cvelistv5 - CVE-2018-16059

CVE-2018-16059

Vulnerability from cvelistv5

Published

2018-09-07 22:00

Modified

2024-08-05 10:10

Severity ?

Summary

Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter.

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/107416
cve@mitre.org	https://cert.vde.com/en-us/advisories/vde-2019-002
cve@mitre.org	https://ics-cert.us-cert.gov/advisories/ICSA-19-073-03
cve@mitre.org	https://www.exploit-db.com/exploits/45342/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/107416
af854a3a-2127-422b-91ae-364da2661108	https://cert.vde.com/en-us/advisories/vde-2019-002
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-19-073-03
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/45342/	Exploit, Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:10:05.948Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "107416",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107416"
          },
          {
            "name": "45342",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45342/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-073-03"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2019-002"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-09-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-20T13:44:13",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "107416",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107416"
        },
        {
          "name": "45342",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45342/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-073-03"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2019-002"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-16059",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "107416",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107416"
            },
            {
              "name": "45342",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45342/"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-073-03",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-073-03"
            },
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2019-002",
              "refsource": "MISC",
              "url": "https://cert.vde.com/en-us/advisories/vde-2019-002"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-16059",
    "datePublished": "2018-09-07T22:00:00",
    "dateReserved": "2018-08-28T00:00:00",
    "dateUpdated": "2024-08-05T10:10:05.948Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-16059\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-09-07T22:29:01.743\",\"lastModified\":\"2024-11-21T03:52:01.173\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter.\"},{\"lang\":\"es\",\"value\":\"Los dispositivos Endress+Hauser WirelessHART Fieldgate SWG70 3.x permiten el salto de directorio mediante el par\u00e1metro filename en fcgi-bin/wgsetcgi.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:endress:wirelesshart_fieldgate_swg70_firmware:3.00.07:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10145BE6-0488-45AA-8589-40E5C3E2A7D5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:endress:wirelesshart_fieldgate_swg70:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CC03E7A-52BB-417E-8AA9-85B47EF6CA6B\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/107416\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://cert.vde.com/en-us/advisories/vde-2019-002\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-19-073-03\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/45342/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/107416\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert.vde.com/en-us/advisories/vde-2019-002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-19-073-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/45342/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

fkie_cve-2018-16059

Vulnerability from fkie_nvd

Published

2018-09-07 22:29

Modified

2024-11-21 03:52

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter.

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/107416
cve@mitre.org	https://cert.vde.com/en-us/advisories/vde-2019-002
cve@mitre.org	https://ics-cert.us-cert.gov/advisories/ICSA-19-073-03
cve@mitre.org	https://www.exploit-db.com/exploits/45342/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/107416
af854a3a-2127-422b-91ae-364da2661108	https://cert.vde.com/en-us/advisories/vde-2019-002
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-19-073-03
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/45342/	Exploit, Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	endress	wirelesshart_fieldgate_swg70_firmware	3.00.07
	endress	wirelesshart_fieldgate_swg70	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:endress:wirelesshart_fieldgate_swg70_firmware:3.00.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "10145BE6-0488-45AA-8589-40E5C3E2A7D5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:endress:wirelesshart_fieldgate_swg70:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CC03E7A-52BB-417E-8AA9-85B47EF6CA6B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter."
    },
    {
      "lang": "es",
      "value": "Los dispositivos Endress+Hauser WirelessHART Fieldgate SWG70 3.x permiten el salto de directorio mediante el par\u00e1metro filename en fcgi-bin/wgsetcgi."
    }
  ],
  "id": "CVE-2018-16059",
  "lastModified": "2024-11-21T03:52:01.173",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-09-07T22:29:01.743",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/107416"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://cert.vde.com/en-us/advisories/vde-2019-002"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-073-03"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/45342/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/107416"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert.vde.com/en-us/advisories/vde-2019-002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-073-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/45342/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2018-16059

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter.

Aliases

CVE-2018-16059

Aliases

CVE-2018-16059

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-16059",
    "description": "Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter.",
    "id": "GSD-2018-16059"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-16059"
      ],
      "details": "Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter.",
      "id": "GSD-2018-16059",
      "modified": "2023-12-13T01:22:25.953260Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2018-16059",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "107416",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/107416"
          },
          {
            "name": "45342",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/45342/"
          },
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-073-03",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-073-03"
          },
          {
            "name": "https://cert.vde.com/en-us/advisories/vde-2019-002",
            "refsource": "MISC",
            "url": "https://cert.vde.com/en-us/advisories/vde-2019-002"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:endress:wirelesshart_fieldgate_swg70_firmware:3.00.07:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:endress:wirelesshart_fieldgate_swg70:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-16059"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "45342",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/45342/"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-073-03",
              "refsource": "MISC",
              "tags": [],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-073-03"
            },
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2019-002",
              "refsource": "MISC",
              "tags": [],
              "url": "https://cert.vde.com/en-us/advisories/vde-2019-002"
            },
            {
              "name": "107416",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/107416"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2019-03-21T16:00Z",
      "publishedDate": "2018-09-07T22:29Z"
    }
  }
}

icsa-19-073-03

Vulnerability from csaf_cisa

Published

2019-03-14 00:00

Modified

2019-03-14 00:00

Summary

PEPPERL+FUCHS WirelessHART-Gateways

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of this vulnerability could allow access to files and restricted directories stored on the device through the manipulation of file parameters.

