Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
7 vulnerabilities by abus
VAR-201905-0061
Vulnerability from variot - Updated: 2023-12-18 14:00Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way. ABUS Secvest FUAA50000 wireless alarm There are cryptographic vulnerabilities in the system.Information may be obtained and information may be altered. ABUSSecvestFUAA50000 is a wireless remote control from ABUS, Germany. An encryption issue vulnerability exists in ABUSSecvestFUAA50000 using firmware version 3.01.01. The vulnerability stems from the network system or product not using the relevant cryptographic algorithm correctly, resulting in content not being properly encrypted, weakly encrypted, and plaintext storage sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Advisory ID: SYSS-2019-005 Product: ABUS Secvest (FUAA50000) Manufacturer: ABUS Affected Version(s): v3.01.01 Tested Version(s): v3.01.01 Vulnerability Type: Cryptographic Issues (CWE-310) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2019-03-15 Solution Date: - Public Disclosure: 2019-05-02 CVE Reference: CVE-2019-9861 Authors of Advisory: Matthias Deeg, Gerhard Klostermeier (SySS GmbH)
Overview:
ABUS Secvest (FUAA50000) is a wireless alarm system with different
features.
The information stored on the used proximity keys can be read easily in
a very short time from distances up to 1 meter, depending on the used
RFID reader. A working cloned RFID token is ready for use within a
couple of seconds using freely available tools.
All three RFID cloning attacks are demonstrated in our SySS
proof-of-concept video "ABUS Secvest Proximity Key Cloning PoC Attack"
[6].
Solution:
SySS GmbH is not aware of a solution for this reported security vulnerability.
Disclosure Timeline:
2019-03-15: Vulnerability reported to manufacturer
2016-05-02: Public release of security advisory
References:
[1] Product website for ABUS Secvest wireless alarm system https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Alarm-panels-and-kits/Secvest-Wireless-Alarm-System
[2] Product website for ABUS proximity chip key https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Control-devices-and-extensions/Proximity-Chip-Key
[3] MIFARE Classic Tool - MCT https://play.google.com/store/apps/details?id=de.syss.MifareClassicTool
[4] GitHub repository of ChameleonMini https://github.com/emsec/ChameleonMini
[5] OBO Hands RFID/NFC Reader/Writer https://www.amazon.de/dp/B07DHL9XQ4/
[6] SySS Proof-of-Concept Video: ABUS Secvest Proximity Key Cloning PoC Attack https://youtu.be/sPyXTQXTEcQ
[7] SySS Security Advisory SYSS-2019-005 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-005.txt
[8] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/news/responsible-disclosure-policy/
Credits:
This security vulnerability was found by Matthias Deeg and Gerhard
Klostermeier of SySS GmbH.
E-Mail: matthias.deeg (at) syss.de
Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc
Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB
E-Mail: gerhard.klostermeier (at) syss.de
Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Gerhard_Klostermeier.asc
Key fingerprint = 8A9E 75CC D510 4FF6 8DB5 CC30 3802 3AAB 573E B2E7
Disclaimer:
The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Copyright:
Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAlzKsdkACgkQ2aS/ajSt TaujyQ/9FASdsNHxRgsOvBhw0V4+VPsVDprGjA4h39bhDJ8f4XIcAzz6ZUiXnR+0 2/0N7MkbFV4gjAmq6TVLQjw6bAlLVRHpLaWsWWQQGjDedynljMlls+bBNsIDLmfz 9mBl8S2lp26jycLgtPgL0hdjzBok9Gf6UZt5H2AnXkfDwthjqR7Ln+x4t3potLJt d87l4Xe/C1x1aMmiJWRy3CxzGTDtCoD/CwBTGvTCTPHnF/9gRobHPLIho6RKzwRE WUtTKQ9me19E5NYX7lPgF3UUcMxVP3f5Yf32K6XnuByEbk0LHiJzKxXNdMT/MCP4 jWAVkWtXHshWb17aGBCbcI1zt9DJEis6dPgm2PJ+qVE/C4s4EszDe/Hc7wgH3fU9 iXY/+SHhgBml55WyNssH+u6TBiIr20/YyABcPQmzCP97sPWzBxMrUlzaad88dsGO I6O9TlcveBrKDcyj8+frv/c+7BU95ZOZmUDLZJ99/KXF1APRGG6JaIQsJm1pi36W O4gUFgUSZ+SiELf/ZsFP3dgPaHMG/pyEVH6mYQKVrm8hEYL/Iyi9WYk4G9TztGN2 g7fkpTI4cTcPYkj9uPBMc5RWCPKCRflkG8QAxf92FBA1rNF3oJYEXQH2RQuvzYqB ghpsBL30GyEjh2DFo/sUzMPUt1Wl1otw3CzEH4eVqIX5J620ol4= =km71 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0061",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secvest wireless alarm system fuaa50000",
"scope": "eq",
"trust": 1.0,
"vendor": "abus",
"version": "3.01.01"
},
{
"model": "secvest wireless alarm system fuaa50000",
"scope": null,
"trust": 0.8,
"vendor": "abus",
"version": null
},
{
"model": "secvest fuaa50000",
"scope": "eq",
"trust": 0.6,
"vendor": "abus",
"version": "3.01.01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15916"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004631"
},
{
"db": "NVD",
"id": "CVE-2019-9861"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_alarm_system_fuaa50000_firmware:3.01.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_alarm_system_fuaa50000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9861"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matthias Deeg",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-099"
}
],
"trust": 0.6
},
"cve": "CVE-2019-9861",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-9861",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2019-15916",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-161296",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-9861",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-9861",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-15916",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-099",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-161296",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15916"
},
{
"db": "VULHUB",
"id": "VHN-161296"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004631"
},
{
"db": "NVD",
