cvelistv5 - cve-2013-2796

cve-2013-2796

Vulnerability from cvelistv5

Published

2013-08-09 23:00

Modified

2024-09-16 18:13

Severity ?

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02	US Government Resource
ics-cert@hq.dhs.gov	http://www.citect.schneider-electric.com/cs-HF720SP459363	Patch
af854a3a-2127-422b-91ae-364da2661108	http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.citect.schneider-electric.com/cs-HF720SP459363	Patch

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:52:21.382Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.citect.schneider-electric.com/cs-HF720SP459363"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-08-09T23:00:00Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.citect.schneider-electric.com/cs-HF720SP459363"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2013-2796",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.citect.schneider-electric.com/cs-HF720SP459363",
              "refsource": "CONFIRM",
              "url": "http://www.citect.schneider-electric.com/cs-HF720SP459363"
            },
            {
              "name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02",
              "refsource": "MISC",
              "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2013-2796",
    "datePublished": "2013-08-09T23:00:00Z",
    "dateReserved": "2013-04-11T00:00:00Z",
    "dateUpdated": "2024-09-16T18:13:41.217Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-2796\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2013-08-09T23:55:02.537\",\"lastModified\":\"2024-11-21T01:52:23.007\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.\"},{\"lang\":\"es\",\"value\":\"Schneider Electric Vijeo Citect v7.20 y anteriores, CitectSCADA v7.20 y anteriores, y PowerLogic SCADA v7.20 y anteriores, permite a atacantes remotos leer ficheros, enviar peticiones HTTP a servidores intranet, o causar una denegaci\u00f3n del servicio (consumo de CPU y memoria) a trav\u00e9s de fichero XML que contiene una declaraci\u00f3n de entidad externa, junto con una referencia de entidad, en relaci\u00f3n con un fallo en XML External Entity (XXE).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:citectscada:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.20\",\"matchCriteriaId\":\"3F38EF72-DCCB-47DE-AF76-73A78D9F069A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:citectscada:7.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E87F308E-8874-40CD-BB46-9CD955AEE26E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:powerlogic_scada:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.20\",\"matchCriteriaId\":\"692487FE-D5CC-4289-8C4B-26C30C12BB08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:powerlogic_scada:7.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"227FA3FF-F09B-4891-9B90-37563E1A579C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:vijeo_citect:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.20\",\"matchCriteriaId\":\"261173CE-D744-4427-ABCB-AD9BA9CCCF25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:vijeo_citect:7.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"281F678E-1B21-4EFD-A9F6-016FCECF1DA0\"}]}]}],\"references\":[{\"url\":\"http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.citect.schneider-electric.com/cs-HF720SP459363\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Patch\"]},{\"url\":\"http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.citect.schneider-electric.com/cs-HF720SP459363\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}],\"evaluatorComment\":\"Per: http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02\\n\\n\\\"This vulnerability is not exploitable remotely.\\\"\"}}"
  }
}

gsd-2013-2796

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2013-2796

Aliases

CVE-2013-2796

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-2796",
    "description": "Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",
    "id": "GSD-2013-2796"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-2796"
      ],
      "details": "Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",
      "id": "GSD-2013-2796",
      "modified": "2023-12-13T01:22:17.962586Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2013-2796",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.citect.schneider-electric.com/cs-HF720SP459363",
            "refsource": "CONFIRM",
            "url": "http://www.citect.schneider-electric.com/cs-HF720SP459363"
          },
          {
            "name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02",
            "refsource": "MISC",
            "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:powerlogic_scada:7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:vijeo_citect:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.20",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:vijeo_citect:7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:citectscada:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.20",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:powerlogic_scada:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.20",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:citectscada:7.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2013-2796"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02",
              "refsource": "MISC",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02"
            },
            {
              "name": "http://www.citect.schneider-electric.com/cs-HF720SP459363",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.citect.schneider-electric.com/cs-HF720SP459363"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-08-12T20:21Z",
      "publishedDate": "2013-08-09T23:55Z"
    }
  }
}

