0
}
}
VAR-201110-0486
Vulnerability from variot - Updated: 2022-05-17 22:40PROMOTIC is a SCADA software. The input passed by PROMOTIC via the \"/webdir/\" URL is missing filtering before being used to read the file, and the directory traversal attack can read arbitrary files with application permissions. The \"SaveCfg()\" method of the PROMOTIC PmTrendViewer ActiveX control has a boundary error, and submitting a long string to the \"vCfg\" parameter triggers a stack-based buffer overflow. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: PROMOTIC Directory Traversal and ActiveX Control Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID: SA46430
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46430/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46430
RELEASE DATE: 2011-10-14
DISCUSS ADVISORY: http://secunia.com/advisories/46430/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46430/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46430
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Luigi Auriemma has discovered multiple vulnerabilities in PROMOTIC, which can be exploited by malicious people to disclose potentially sensitive information and compromise a user's system.
Successful exploitation of vulnerabilities #2 and #3 allows execution of arbitrary code.
The vulnerabilities are confirmed in version 8.1.3. Other versions may also be affected.
SOLUTION: Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma
ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/promotic_1-adv.txt
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201110-0486",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "spol. s r.o. promotic trendsview activex control",
"scope": "eq",
"trust": 2.4,
"vendor": "microsys",
"version": "1.x"
},
{
"model": "spol. s r.o. promotic",
"scope": "eq",
"trust": 1.8,
"vendor": "microsys",
"version": "8.x"
},
{
"model": "spol. s r.o. promotic",
"scope": "eq",
"trust": 0.6,
"vendor": "microsys",
"version": "8.x*"
}
],
"sources": [
{
"db": "IVD",
"id": "39c1e458-1f84-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "29bebf18-1f84-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "207052e6-1f84-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-4210"
},
{
"db": "CNVD",
"id": "CNVD-2011-4211"
},
{
"db": "CNVD",
"id": "CNVD-2011-4212"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Secunia",
"sources": [
{
"db": "PACKETSTORM",
"id": "105814"
}
],
"trust": 0.1
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "39c1e458-1f84-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
},
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "29bebf18-1f84-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
},
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "207052e6-1f84-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
}
],
"cvssV3": [],
"severity": [
{
"author": "IVD",
"id": "39c1e458-1f84-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "29bebf18-1f84-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "207052e6-1f84-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "39c1e458-1f84-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "29bebf18-1f84-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "207052e6-1f84-11e6-abef-000c29c66e3d"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PROMOTIC is a SCADA software. The input passed by PROMOTIC via the \\\"/webdir/\\\" URL is missing filtering before being used to read the file, and the directory traversal attack can read arbitrary files with application permissions. The \\\"SaveCfg()\\\" method of the PROMOTIC PmTrendViewer ActiveX control has a boundary error, and submitting a long string to the \\\"vCfg\\\" parameter triggers a stack-based buffer overflow. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nPROMOTIC Directory Traversal and ActiveX Control Buffer Overflow\nVulnerabilities\n\nSECUNIA ADVISORY ID:\nSA46430\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46430/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46430\n\nRELEASE DATE:\n2011-10-14\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46430/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46430/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46430\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nLuigi Auriemma has discovered multiple vulnerabilities in PROMOTIC,\nwhich can be exploited by malicious people to disclose potentially\nsensitive information and compromise a user\u0027s system. \n\nSuccessful exploitation of vulnerabilities #2 and #3 allows execution\nof arbitrary code. \n\nThe vulnerabilities are confirmed in version 8.1.3. Other versions\nmay also be affected. \n\nSOLUTION:\nRestrict access to trusted hosts only. \n\nPROVIDED AND/OR DISCOVERED BY:\nLuigi Auriemma\n\nORIGINAL ADVISORY:\nhttp://aluigi.altervista.org/adv/promotic_1-adv.txt\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-4210"
},
{
"db": "CNVD",
"id": "CNVD-2011-4211"
},
{
"db": "CNVD",
"id": "CNVD-2011-4212"
},
{
"db": "IVD",
"id": "39c1e458-1f84-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "29bebf18-1f84-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "207052e6-1f84-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "105814"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "46430",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2011-4210",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-4211",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-4212",
"trust": 0.8
},
{
"db": "IVD",