"id": "CVE-2019-9861"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-099"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest FUAA50000 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way. ABUS Secvest FUAA50000 wireless alarm There are cryptographic vulnerabilities in the system.Information may be obtained and information may be altered. ABUSSecvestFUAA50000 is a wireless remote control from ABUS, Germany. An encryption issue vulnerability exists in ABUSSecvestFUAA50000 using firmware version 3.01.01. The vulnerability stems from the network system or product not using the relevant cryptographic algorithm correctly, resulting in content not being properly encrypted, weakly encrypted, and plaintext storage sensitive information. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAdvisory ID: SYSS-2019-005\nProduct: ABUS Secvest (FUAA50000)\nManufacturer: ABUS\nAffected Version(s): v3.01.01\nTested Version(s): v3.01.01\nVulnerability Type: Cryptographic Issues (CWE-310)\nRisk Level: Medium\nSolution Status: Open\nManufacturer Notification: 2019-03-15\nSolution Date: -\nPublic Disclosure: 2019-05-02\nCVE Reference: CVE-2019-9861\nAuthors of Advisory: Matthias Deeg, Gerhard Klostermeier (SySS GmbH)\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nOverview:\n\nABUS Secvest (FUAA50000) is a wireless alarm system with different\nfeatures. \n\nThe information stored on the used proximity keys can be read easily in\na very short time from distances up to 1 meter, depending on the used\nRFID reader. A working cloned RFID token is ready for use within a\ncouple of seconds using freely available tools. \n\nAll three RFID cloning attacks are demonstrated in our SySS\nproof-of-concept video \"ABUS Secvest Proximity Key Cloning PoC Attack\"\n[6]. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSolution:\n\nSySS GmbH is not aware of a solution for this reported security\nvulnerability. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclosure Timeline:\n\n2019-03-15: Vulnerability reported to manufacturer\n2016-05-02: Public release of security advisory\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nReferences:\n\n[1] Product website for ABUS Secvest wireless alarm system\n https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Alarm-panels-and-kits/Secvest-Wireless-Alarm-System\n\n[2] Product website for ABUS proximity chip key\n https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Control-devices-and-extensions/Proximity-Chip-Key\n\n[3] MIFARE Classic Tool - MCT\n https://play.google.com/store/apps/details?id=de.syss.MifareClassicTool\n\n[4] GitHub repository of ChameleonMini\n https://github.com/emsec/ChameleonMini\n\n[5] OBO Hands RFID/NFC Reader/Writer\n https://www.amazon.de/dp/B07DHL9XQ4/\n\n[6] SySS Proof-of-Concept Video: ABUS Secvest Proximity Key Cloning PoC Attack\n https://youtu.be/sPyXTQXTEcQ\n\n[7] SySS Security Advisory SYSS-2019-005\n https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-005.txt\n\n[8] SySS GmbH, SySS Responsible Disclosure Policy\n https://www.syss.de/en/news/responsible-disclosure-policy/\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCredits:\n\nThis security vulnerability was found by Matthias Deeg and Gerhard\nKlostermeier of SySS GmbH. \n\nE-Mail: matthias.deeg (at) syss.de\nPublic Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc\nKey fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB\n\nE-Mail: gerhard.klostermeier (at) syss.de\nPublic Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Gerhard_Klostermeier.asc\nKey fingerprint = 8A9E 75CC D510 4FF6 8DB5 CC30 3802 3AAB 573E B2E7\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclaimer:\n\nThe information provided in this security advisory is provided \"as is\"\nand without warranty of any kind. Details of this security advisory may\nbe updated in order to provide as accurate information as possible. The\nlatest version of this security advisory is available on the SySS Web\nsite. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCopyright:\n\nCreative Commons - Attribution (by) - Version 3.0\nURL: http://creativecommons.org/licenses/by/3.0/deed.en\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAlzKsdkACgkQ2aS/ajSt\nTaujyQ/9FASdsNHxRgsOvBhw0V4+VPsVDprGjA4h39bhDJ8f4XIcAzz6ZUiXnR+0\n2/0N7MkbFV4gjAmq6TVLQjw6bAlLVRHpLaWsWWQQGjDedynljMlls+bBNsIDLmfz\n9mBl8S2lp26jycLgtPgL0hdjzBok9Gf6UZt5H2AnXkfDwthjqR7Ln+x4t3potLJt\nd87l4Xe/C1x1aMmiJWRy3CxzGTDtCoD/CwBTGvTCTPHnF/9gRobHPLIho6RKzwRE\nWUtTKQ9me19E5NYX7lPgF3UUcMxVP3f5Yf32K6XnuByEbk0LHiJzKxXNdMT/MCP4\njWAVkWtXHshWb17aGBCbcI1zt9DJEis6dPgm2PJ+qVE/C4s4EszDe/Hc7wgH3fU9\niXY/+SHhgBml55WyNssH+u6TBiIr20/YyABcPQmzCP97sPWzBxMrUlzaad88dsGO\nI6O9TlcveBrKDcyj8+frv/c+7BU95ZOZmUDLZJ99/KXF1APRGG6JaIQsJm1pi36W\nO4gUFgUSZ+SiELf/ZsFP3dgPaHMG/pyEVH6mYQKVrm8hEYL/Iyi9WYk4G9TztGN2\ng7fkpTI4cTcPYkj9uPBMc5RWCPKCRflkG8QAxf92FBA1rNF3oJYEXQH2RQuvzYqB\nghpsBL30GyEjh2DFo/sUzMPUt1Wl1otw3CzEH4eVqIX5J620ol4=\n=km71\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9861"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004631"
},
{
"db": "CNVD",
"id": "CNVD-2019-15916"
},
{
"db": "VULHUB",
"id": "VHN-161296"
},
{
"db": "PACKETSTORM",
"id": "152714"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9861",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "152714",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004631",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-099",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-15916",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-161296",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15916"
},
{
"db": "VULHUB",
"id": "VHN-161296"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004631"
},
{
"db": "PACKETSTORM",
"id": "152714"
},
{
"db": "NVD",