ghsa-fxqp-5cfq-qj7q

Vulnerability from github

Published

2022-05-17 05:06

Modified

2022-05-17 05:06

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-2796"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-08-09T23:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.",
  "id": "GHSA-fxqp-5cfq-qj7q",
  "modified": "2022-05-17T05:06:53Z",
  "published": "2022-05-17T05:06:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2796"
    },
    {
      "type": "WEB",
      "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02"
    },
    {
      "type": "WEB",
      "url": "http://www.citect.schneider-electric.com/cs-HF720SP459363"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2013-2796

Vulnerability from fkie_nvd

Published

2013-08-09 23:55

Modified

2024-11-21 01:52

Severity ?

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02	US Government Resource
ics-cert@hq.dhs.gov	http://www.citect.schneider-electric.com/cs-HF720SP459363	Patch
af854a3a-2127-422b-91ae-364da2661108	http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.citect.schneider-electric.com/cs-HF720SP459363	Patch

Impacted products

Vendor	Product	Version
schneider-electric	citectscada	*
schneider-electric	citectscada	7.10
schneider-electric	powerlogic_scada	*
schneider-electric	powerlogic_scada	7.10
schneider-electric	vijeo_citect	*
schneider-electric	vijeo_citect	7.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:citectscada:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F38EF72-DCCB-47DE-AF76-73A78D9F069A",
              "versionEndIncluding": "7.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:citectscada:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E87F308E-8874-40CD-BB46-9CD955AEE26E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:powerlogic_scada:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "692487FE-D5CC-4289-8C4B-26C30C12BB08",
              "versionEndIncluding": "7.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:powerlogic_scada:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "227FA3FF-F09B-4891-9B90-37563E1A579C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:vijeo_citect:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "261173CE-D744-4427-ABCB-AD9BA9CCCF25",
              "versionEndIncluding": "7.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:vijeo_citect:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "281F678E-1B21-4EFD-A9F6-016FCECF1DA0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
    },
    {
      "lang": "es",
      "value": "Schneider Electric Vijeo Citect v7.20 y anteriores, CitectSCADA v7.20 y anteriores, y PowerLogic SCADA v7.20 y anteriores, permite a atacantes remotos leer ficheros, enviar peticiones HTTP a servidores intranet, o causar una denegaci\u00f3n del servicio (consumo de CPU y memoria) a trav\u00e9s de fichero XML que contiene una declaraci\u00f3n de entidad externa, junto con una referencia de entidad, en relaci\u00f3n con un fallo en XML External Entity (XXE)."
    }
  ],
  "evaluatorComment": "Per: http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02\n\n\"This vulnerability is not exploitable remotely.\"",
  "id": "CVE-2013-2796",
  "lastModified": "2024-11-21T01:52:23.007",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-08-09T23:55:02.537",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Patch"
      ],
      "url": "http://www.citect.schneider-electric.com/cs-HF720SP459363"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.citect.schneider-electric.com/cs-HF720SP459363"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Multiple Schneider Electric products have security vulnerabilities that allow attackers to exploit vulnerabilities to obtain sensitive information or to perform denial of service attacks. Vulnerability-related errors with XML external entity references allow an attacker to submit specially crafted XML data that specifically references external resources, obtain sensitive information from local resources, or perform denial of service attacks. A remote attacker can exploit a vulnerability to gain sensitive information or perform a denial of service attack. Multiple Schneider Electric products are prone to an information-disclosure vulnerability. The following products are affected: Vijeo Citect 7.20 and prior CitectSCADA 7.20 and prior PowerLogic SCADA 7.20 and prior. Schneider Electric Vijeo Citect, CitectSCADA, and PowerLogic SCADA are software from Schneider Electric, France, that provide monitoring and control functions in supervisory control and data acquisition systems (SCADA)