"id": "39C1E458-1F84-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "29BEBF18-1F84-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "207052E6-1F84-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "105814",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "39c1e458-1f84-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "29bebf18-1f84-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "207052e6-1f84-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-4210"
},
{
"db": "CNVD",
"id": "CNVD-2011-4211"
},
{
"db": "CNVD",
"id": "CNVD-2011-4212"
},
{
"db": "PACKETSTORM",
"id": "105814"
}
]
},
"id": "VAR-201110-0486",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "39c1e458-1f84-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "29bebf18-1f84-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "207052e6-1f84-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-4210"
},
{
"db": "CNVD",
"id": "CNVD-2011-4211"
},
{
"db": "CNVD",
"id": "CNVD-2011-4212"
}
],
"trust": 3.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 2.4
}
],
"sources": [
{
"db": "IVD",
"id": "39c1e458-1f84-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "29bebf18-1f84-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "207052e6-1f84-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-4210"
},
{
"db": "CNVD",
"id": "CNVD-2011-4211"
},
{
"db": "CNVD",
"id": "CNVD-2011-4212"
}
]
},
"last_update_date": "2022-05-17T22:40:14.541000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://secunia.com/advisories/46430/http"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46430/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46430"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://aluigi.altervista.org/adv/promotic_1-adv.txt"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46430/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-4210"
},
{
"db": "CNVD",
"id": "CNVD-2011-4211"
},
{
"db": "CNVD",
"id": "CNVD-2011-4212"
},
{
"db": "PACKETSTORM",
"id": "105814"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "39c1e458-1f84-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "29bebf18-1f84-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "207052e6-1f84-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-4210"
},
{
"db": "CNVD",
"id": "CNVD-2011-4211"
},
{
"db": "CNVD",
"id": "CNVD-2011-4212"
},
{
"db": "PACKETSTORM",
"id": "105814"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-17T00:00:00",
"db": "IVD",
"id": "39c1e458-1f84-11e6-abef-000c29c66e3d"
},
{
"date": "2011-10-17T00:00:00",
"db": "IVD",
"id": "29bebf18-1f84-11e6-abef-000c29c66e3d"
},
{
"date": "2011-10-17T00:00:00",
"db": "IVD",
"id": "207052e6-1f84-11e6-abef-000c29c66e3d"
},
{
"date": "2011-10-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4210"
},
{
"date": "2011-10-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4211"
},
{
"date": "2011-10-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4212"
},
{
"date": "2011-10-14T03:29:39",
"db": "PACKETSTORM",
"id": "105814"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4210"
},
{
"date": "2011-10-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4211"
},
{
"date": "2011-10-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4212"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PROMOTIC \u0027/webdir/\u0027 URL Directory Traversal Vulnerability",
"sources": [
{
"db": "IVD",
"id": "39c1e458-1f84-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-4210"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "29bebf18-1f84-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "207052e6-1f84-11e6-abef-000c29c66e3d"
}
],
"trust": 0.4
}
}
VAR-201408-0408
Vulnerability from variot - Updated: 2022-05-17 02:09MICROSYS PROMOTIC is a SCADA software. There are unexplained vulnerabilities in Microsys PROMOTIC and there are currently no detailed vulnerability descriptions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201408-0408",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "spol. s r.o. promotic",
"scope": null,
"trust": 0.6,
"vendor": "microsys",
"version": null
},
{
"model": "spol. s r.o. promotic",
"scope": "eq",
"trust": 0.2,
"vendor": "microsys",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "8e79f25a-1ec2-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05295"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-05295",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "8e79f25a-1ec2-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2014-05295",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "8e79f25a-1ec2-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8e79f25a-1ec2-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05295"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MICROSYS PROMOTIC is a SCADA software. There are unexplained vulnerabilities in Microsys PROMOTIC and there are currently no detailed vulnerability descriptions",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05295"
},
{
"db": "IVD",
"id": "8e79f25a-1ec2-11e6-abef-000c29c66e3d"
}
],
"trust": 0.72
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-05295",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "110480",
"trust": 0.6
},
{
"db": "IVD",
"id": "8E79F25A-1EC2-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "8e79f25a-1ec2-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05295"
}
]
},
"id": "VAR-201408-0408",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8e79f25a-1ec2-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05295"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "8e79f25a-1ec2-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05295"
}
]
},
"last_update_date": "2022-05-17T02:09:49.435000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://osvdb.com/show/osvdb/110480"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05295"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8e79f25a-1ec2-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-05295"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-29T00:00:00",