"id": "CVE-2019-9861"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-099"
}
]
},
"id": "VAR-201905-0061",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15916"
},
{
"db": "VULHUB",
"id": "VHN-161296"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15916"
}
]
},
"last_update_date": "2023-12-18T14:00:58.373000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.abus.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004631"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161296"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004631"
},
{
"db": "NVD",
"id": "CVE-2019-9861"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://packetstormsecurity.com/files/152714/abus-secvest-3.01.01-cryptographic-issues.html"
},
{
"trust": 2.6,
"url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2019-005.txt"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/may/1"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2019/may/3"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9861"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9861"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by/3.0/deed.en"
},
{
"trust": 0.1,
"url": "https://www.amazon.de/dp/b07dhl9xq4/"
},
{
"trust": 0.1,
"url": "https://github.com/emsec/chameleonmini"
},
{
"trust": 0.1,
"url": "https://www.abus.com/eng/home-security/alarm-systems/secvest-wireless-alarm-system/control-devices-and-extensions/proximity-chip-key"
},
{
"trust": 0.1,
"url": "https://www.syss.de/en/news/responsible-disclosure-policy/"
},
{
"trust": 0.1,
"url": "https://www.syss.de/fileadmin/dokumente/materialien/pgpkeys/matthias_deeg.asc"
},
{
"trust": 0.1,
"url": "https://youtu.be/spyxtqxtecq"
},
{
"trust": 0.1,
"url": "https://www.syss.de/fileadmin/dokumente/pgpkeys/gerhard_klostermeier.asc"
},
{
"trust": 0.1,
"url": "https://www.abus.com/eng/home-security/alarm-systems/secvest-wireless-alarm-system/alarm-panels-and-kits/secvest-wireless-alarm-system"
},
{
"trust": 0.1,
"url": "https://play.google.com/store/apps/details?id=de.syss.mifareclassictool"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-15916"
},
{
"db": "VULHUB",
"id": "VHN-161296"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004631"
},
{
"db": "PACKETSTORM",
"id": "152714"
},
{
"db": "NVD",
"id": "CVE-2019-9861"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-099"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-15916"
},
{
"db": "VULHUB",
"id": "VHN-161296"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004631"
},
{
"db": "PACKETSTORM",
"id": "152714"
},
{
"db": "NVD",
"id": "CVE-2019-9861"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-099"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15916"
},
{
"date": "2019-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-161296"
},
{
"date": "2019-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004631"
},
{
"date": "2019-05-02T23:02:22",
"db": "PACKETSTORM",
"id": "152714"
},
{
"date": "2019-05-14T17:29:08.397000",
"db": "NVD",
"id": "CVE-2019-9861"
},
{
"date": "2019-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-099"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-15916"
},
{
"date": "2019-05-17T00:00:00",
"db": "VULHUB",
"id": "VHN-161296"
},
{
"date": "2019-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004631"
},
{
"date": "2019-05-17T12:58:09.160000",
"db": "NVD",
"id": "CVE-2019-9861"
},
{
"date": "2019-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-099"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-099"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABUS Secvest FUAA50000 wireless alarm Cryptographic vulnerabilities in systems",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004631"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-099"
}
],
"trust": 0.6
}
}
VAR-201903-0070
Vulnerability from variot - Updated: 2023-12-18 13:56Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore. ABUSSecvestFUBE50014 and ABUSSecvestFUBE50015 are both wireless remote controls from ABUS, Germany. A security vulnerability exists in ABUSSecvestFUBE50014 and ABUSSecvestFUBE50015 that originated from program unencrypted signal communication and used a rolling code that was easily guessed. An attacker could exploit the vulnerability to cause a denial of service. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Advisory ID: SYSS-2018-036 Product: ABUS Secvest Remote Control (FUBE50014, FUBE50015) Manufacturer: ABUS Affected Version(s): n/a Tested Version(s): n/a Vulnerability Type: Denial of Service - Uncontrolled Resource Consumption (CWE-400) Risk Level: Low Solution Status: Open Manufacturer Notification: 2018-11-21 Solution Date: - Public Disclosure: 2019-03-25 CVE Reference: CVE-2019-9860 Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert
Overview:
ABUS Secvest FUBE50014 and FUBE50015 are wireless remote controls for
the ABUS Secvest wireless alarm system.
Some of the device features as described by the manufacturer are
(see [1]):
"
* User-friendly remote control with easily identifiable symbols
* Features \x91arm\x92, \x91disarm\x92 and \x91status query\x92 keys
* 8 LEDs provide an overview and display current system status
* Button for custom configuration available (Secvest wireless alarm
system only)
* Optional manual panic alarm available (Secvest wireless alarm system
only)
* Encrypted signal transmission
* Rolling Code
Thanks to the rolling code process this product is protected against
so-called replay attacks. All controlling signals between this product
and the Secvest alarm panel are in individualised and thus, are not
able to be reproduced by third parties. This process is protected
from third party tampering, and exceeds the requirements of the
DIN EN 50131-1 level 2 security standard.