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201308-0167",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "citectscada",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "schneider electric",
        "version": "7.20"
      },
      {
        "model": "powerlogic scada",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "schneider electric",
        "version": "7.20"
      },
      {
        "model": "vijeo citect",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "schneider electric",
        "version": "7.20"
      },
      {
        "model": "powerlogic scada",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "schneider electric",
        "version": "7.10"
      },
      {
        "model": "vijeo citect",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "schneider electric",
        "version": "7.10"
      },
      {
        "model": "citectscada",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "schneider electric",
        "version": "7.10"
      },
      {
        "model": "electric vijeo citect",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "schneider",
        "version": "7.20"
      },
      {
        "model": "electric citectscada",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "7.20"
      },
      {
        "model": "electric powerlogic scada",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "7.20"
      },
      {
        "model": "powerlogic scada",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider electric",
        "version": "7.20"
      },
      {
        "model": "vijeo citect",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider electric",
        "version": "7.20"
      },
      {
        "model": "citectscada",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider electric",
        "version": "7.20"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "citectscada",
        "version": "7.10"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "citectscada",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "powerlogic scada",
        "version": "7.10"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "powerlogic scada",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "vijeo citect",
        "version": "7.10"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "vijeo citect",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "c95a4b10-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11763"
      },
      {
        "db": "BID",
        "id": "61598"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003715"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-141"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-2796"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:schneider_electric:citectscada",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:schneider_electric:powerlogic_scada",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:schneider_electric:vijeo_citect",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003715"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Timur Yunusov, Alexey Osipov and Ilya Karpov of Positive Technologies",
    "sources": [
      {
        "db": "BID",
        "id": "61598"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-2796",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "CVE-2013-2796",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "CNVD-2013-11763",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "c95a4b10-2352-11e6-abef-000c29c66e3d",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "VHN-62798",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2013-2796",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2013-2796",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2013-11763",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201308-141",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "c95a4b10-2352-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-62798",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "c95a4b10-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11763"
      },
      {
        "db": "VULHUB",
        "id": "VHN-62798"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003715"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-141"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-2796"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. Multiple Schneider Electric products have security vulnerabilities that allow attackers to exploit vulnerabilities to obtain sensitive information or to perform denial of service attacks. Vulnerability-related errors with XML external entity references allow an attacker to submit specially crafted XML data that specifically references external resources, obtain sensitive information from local resources, or perform denial of service attacks. A remote attacker can exploit a vulnerability to gain sensitive information or perform a denial of service attack. Multiple Schneider Electric products are prone to an information-disclosure vulnerability. \nThe following products are affected:\nVijeo Citect 7.20 and prior\nCitectSCADA 7.20 and prior\nPowerLogic SCADA 7.20 and prior. Schneider Electric Vijeo Citect, CitectSCADA, and PowerLogic SCADA are software from Schneider Electric, France, that provide monitoring and control functions in supervisory control and data acquisition systems (SCADA)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-2796"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003715"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11763"
      },
      {
        "db": "BID",
        "id": "61598"
      },
      {
        "db": "IVD",
        "id": "c95a4b10-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULHUB",
        "id": "VHN-62798"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-2796",
        "trust": 3.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-13-217-02",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "61598",
        "trust": 1.0
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-141",
        "trust": 0.9
      },
      {
        "db": "SCHNEIDER",