Critical infrastructure sectors

Critical Manufacturing, Information Technology

Countries/areas deployed

Worldwide

Company headquarters location

Germany

Recommended Practices

NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "PEPPERL+FUCHS",
        "summary": "reporting this vulnerability to CERT@VDE"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability could allow access to files and restricted directories stored on the device through the manipulation of file parameters.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing, Information Technology",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-073-03 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-073-03.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-073-03 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-073-03"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "PEPPERL+FUCHS WirelessHART-Gateways",
    "tracking": {
      "current_release_date": "2019-03-14T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-19-073-03",
      "initial_release_date": "2019-03-14T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2019-03-14T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-19-073-03 PEPPERL+FUCHS WirelessHART-Gateways"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vers:all/*",
                "product": {
                  "name": "WHA-GW-*: All products",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "WHA-GW-*"
          }
        ],
        "category": "vendor",
        "name": "PEPPERL+FUCHS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-16059",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A path traversal vulnerability has been identified, which may allow unauthorized disclosure of information.CVE-2018-16059 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16059"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "PEPPERL+FUCHS reports that affected users with WHA-GW-*-ETH devices should upgrade to firmware Version 03.00.08. Affected users with WHA-GW-*-ETH.EIP devices should upgrade to firmware Version 02.00.01.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information, please see the advisory CERT@VDE wrote for PEPPERL+FUCHS.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2019-002"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

ICSA-19-073-03

Vulnerability from csaf_cisa

Published

2019-03-14 00:00

Modified

2019-03-14 00:00

Summary

PEPPERL+FUCHS WirelessHART-Gateways

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

Risk evaluation

Successful exploitation of this vulnerability could allow access to files and restricted directories stored on the device through the manipulation of file parameters.

Critical infrastructure sectors

Critical Manufacturing, Information Technology

Countries/areas deployed

Worldwide

Company headquarters location

Germany

Recommended Practices

NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "PEPPERL+FUCHS",
        "summary": "reporting this vulnerability to CERT@VDE"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability could allow access to files and restricted directories stored on the device through the manipulation of file parameters.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing, Information Technology",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-073-03 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-073-03.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-073-03 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-073-03"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "PEPPERL+FUCHS WirelessHART-Gateways",
    "tracking": {
      "current_release_date": "2019-03-14T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-19-073-03",
      "initial_release_date": "2019-03-14T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2019-03-14T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-19-073-03 PEPPERL+FUCHS WirelessHART-Gateways"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vers:all/*",
                "product": {
                  "name": "WHA-GW-*: All products",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "WHA-GW-*"
          }
        ],
        "category": "vendor",
        "name": "PEPPERL+FUCHS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-16059",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A path traversal vulnerability has been identified, which may allow unauthorized disclosure of information.CVE-2018-16059 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16059"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "PEPPERL+FUCHS reports that affected users with WHA-GW-*-ETH devices should upgrade to firmware Version 03.00.08. Affected users with WHA-GW-*-ETH.EIP devices should upgrade to firmware Version 02.00.01.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information, please see the advisory CERT@VDE wrote for PEPPERL+FUCHS.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2019-002"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

var-201809-0956

Vulnerability from variot

Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter. Endress+Hauser WirelessHART Fieldgate SWG70 The device contains a path traversal vulnerability.Information may be obtained. Multiple PEPPERL+FUCHS products are prone to a directory-traversal vulnerability. Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve sensitive information. This may aid in further attacks. The following products and versions are affected: WirelessHART Gateway WHA-GW-F2D2-0-AS-Z2-ETH 03.00.08 WirelessHART Gateway WHA-GW-F2D2-0-AS-Z2-ETH.EIP 02.00.01. The Endress+Hauser WirelessHART Fieldgate SWG70 is an Ethernet gateway device. An attacker could exploit this vulnerability to view arbitrary files on the system