Proof of Concept (PoC):
Thomas Detert developed a Teensy-based PoC tool using a CC1101 sub-1GHz transceiver that allows disarming the alarm system in an unauthorized way. He provided his tool including documentation and source to SySS GmbH for responsible disclosure purposes.
Based on Mr. Detert's PoC tool, SySS GmbH developed a Python tool for the RFCat-based radio dongle YARD Stick One (see [4]) for demonstrating this simple denial-of-service (DoS) attack against the ABUS Secvest wireless remote controls FUBE50014 and FUBE50015.
Solution:
SySS GmbH is not aware of a solution for this reported security
vulnerability.
Disclosure Timeline:
2018-11-21: Vulnerability reported to manufacturer 2018-11-28: Vulnerability reported to manufacturer once more 2018-12-12: E-mail to ABUS support asking if they are going to give some feedback regarding the reported security issue 2018-12-12: Phone call with ABUS support, the reported security advisories were forwarded to the ABUS Security Center Support 2018-12-12: E-mail to ABUS Security Center Support asking if they are going to give some feedback regarding the reported security issue 2019-01-14: Updated information regarding remote control ABUS Secvest FUBE50015 2019-03-25: Public release of security advisory
References:
[1] Product website for ABUS Secvest wireless remote control
https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Control-devices-and-extensions/Secvest-Wireless-Remote-Control2
[2] SySS Security Advisory SYSS-2018-035
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-035.txt
[3] SySS Security Advisory SYSS-2018-034
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-034.txt
[4] Product website YARD Stick One
https://greatscottgadgets.com/yardstickone/
[5] SySS Security Advisory SYSS-2018-036
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.txt
[6] SySS GmbH, SySS Responsible Disclosure Policy
https://www.syss.de/en/news/responsible-disclosure-policy/
Credits:
This security vulnerability was found by Thomas Detert.
Mr. Detert reported his finding to SySS GmbH where it was verified and later reported to the manufacturer by Matthias Deeg.
E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB
Disclaimer:
The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory may
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS Web
site.
Copyright:
Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAlyUoMMACgkQ2aS/ajSt TatXPw/8CKe79eTckW/tXs4iIXP3hRTwy3+doB5r92txbd5OkayGRvfY6nGLX+LB naael/ZimlLq6QfNZsMiFli1+L9PS3IB52Suo2w7thHcTvz+fPJVfMt0fTkeGTvX mTfm8/ZsQ1vH0uU2EccwL5aVatiVHzuowJd6yv9afWBQ+ci8fShFmm7FGgfeCWoP Z3iOfttXlpPNMUsk9gMum+UeyqBsGSj0KjJxy3Cuugz783IPB+hdDWLPigmdtZPO chO7jEC6JXQJXt5UK/F8CdSZ1xF1NhfpQ9NvzvIBeEMy7V19S3EUnsow88i8HOSL pkRtISvp98QHfomJMCUUXRe6DSnXFyVy416zgw753610vCvlVH9pgKZ2JlyHragA YKSbadah2qqmYOm6Z7NMuXVNA+TqNh70u14IOl1bdr+Gp1nbvdcORMdU0aoBZfO+ KdyVBbeZgOQ9jOFs8dZzzMCuCx3eMsby4Ynwwnuu/YS4j1fwaK6l+G+nOEHLzc+J U2txKilfISr3kupFj/UBYzd7AjHul7C7Uu8LzI/HcAWSlv/zwtc0PiluAjFV1C7x pyaICS9AISt4YzNXUyH/bm2NkehxXz6lMnvJ4j8jvJJbdbvlgyhnKXovZMzRlN8Y 0WLRQtlTx/zYjZyD+qw5/L53qx3An0OYBVLLYFduU9FgZbgnbnM= =Zb9J -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0070",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secvest wireless alarm system fuaa50000",
"scope": "eq",
"trust": 1.8,
"vendor": "abus",
"version": "3.01.01"
},
{
"model": "secvest wireless remote control fube50015",
"scope": "eq",
"trust": 1.0,
"vendor": "abus",
"version": null
},
{
"model": "secvest wireless remote control fube50014",
"scope": "eq",
"trust": 1.0,
"vendor": "abus",
"version": null
},
{
"model": "secvest wireless remote control fube50014",
"scope": null,
"trust": 0.8,
"vendor": "abus",
"version": null
},
{
"model": "secvest wireless remote control fube50015",
"scope": null,
"trust": 0.8,
"vendor": "abus",
"version": null
},
{
"model": "secvest fube50014",
"scope": null,
"trust": 0.6,
"vendor": "abus",
"version": null
},
{
"model": "secvest fube50015",
"scope": null,
"trust": 0.6,
"vendor": "abus",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-08179"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003056"
},
{
"db": "NVD",
"id": "CVE-2019-9860"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_alarm_system_fuaa50000_firmware:3.01.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_alarm_system_fuaa50000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_remote_control_fube50014_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_remote_control_fube50014:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_remote_control_fube50015_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_remote_control_fube50015:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9860"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matthias Deeg",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-929"
}
],
"trust": 0.6
},
"cve": "CVE-2019-9860",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-9860",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-08179",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-161295",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-9860",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-9860",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-08179",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-929",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-161295",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-08179"
},
{
"db": "VULHUB",
"id": "VHN-161295"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003056"
},
{
"db": "NVD",