"db": "IVD",
"id": "8e79f25a-1ec2-11e6-abef-000c29c66e3d"
},
{
"date": "2014-08-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05295"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05295"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsys PROMOTIC has an unknown vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05295"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "8e79f25a-1ec2-11e6-abef-000c29c66e3d"
}
],
"trust": 0.2
}
}
CVE-2016-0869 (GCVE-0-2016-0869)
Vulnerability from nvd – Published: 2016-01-26 19:00 – Updated: 2024-08-05 22:30
VLAI
Summary
Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.promotic.eu/en/pmdoc/NewsPm803.htm#ver80311 | x_refsource_CONFIRM |
| https://ics-cert.us-cert.gov/advisories/ICSA-16-026-01 | x_refsource_MISC |
Date Public
2016-01-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:05.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.promotic.eu/en/pmdoc/NewsPm803.htm#ver80311"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-026-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-26T18:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.promotic.eu/en/pmdoc/NewsPm803.htm#ver80311"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-026-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-0869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.promotic.eu/en/pmdoc/NewsPm803.htm#ver80311",
"refsource": "CONFIRM",
"url": "http://www.promotic.eu/en/pmdoc/NewsPm803.htm#ver80311"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-026-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-026-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-0869",
"datePublished": "2016-01-26T19:00:00.000Z",
"dateReserved": "2015-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:30:05.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9205 (GCVE-0-2014-9205)
Vulnerability from nvd – Published: 2015-03-29 10:00 – Updated: 2024-08-06 13:40
VLAI
Summary
Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01 | x_refsource_MISC |
| http://www.promotic.eu/en/pmdoc/News.htm | x_refsource_CONFIRM |
| http://www.zerodayinitiative.com/advisories/ZDI-15-091/ | x_refsource_MISC |
Date Public
2015-03-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-091/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-29T02:57:00.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-091/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-9205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01"
},
{
"name": "http://www.promotic.eu/en/pmdoc/News.htm",
"refsource": "CONFIRM",
"url": "http://www.promotic.eu/en/pmdoc/News.htm"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-091/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-091/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-9205",
"datePublished": "2015-03-29T10:00:00.000Z",
"dateReserved": "2014-12-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:40:24.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4520 (GCVE-0-2011-4520)
Vulnerability from nvd – Published: 2013-05-23 17:00 – Updated: 2024-09-16 18:49
VLAI
Summary
Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.promotic.eu/en/pmdoc/News.htm#ver80105 | x_refsource_CONFIRM |
| http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-23T17:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105",
"refsource": "CONFIRM",
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4520",
"datePublished": "2013-05-23T17:00:00.000Z",
"dateReserved": "2011-11-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:49:04.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4519 (GCVE-0-2011-4519)
Vulnerability from nvd – Published: 2013-05-23 17:00 – Updated: 2024-09-16 17:34
VLAI
Summary
Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.promotic.eu/en/pmdoc/News.htm#ver80105 | x_refsource_CONFIRM |
| http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-23T17:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105",
"refsource": "CONFIRM",
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4519",
"datePublished": "2013-05-23T17:00:00.000Z",
"dateReserved": "2011-11-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:34:28.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4518 (GCVE-0-2011-4518)
Vulnerability from nvd – Published: 2013-05-23 17:00 – Updated: 2024-09-16 16:22
VLAI
Summary
Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.promotic.eu/en/pmdoc/News.htm#ver80105 | x_refsource_CONFIRM |
| http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-23T17:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105",
"refsource": "CONFIRM",
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4518",
"datePublished": "2013-05-23T17:00:00.000Z",
"dateReserved": "2011-11-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:22:34.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4874 (GCVE-0-2011-4874)
Vulnerability from nvd – Published: 2012-04-13 10:00 – Updated: 2024-08-07 00:16
VLAI
Summary
Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.promotic.eu/en/pmdoc/News.htm#ver80107 | x_refsource_CONFIRM |
| http://www.us-cert.gov/control_systems/pdf/ICSA-1… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/52988 | vdb-entryx_refsource_BID |
Date Public
2012-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:35.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdf"
},
{
"name": "promotic-project-file-code-exec(74846)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74846"
},
{