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0956",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wirelesshart fieldgate swg70",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "endress",
        "version": "3.00.07"
      },
      {
        "model": "wirelesshart fieldgate swg70",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "endless hauser",
        "version": "3.x"
      },
      {
        "model": "wha-gw-f2d2-0-as-z2-eth.eip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pepperl fuchs",
        "version": "0"
      },
      {
        "model": "wha-gw-f2d2-0-as-z2-eth",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pepperl fuchs",
        "version": "0"
      },
      {
        "model": "wha-gw-f2d2-0-as-z2-eth.eip",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "pepperl fuchs",
        "version": "02.00.01"
      },
      {
        "model": "wha-gw-f2d2-0-as-z2-eth",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "pepperl fuchs",
        "version": "03.00.08"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "107416"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009929"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-375"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16059"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:endress%2Bhauser:wirelesshart_fieldgate_swg70_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009929"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PEPPERL+FUCHS reported this vulnerability to CERT@VDE,The vendor reported this issue.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-375"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2018-16059",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-16059",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-126380",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-16059",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-16059",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-16059",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201809-375",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-126380",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-16059",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126380"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-16059"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009929"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-375"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16059"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter. Endress+Hauser WirelessHART Fieldgate SWG70 The device contains a path traversal vulnerability.Information may be obtained. Multiple PEPPERL+FUCHS products are prone to a directory-traversal vulnerability. \nRemote attackers may use a specially crafted request with directory-traversal sequences (\u0027../\u0027) to retrieve sensitive information. This may aid in further attacks. \nThe following products and versions are affected:\nWirelessHART Gateway WHA-GW-F2D2-0-AS-Z2-ETH 03.00.08\nWirelessHART Gateway WHA-GW-F2D2-0-AS-Z2-ETH.EIP 02.00.01. The Endress+Hauser WirelessHART Fieldgate SWG70 is an Ethernet gateway device. An attacker could exploit this vulnerability to view arbitrary files on the system",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-16059"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009929"
      },
      {
        "db": "BID",
        "id": "107416"
      },
      {
        "db": "VULHUB",
        "id": "VHN-126380"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-16059"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-126380",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=45342",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126380"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-16059"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-16059",
        "trust": 2.9
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-19-073-03",
        "trust": 2.9
      },
      {
        "db": "EXPLOIT-DB",
        "id": "45342",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "107416",
        "trust": 2.1
      },
      {
        "db": "CERT@VDE",
        "id": "VDE-2019-002",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009929",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-375",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0847",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-126380",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-16059",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126380"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-16059"
      },
      {
        "db": "BID",
        "id": "107416"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009929"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-375"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16059"
      }
    ]
  },
  "id": "VAR-201809-0956",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126380"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:06:36.573000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "WirelessHART \u30d5\u30a3\u30fc\u30eb\u30c9\u30b2\u30fc\u30c8 SWG70",
        "trust": 0.8,
        "url": "https://www.jp.endress.com/ja/Field-instruments-overview/System-Components-Recorder-Data-Manager/wirelesshart-gateway-fieldgate-swg70?highlight=SWG70"
      },
      {
        "title": "Kenzer Templates [5170] [DEPRECATED]",
        "trust": 0.1,
        "url": "https://github.com/ARPSyndicate/kenzer-templates "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-16059"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009929"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126380"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009929"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16059"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.5,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-073-03"
      },
      {
        "trust": 2.7,
        "url": "https://www.exploit-db.com/exploits/45342/"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/107416"
      },
      {
        "trust": 1.8,
        "url": "https://cert.vde.com/en-us/advisories/vde-2019-002"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16059"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16059"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/77218"
      },
      {
        "trust": 0.3,
        "url": "https://www.pepperl-fuchs.com/global/en/index.htm"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/22.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/arpsyndicate/kenzer-templates"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126380"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-16059"
      },
      {
        "db": "BID",
        "id": "107416"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009929"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-375"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16059"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-126380"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-16059"
      },
      {
        "db": "BID",
        "id": "107416"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009929"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-375"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16059"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-126380"
      },
      {
        "date": "2018-09-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-16059"
      },
      {
        "date": "2019-03-14T00:00:00",
        "db": "BID",
        "id": "107416"
      },
      {
        "date": "2018-11-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-009929"
      },
      {
        "date": "2018-09-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-375"
      },
      {
        "date": "2018-09-07T22:29:01.743000",
        "db": "NVD",
        "id": "CVE-2018-16059"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-03-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-126380"
      },
      {
        "date": "2019-03-21T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-16059"
      },
      {
        "date": "2019-03-14T00:00:00",
        "db": "BID",
        "id": "107416"
      },
      {
        "date": "2019-03-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-009929"
      },
      {
        "date": "2019-03-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-375"
      },
      {
        "date": "2024-11-21T03:52:01.173000",
        "db": "NVD",
        "id": "CVE-2018-16059"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-375"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Endress+Hauser WirelessHART Fieldgate SWG70 Path traversal vulnerability in devices",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009929"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "path traversal",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-375"
      }
    ],
    "trust": 0.6
  }
}

ghsa-f7v2-j977-j9v3

Vulnerability from github

Published

2022-05-14 01:18

Modified

2022-05-14 01:18

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-16059"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-07T22:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter.",
  "id": "GHSA-f7v2-j977-j9v3",
  "modified": "2022-05-14T01:18:25Z",
  "published": "2022-05-14T01:18:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16059"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en-us/advisories/vde-2019-002"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-073-03"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/45342"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/107416"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-16059

Vulnerability from cvelistv5

fkie_cve-2018-16059

Vulnerability from fkie_nvd

gsd-2018-16059

Vulnerability from gsd

icsa-19-073-03

Vulnerability from csaf_cisa

ICSA-19-073-03

Vulnerability from csaf_cisa

var-201809-0956

Vulnerability from variot

ghsa-f7v2-j977-j9v3

Vulnerability from github

Tags

Sightings

Nomenclature