"id": "CVE-2019-9860"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-929"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Due to unencrypted signal communication and predictability of rolling codes, an attacker can \"desynchronize\" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore. ABUSSecvestFUBE50014 and ABUSSecvestFUBE50015 are both wireless remote controls from ABUS, Germany. A security vulnerability exists in ABUSSecvestFUBE50014 and ABUSSecvestFUBE50015 that originated from program unencrypted signal communication and used a rolling code that was easily guessed. An attacker could exploit the vulnerability to cause a denial of service. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAdvisory ID: SYSS-2018-036\nProduct: ABUS Secvest Remote Control (FUBE50014, FUBE50015)\nManufacturer: ABUS\nAffected Version(s): n/a\nTested Version(s): n/a\nVulnerability Type: Denial of Service - Uncontrolled Resource Consumption (CWE-400)\nRisk Level: Low\nSolution Status: Open\nManufacturer Notification: 2018-11-21\nSolution Date: -\nPublic Disclosure: 2019-03-25\nCVE Reference: CVE-2019-9860\nAuthors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nOverview:\n\nABUS Secvest FUBE50014 and FUBE50015 are wireless remote controls for\nthe ABUS Secvest wireless alarm system. \n\nSome of the device features as described by the manufacturer are\n(see [1]):\n\n\"\n* User-friendly remote control with easily identifiable symbols\n* Features \\x91arm\\x92, \\x91disarm\\x92 and \\x91status query\\x92 keys\n* 8 LEDs provide an overview and display current system status\n* Button for custom configuration available (Secvest wireless alarm\n system only)\n* Optional manual panic alarm available (Secvest wireless alarm system\n only)\n* Encrypted signal transmission\n* Rolling Code\n Thanks to the rolling code process this product is protected against\n so-called replay attacks. All controlling signals between this product\n and the Secvest alarm panel are in individualised and thus, are not\n able to be reproduced by third parties. This process is protected\n from third party tampering, and exceeds the requirements of the\n DIN EN 50131-1 level 2 security standard. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nProof of Concept (PoC):\n\nThomas Detert developed a Teensy-based PoC tool using a CC1101 sub-1GHz\ntransceiver that allows disarming the alarm system in an unauthorized\nway. He provided his tool including documentation and source to SySS\nGmbH for responsible disclosure purposes. \n\nBased on Mr. Detert\u0027s PoC tool, SySS GmbH developed a Python tool for\nthe RFCat-based radio dongle YARD Stick One (see [4]) for demonstrating\nthis simple denial-of-service (DoS) attack against the ABUS Secvest\nwireless remote controls FUBE50014 and FUBE50015. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSolution:\n\nSySS GmbH is not aware of a solution for this reported security\nvulnerability. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclosure Timeline:\n\n2018-11-21: Vulnerability reported to manufacturer\n2018-11-28: Vulnerability reported to manufacturer once more\n2018-12-12: E-mail to ABUS support asking if they are going to give\n some feedback regarding the reported security issue\n2018-12-12: Phone call with ABUS support, the reported security\n advisories were forwarded to the ABUS Security Center\n Support\n2018-12-12: E-mail to ABUS Security Center Support asking if they are\n going to give some feedback regarding the reported security\n issue\n2019-01-14: Updated information regarding remote control ABUS Secvest\n FUBE50015\n2019-03-25: Public release of security advisory\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nReferences:\n\n[1] Product website for ABUS Secvest wireless remote control\n https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Control-devices-and-extensions/Secvest-Wireless-Remote-Control2\n[2] SySS Security Advisory SYSS-2018-035\n https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-035.txt\n[3] SySS Security Advisory SYSS-2018-034\n https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-034.txt\n[4] Product website YARD Stick One\n https://greatscottgadgets.com/yardstickone/\n[5] SySS Security Advisory SYSS-2018-036\n https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-036.txt\n[6] SySS GmbH, SySS Responsible Disclosure Policy\n https://www.syss.de/en/news/responsible-disclosure-policy/\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCredits:\n\nThis security vulnerability was found by Thomas Detert. \n\nMr. Detert reported his finding to SySS GmbH where it was verified and\nlater reported to the manufacturer by Matthias Deeg. \n\nE-Mail: matthias.deeg (at) syss.de\nPublic Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc\nKey fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclaimer:\n\nThe information provided in this security advisory is provided \"as is\"\nand without warranty of any kind. Details of this security advisory may\nbe updated in order to provide as accurate information as possible. The\nlatest version of this security advisory is available on the SySS Web\nsite. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCopyright:\n\nCreative Commons - Attribution (by) - Version 3.0\nURL: http://creativecommons.org/licenses/by/3.0/deed.en\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAlyUoMMACgkQ2aS/ajSt\nTatXPw/8CKe79eTckW/tXs4iIXP3hRTwy3+doB5r92txbd5OkayGRvfY6nGLX+LB\nnaael/ZimlLq6QfNZsMiFli1+L9PS3IB52Suo2w7thHcTvz+fPJVfMt0fTkeGTvX\nmTfm8/ZsQ1vH0uU2EccwL5aVatiVHzuowJd6yv9afWBQ+ci8fShFmm7FGgfeCWoP\nZ3iOfttXlpPNMUsk9gMum+UeyqBsGSj0KjJxy3Cuugz783IPB+hdDWLPigmdtZPO\nchO7jEC6JXQJXt5UK/F8CdSZ1xF1NhfpQ9NvzvIBeEMy7V19S3EUnsow88i8HOSL\npkRtISvp98QHfomJMCUUXRe6DSnXFyVy416zgw753610vCvlVH9pgKZ2JlyHragA\nYKSbadah2qqmYOm6Z7NMuXVNA+TqNh70u14IOl1bdr+Gp1nbvdcORMdU0aoBZfO+\nKdyVBbeZgOQ9jOFs8dZzzMCuCx3eMsby4Ynwwnuu/YS4j1fwaK6l+G+nOEHLzc+J\nU2txKilfISr3kupFj/UBYzd7AjHul7C7Uu8LzI/HcAWSlv/zwtc0PiluAjFV1C7x\npyaICS9AISt4YzNXUyH/bm2NkehxXz6lMnvJ4j8jvJJbdbvlgyhnKXovZMzRlN8Y\n0WLRQtlTx/zYjZyD+qw5/L53qx3An0OYBVLLYFduU9FgZbgnbnM=\n=Zb9J\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9860"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003056"
},
{
"db": "CNVD",
"id": "CNVD-2019-08179"
},
{
"db": "VULHUB",