"name": "52988",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52988"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdf"
},
{
"name": "promotic-project-file-code-exec(74846)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74846"
},
{
"name": "52988",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52988"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.promotic.eu/en/pmdoc/News.htm#ver80107",
"refsource": "CONFIRM",
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80107"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdf"
},
{
"name": "promotic-project-file-code-exec(74846)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74846"
},
{
"name": "52988",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52988"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4874",
"datePublished": "2012-04-13T10:00:00.000Z",
"dateReserved": "2011-12-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:16:35.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-1173 (GCVE-0-2000-1173)
Vulnerability from nvd – Published: 2000-12-19 05:00 – Updated: 2024-08-08 05:45
VLAI
Summary
Microsys CyberPatrol uses weak encryption (trivial encoding) for credit card numbers and uses no encryption for the remainder of the information during registration, which could allow attackers to sniff network traffic and obtain this sensitive information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/1977 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
Date Public
2000-11-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:37.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1977",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1977"
},
{
"name": "20001122 CyberPatrol - poor credit card protection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0323.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-11-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Microsys CyberPatrol uses weak encryption (trivial encoding) for credit card numbers and uses no encryption for the remainder of the information during registration, which could allow attackers to sniff network traffic and obtain this sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1977",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1977"
},
{
"name": "20001122 CyberPatrol - poor credit card protection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0323.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsys CyberPatrol uses weak encryption (trivial encoding) for credit card numbers and uses no encryption for the remainder of the information during registration, which could allow attackers to sniff network traffic and obtain this sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1977",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1977"
},
{
"name": "20001122 CyberPatrol - poor credit card protection",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0323.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1173",
"datePublished": "2000-12-19T05:00:00.000Z",
"dateReserved": "2000-12-14T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:45:37.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0869 (GCVE-0-2016-0869)
Vulnerability from cvelistv5 – Published: 2016-01-26 19:00 – Updated: 2024-08-05 22:30
VLAI
Summary
Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.promotic.eu/en/pmdoc/NewsPm803.htm#ver80311 | x_refsource_CONFIRM |
| https://ics-cert.us-cert.gov/advisories/ICSA-16-026-01 | x_refsource_MISC |
Date Public
2016-01-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:05.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.promotic.eu/en/pmdoc/NewsPm803.htm#ver80311"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-026-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-26T18:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.promotic.eu/en/pmdoc/NewsPm803.htm#ver80311"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-026-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-0869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.promotic.eu/en/pmdoc/NewsPm803.htm#ver80311",
"refsource": "CONFIRM",
"url": "http://www.promotic.eu/en/pmdoc/NewsPm803.htm#ver80311"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-026-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-026-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-0869",
"datePublished": "2016-01-26T19:00:00.000Z",
"dateReserved": "2015-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:30:05.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9205 (GCVE-0-2014-9205)
Vulnerability from cvelistv5 – Published: 2015-03-29 10:00 – Updated: 2024-08-06 13:40
VLAI
Summary
Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01 | x_refsource_MISC |
| http://www.promotic.eu/en/pmdoc/News.htm | x_refsource_CONFIRM |
| http://www.zerodayinitiative.com/advisories/ZDI-15-091/ | x_refsource_MISC |
Date Public
2015-03-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-091/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-29T02:57:00.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-091/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-9205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01"
},
{
"name": "http://www.promotic.eu/en/pmdoc/News.htm",
"refsource": "CONFIRM",
"url": "http://www.promotic.eu/en/pmdoc/News.htm"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-091/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-091/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-9205",
"datePublished": "2015-03-29T10:00:00.000Z",
"dateReserved": "2014-12-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:40:24.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4519 (GCVE-0-2011-4519)