        "id": "SEVD-2013-197-01",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11763",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003715",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "54422",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "C95A4B10-2352-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-62798",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "c95a4b10-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11763"
      },
      {
        "db": "VULHUB",
        "id": "VHN-62798"
      },
      {
        "db": "BID",
        "id": "61598"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003715"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-141"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-2796"
      }
    ]
  },
  "id": "VAR-201308-0167",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "c95a4b10-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11763"
      },
      {
        "db": "VULHUB",
        "id": "VHN-62798"
      }
    ],
    "trust": 1.671886442
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "c95a4b10-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11763"
      }
    ]
  },
  "last_update_date": "2024-08-14T14:52:37.527000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.schneider-electric.com/site/home/index.cfm/uk/"
      },
      {
        "title": "Patch Information - cs-HF720SP459363",
        "trust": 0.8,
        "url": "http://www.citect.schneider-electric.com/cs-HF720SP459363"
      },
      {
        "title": "\u30b5\u30dd\u30fc\u30c8",
        "trust": 0.8,
        "url": "http://www.schneider-electric.co.jp/sites/japan/jp/support/contact/we-care.page"
      },
      {
        "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
        "trust": 0.8,
        "url": "http://www.schneider-electric.com/site/home/index.cfm/jp/"
      },
      {
        "title": "Schneider Electric patch for multiple product XML external entity vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/38074"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-11763"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003715"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-62798"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003715"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-2796"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "http://ics-cert.us-cert.gov/advisories/icsa-13-217-02"
      },
      {
        "trust": 1.7,
        "url": "http://www.citect.schneider-electric.com/cs-hf720sp459363"
      },
      {
        "trust": 0.9,
        "url": "http://www.schneider-electric.com/download/ww/en/details/125349410-vulnerability-disclosure---citectscada-vijeo-citect-powerlogic-scada/?reference=sevd-2013-197-01"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2796"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2796"
      },
      {
        "trust": 0.6,
        "url": "http://download.schneider-electric.com/files?p_file_id=125349417\u0026p_file_name=sevd-2013-197-01.pdf"
      },
      {
        "trust": 0.6,
        "url": "http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/content/news/data/en/local/cybersecurity/general_information/2013/07/20130716_advisory_of_vulnerability_affecting_vijeo_citect_citect_scada_and_powe.xml"
      },
      {
        "trust": 0.6,
        "url": "http://www.secunia.com/advisories/54422/"
      },
      {
        "trust": 0.3,
        "url": "http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/content/news/data/en/local/cybersecurity/general_information/2013/07/20130716_advi"
      },
      {
        "trust": 0.3,
        "url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2013-11763"
      },
      {
        "db": "VULHUB",
        "id": "VHN-62798"
      },
      {
        "db": "BID",
        "id": "61598"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003715"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-141"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-2796"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "c95a4b10-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2013-11763"
      },
      {
        "db": "VULHUB",
        "id": "VHN-62798"
      },
      {
        "db": "BID",
        "id": "61598"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003715"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-141"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-2796"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-08-08T00:00:00",
        "db": "IVD",
        "id": "c95a4b10-2352-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2013-08-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-11763"
      },
      {
        "date": "2013-08-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-62798"
      },
      {
        "date": "2013-07-16T00:00:00",
        "db": "BID",
        "id": "61598"
      },
      {
        "date": "2013-08-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-003715"
      },
      {
        "date": "2013-08-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201308-141"
      },
      {
        "date": "2013-08-09T23:55:02.537000",
        "db": "NVD",
        "id": "CVE-2013-2796"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-08-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2013-11763"
      },
      {
        "date": "2013-08-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-62798"
      },
      {
        "date": "2015-03-19T08:09:00",
        "db": "BID",
        "id": "61598"
      },
      {
        "date": "2013-08-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-003715"
      },
      {
        "date": "2013-08-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201308-141"
      },
      {
        "date": "2013-08-12T20:21:04.173000",
        "db": "NVD",
        "id": "CVE-2013-2796"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "61598"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-141"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Schneider Electric Vulnerability to read arbitrary files in the product",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003715"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-141"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2013-2796

Vulnerability from cvelistv5

gsd-2013-2796

Vulnerability from gsd

ghsa-fxqp-5cfq-qj7q

Vulnerability from github

fkie_cve-2013-2796

Vulnerability from fkie_nvd

var-201308-0167

Vulnerability from variot

Tags

Sightings

Nomenclature