"id": "VHN-161295"
},
{
"db": "PACKETSTORM",
"id": "152218"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-161295",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161295"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9860",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "152218",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003056",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-929",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-08179",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-161295",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-08179"
},
{
"db": "VULHUB",
"id": "VHN-161295"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003056"
},
{
"db": "PACKETSTORM",
"id": "152218"
},
{
"db": "NVD",
"id": "CVE-2019-9860"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-929"
}
]
},
"id": "VAR-201903-0070",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-08179"
},
{
"db": "VULHUB",
"id": "VHN-161295"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-08179"
}
]
},
"last_update_date": "2023-12-18T13:56:47.419000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.abus.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003056"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.0
},
{
"problemtype": "CWE-330",
"trust": 1.0
},
{
"problemtype": "CWE-332",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161295"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003056"
},
{
"db": "NVD",
"id": "CVE-2019-9860"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2018-036.txt"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9860"
},
{
"trust": 1.2,
"url": "https://packetstormsecurity.com/files/152218/abus-secvest-remote-control-denial-of-service.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9860"
},
{
"trust": 0.6,
"url": "http://seclists.org/bugtraq/2019/mar/39"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by/3.0/deed.en"
},
{
"trust": 0.1,
"url": "https://www.abus.com/eng/home-security/alarm-systems/secvest-wireless-alarm-system/control-devices-and-extensions/secvest-wireless-remote-control2"
},
{
"trust": 0.1,
"url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2018-034.txt"
},
{
"trust": 0.1,
"url": "https://www.syss.de/en/news/responsible-disclosure-policy/"
},
{
"trust": 0.1,
"url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2018-035.txt"
},
{
"trust": 0.1,
"url": "https://www.syss.de/fileadmin/dokumente/materialien/pgpkeys/matthias_deeg.asc"
},
{
"trust": 0.1,
"url": "https://greatscottgadgets.com/yardstickone/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-08179"
},
{
"db": "VULHUB",
"id": "VHN-161295"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003056"
},
{
"db": "PACKETSTORM",
"id": "152218"
},
{
"db": "NVD",
"id": "CVE-2019-9860"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-929"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-08179"
},
{
"db": "VULHUB",
"id": "VHN-161295"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003056"
},
{
"db": "PACKETSTORM",
"id": "152218"
},
{
"db": "NVD",
"id": "CVE-2019-9860"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-929"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-08179"
},
{
"date": "2019-03-27T00:00:00",
"db": "VULHUB",
"id": "VHN-161295"
},
{
"date": "2019-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003056"
},
{
"date": "2019-03-25T16:09:02",
"db": "PACKETSTORM",
"id": "152218"
},
{
"date": "2019-03-27T15:29:01.127000",
"db": "NVD",
"id": "CVE-2019-9860"
},
{
"date": "2019-03-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-929"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-08179"
},
{
"date": "2019-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-161295"
},
{
"date": "2019-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003056"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2019-9860"
},
{
"date": "2019-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-929"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "152218"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-929"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ABUS In product PRNG Inadequate entropy vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003056"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-929"
}
],
"trust": 0.6
}
}
VAR-201903-0072
Vulnerability from variot - Updated: 2023-12-18 13:56Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way. ABUS Secvest wireless alarm system FUAA50000 , remote control FUBE50014 , FUBE50015 Contains a cryptographic strength vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABUS Secvest FUBE50014 is a wireless remote control of ABUS company in Germany. There are security vulnerabilities in ABUS Secvest FUAA50000, FUBE50014, and FUB50015. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Advisory ID: SYSS-2018-034 Product: ABUS Secvest (FUAA50000) Manufacturer: ABUS Affected Version(s): v3.01.01 Tested Version(s): v3.01.01 Vulnerability Type: Rolling Code - Predictable from Observable State (CWE-341) Risk Level: High Solution Status: Open Manufacturer Notification: 2018-11-21 Solution Date: - Public Disclosure: 2019-03-25 CVE Reference: CVE-2019-9863 Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert
Overview:
ABUS Secvest (FUAA50000) is a wireless alarm system with different
features.
Proof of Concept (PoC):
Thomas Detert developed a Teensy-based PoC tool using a CC1101 sub-1GHz transceiver that allows disarming the alarm system in an unauthorized way. He provided his tool including documentation and source to SySS GmbH for responsible disclosure purposes. Detert's PoC tool, a developed Python tool for the RFCat-based radio dongle YARD Stick One (see [3]), or a eZ430-Chronos (see [4]) with a specially developed firmware.
Successful disarming attacks against an ABUS Secvest wireless alarm system are shown in our SySS proof-of-concept video "ABUS Secvest Rolling Code PoC Attack" [8].