Vulnerability from cvelistv5 – Published: 2013-05-23 17:00 – Updated: 2024-09-16 17:34
VLAI
Summary
Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.promotic.eu/en/pmdoc/News.htm#ver80105 | x_refsource_CONFIRM |
| http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-23T17:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105",
"refsource": "CONFIRM",
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4519",
"datePublished": "2013-05-23T17:00:00.000Z",
"dateReserved": "2011-11-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:34:28.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4520 (GCVE-0-2011-4520)
Vulnerability from cvelistv5 – Published: 2013-05-23 17:00 – Updated: 2024-09-16 18:49
VLAI
Summary
Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.promotic.eu/en/pmdoc/News.htm#ver80105 | x_refsource_CONFIRM |
| http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-23T17:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105",
"refsource": "CONFIRM",
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4520",
"datePublished": "2013-05-23T17:00:00.000Z",
"dateReserved": "2011-11-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:49:04.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4518 (GCVE-0-2011-4518)
Vulnerability from cvelistv5 – Published: 2013-05-23 17:00 – Updated: 2024-09-16 16:22
VLAI
Summary
Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.promotic.eu/en/pmdoc/News.htm#ver80105 | x_refsource_CONFIRM |
| http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-23T17:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105",
"refsource": "CONFIRM",
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4518",
"datePublished": "2013-05-23T17:00:00.000Z",
"dateReserved": "2011-11-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:22:34.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4874 (GCVE-0-2011-4874)
Vulnerability from cvelistv5 – Published: 2012-04-13 10:00 – Updated: 2024-08-07 00:16
VLAI
Summary
Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.promotic.eu/en/pmdoc/News.htm#ver80107 | x_refsource_CONFIRM |
| http://www.us-cert.gov/control_systems/pdf/ICSA-1… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/52988 | vdb-entryx_refsource_BID |
Date Public
2012-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:35.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdf"
},
{
"name": "promotic-project-file-code-exec(74846)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74846"
},
{
"name": "52988",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52988"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdf"
},
{
"name": "promotic-project-file-code-exec(74846)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74846"
},
{
"name": "52988",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52988"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.promotic.eu/en/pmdoc/News.htm#ver80107",
"refsource": "CONFIRM",
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80107"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdf"
},
{
"name": "promotic-project-file-code-exec(74846)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74846"
},
{
"name": "52988",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52988"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4874",
"datePublished": "2012-04-13T10:00:00.000Z",
"dateReserved": "2011-12-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:16:35.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-1173 (GCVE-0-2000-1173)
Vulnerability from cvelistv5 – Published: 2000-12-19 05:00 – Updated: 2024-08-08 05:45
VLAI
Summary
Microsys CyberPatrol uses weak encryption (trivial encoding) for credit card numbers and uses no encryption for the remainder of the information during registration, which could allow attackers to sniff network traffic and obtain this sensitive information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/1977 | vdb-entryx_refsource_BID |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
Date Public
2000-11-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:37.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1977",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1977"
},
{
"name": "20001122 CyberPatrol - poor credit card protection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0323.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-11-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Microsys CyberPatrol uses weak encryption (trivial encoding) for credit card numbers and uses no encryption for the remainder of the information during registration, which could allow attackers to sniff network traffic and obtain this sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1977",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1977"
},
{
"name": "20001122 CyberPatrol - poor credit card protection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0323.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsys CyberPatrol uses weak encryption (trivial encoding) for credit card numbers and uses no encryption for the remainder of the information during registration, which could allow attackers to sniff network traffic and obtain this sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1977",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1977"
},
{
"name": "20001122 CyberPatrol - poor credit card protection",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0323.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1173",
"datePublished": "2000-12-19T05:00:00.000Z",
"dateReserved": "2000-12-14T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:45:37.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}