Solution:
SySS GmbH is not aware of a solution for this reported security
vulnerability.
Disclosure Timeline:
2018-11-21: Vulnerability reported to manufacturer 2018-11-28: Vulnerability reported to manufacturer once more 2018-12-12: E-mail to ABUS support asking if they are going to give some feedback regarding the reported security issue 2018-12-12: Phone call with ABUS support, the reported security advisories were forwarded to the ABUS Security Center Support 2018-12-12: E-mail to ABUS Security Center Support asking if they are going to give some feedback regarding the reported security issue 2019-01-14: Updated information regarding remote control ABUS Secvest FUBE50015 2019-03-25: Public release of security advisory
References:
[1] Product website for ABUS Secvest wireless alarm system
https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Alarm-panels-and-kits/Secvest-Wireless-Alarm-System
[2] SySS Security Advisory SYSS-2016-117
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-117.txt
[3] Product website YARD Stick One
https://greatscottgadgets.com/yardstickone/
[4] Product website for Texas Instruments eZ430-Chronos
http://www.ti.com/tool/EZ430-CHRONOS
[5] SySS Security Advisory SYSS-2018-034
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-034.txt
[6] SySS Security Advisory SYSS-2018-035
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-035.txt
[7] SySS GmbH, SySS Responsible Disclosure Policy
https://www.syss.de/en/news/responsible-disclosure-policy/
[8] SySS Proof-of-Concept Video: ABUS Secvest Rolling Code PoC Attack
https://youtu.be/pSdsMVn-7gM
Credits:
This security vulnerability was found by Thomas Detert.
Mr. Detert reported his finding to SySS GmbH where it was verified and later reported to the manufacturer by Matthias Deeg.
E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB
Disclaimer:
The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory may
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS Web
site.
Copyright:
Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAlyUoKcACgkQ2aS/ajSt Tav+OBAAnJ6Vb6DVHhNWevqYKGjdn5eIIIHcfIrwe4bzKbXusNIVK9okNNkZT9i+ hRZfVSFR21uyamh950qNujjizNhGUnD3mezPx5ep0R7tPxhwcp67kgVjRef4PNEE p1rbhVFKKWlR4ygcmsAeKnnHQTGUK9UlYBlTt2RpPh4OCCRikPW0RuwfYuAxrvug kDpWV/XA2DivteL68jDYzCdXHG2toph1FGmfv5CTx0NiyKD/XSm952c17z/D78Qz AHvJT+xVMyZoUWqhSWHbwS+byBzVaXM2C3/89FBJ0YgolmrL1k8GvbYGe5fVlbBa +PcHpp2yRbhuDgANCdLGEvWMCaflbqUPZN/xyaySF5HaKmpULvU44QEtg9CjDKNv m0yyZDWaBAUMb574MsBZNAnFmyWPFuq1wd/hM5oxLoUyu6nbBlsLcpH/3E0LbJL0 ifNvk9KTsrvOItAV1fQl7/ccNcAeI+DB2yz44gtDaHjHvYCFjEHaQvws5a9L0PIF XYRuHI+BNNIIi2KwivpnR316MA2MgE0hEny708sdS879qP1eZ5gDXcrVvUPFDsbA DRH66TVPmoi2HMkKn95/PVLgqAYH0QFlGs3RkT+t7QS1K0gVCude4sTtxZFpT1A/ oxl2o8Kn4YhBDXvT9tUs1vaBFMO46MCgKF4yx3adPCRqK7twhiY= =eZ14 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0072",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secvest wireless alarm system fuaa50000",
"scope": "eq",
"trust": 1.8,
"vendor": "abus",
"version": "3.01.01"
},
{
"model": "secvest wireless remote control fube50015",
"scope": "eq",
"trust": 1.0,
"vendor": "abus",
"version": null
},
{
"model": "secvest wireless remote control fube50014",
"scope": "eq",
"trust": 1.0,
"vendor": "abus",
"version": null
},
{
"model": "secvest wireless remote control fube50014",
"scope": null,
"trust": 0.8,
"vendor": "abus",
"version": null
},
{
"model": "secvest wireless remote control fube50015",
"scope": null,
"trust": 0.8,
"vendor": "abus",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002902"
},
{
"db": "NVD",
"id": "CVE-2019-9863"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_alarm_system_fuaa50000_firmware:3.01.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_alarm_system_fuaa50000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_remote_control_fube50014_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_remote_control_fube50014:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_remote_control_fube50015_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_remote_control_fube50015:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9863"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matthias Deeg",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-922"
}
],
"trust": 0.6
},
"cve": "CVE-2019-9863",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-9863",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-161298",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-9863",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-9863",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-922",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-161298",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-9863",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161298"
},
{
"db": "VULMON",
"id": "CVE-2019-9863"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002902"
},
{
"db": "NVD",
"id": "CVE-2019-9863"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-922"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way. ABUS Secvest wireless alarm system FUAA50000 , remote control FUBE50014 , FUBE50015 Contains a cryptographic strength vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABUS Secvest FUBE50014 is a wireless remote control of ABUS company in Germany. There are security vulnerabilities in ABUS Secvest FUAA50000, FUBE50014, and FUB50015. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAdvisory ID: SYSS-2018-034\nProduct: ABUS Secvest (FUAA50000)\nManufacturer: ABUS\nAffected Version(s): v3.01.01\nTested Version(s): v3.01.01\nVulnerability Type: Rolling Code - Predictable from Observable State (CWE-341)\nRisk Level: High\nSolution Status: Open\nManufacturer Notification: 2018-11-21\nSolution Date: -\nPublic Disclosure: 2019-03-25\nCVE Reference: CVE-2019-9863\nAuthors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nOverview:\n\nABUS Secvest (FUAA50000) is a wireless alarm system with different\nfeatures. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nProof of Concept (PoC):\n\nThomas Detert developed a Teensy-based PoC tool using a CC1101 sub-1GHz\ntransceiver that allows disarming the alarm system in an unauthorized\nway. He provided his tool including documentation and source to SySS\nGmbH for responsible disclosure purposes. Detert\u0027s PoC tool, a developed Python tool for the RFCat-based radio\ndongle YARD Stick One (see [3]), or a eZ430-Chronos (see [4]) with a\nspecially developed firmware. \n\nSuccessful disarming attacks against an ABUS Secvest wireless alarm\nsystem are shown in our SySS proof-of-concept video \"ABUS Secvest\nRolling Code PoC Attack\" [8]. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSolution:\n\nSySS GmbH is not aware of a solution for this reported security\nvulnerability. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclosure Timeline:\n\n2018-11-21: Vulnerability reported to manufacturer\n2018-11-28: Vulnerability reported to manufacturer once more\n2018-12-12: E-mail to ABUS support asking if they are going to give\n some feedback regarding the reported security issue\n2018-12-12: Phone call with ABUS support, the reported security\n advisories were forwarded to the ABUS Security Center\n Support\n2018-12-12: E-mail to ABUS Security Center Support asking if they are\n going to give some feedback regarding the reported security\n issue\n2019-01-14: Updated information regarding remote control ABUS Secvest\n FUBE50015\n2019-03-25: Public release of security advisory\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nReferences:\n\n[1] Product website for ABUS Secvest wireless alarm system\n https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Alarm-panels-and-kits/Secvest-Wireless-Alarm-System\n[2] SySS Security Advisory SYSS-2016-117\n https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-117.txt\n[3] Product website YARD Stick One\n https://greatscottgadgets.com/yardstickone/\n[4] Product website for Texas Instruments eZ430-Chronos\n http://www.ti.com/tool/EZ430-CHRONOS\n[5] SySS Security Advisory SYSS-2018-034\n https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-034.txt\n[6] SySS Security Advisory SYSS-2018-035\n https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-035.txt\n[7] SySS GmbH, SySS Responsible Disclosure Policy\n https://www.syss.de/en/news/responsible-disclosure-policy/\n[8] SySS Proof-of-Concept Video: ABUS Secvest Rolling Code PoC Attack\n https://youtu.be/pSdsMVn-7gM\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCredits:\n\nThis security vulnerability was found by Thomas Detert. \n\nMr. Detert reported his finding to SySS GmbH where it was verified and\nlater reported to the manufacturer by Matthias Deeg. \n\nE-Mail: matthias.deeg (at) syss.de\nPublic Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc\nKey fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclaimer:\n\nThe information provided in this security advisory is provided \"as is\"\nand without warranty of any kind. Details of this security advisory may\nbe updated in order to provide as accurate information as possible. The\nlatest version of this security advisory is available on the SySS Web\nsite. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCopyright:\n\nCreative Commons - Attribution (by) - Version 3.0\nURL: http://creativecommons.org/licenses/by/3.0/deed.en\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAlyUoKcACgkQ2aS/ajSt\nTav+OBAAnJ6Vb6DVHhNWevqYKGjdn5eIIIHcfIrwe4bzKbXusNIVK9okNNkZT9i+\nhRZfVSFR21uyamh950qNujjizNhGUnD3mezPx5ep0R7tPxhwcp67kgVjRef4PNEE\np1rbhVFKKWlR4ygcmsAeKnnHQTGUK9UlYBlTt2RpPh4OCCRikPW0RuwfYuAxrvug\nkDpWV/XA2DivteL68jDYzCdXHG2toph1FGmfv5CTx0NiyKD/XSm952c17z/D78Qz\nAHvJT+xVMyZoUWqhSWHbwS+byBzVaXM2C3/89FBJ0YgolmrL1k8GvbYGe5fVlbBa\n+PcHpp2yRbhuDgANCdLGEvWMCaflbqUPZN/xyaySF5HaKmpULvU44QEtg9CjDKNv\nm0yyZDWaBAUMb574MsBZNAnFmyWPFuq1wd/hM5oxLoUyu6nbBlsLcpH/3E0LbJL0\nifNvk9KTsrvOItAV1fQl7/ccNcAeI+DB2yz44gtDaHjHvYCFjEHaQvws5a9L0PIF\nXYRuHI+BNNIIi2KwivpnR316MA2MgE0hEny708sdS879qP1eZ5gDXcrVvUPFDsbA\nDRH66TVPmoi2HMkKn95/PVLgqAYH0QFlGs3RkT+t7QS1K0gVCude4sTtxZFpT1A/\noxl2o8Kn4YhBDXvT9tUs1vaBFMO46MCgKF4yx3adPCRqK7twhiY=\n=eZ14\n-----END PGP SIGNATURE-----\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9863"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002902"
},
{
"db": "VULHUB",
"id": "VHN-161298"
},
{
"db": "VULMON",
"id": "CVE-2019-9863"
},
{
"db": "PACKETSTORM",
"id": "152212"
}
],
"trust": 1.89
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-161298",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161298"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9863",
"trust": 2.7
},
{
"db": "PACKETSTORM",
"id": "152212",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002902",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-922",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-161298",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-9863",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161298"
},
{
"db": "VULMON",
"id": "CVE-2019-9863"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002902"
},
{
"db": "PACKETSTORM",
"id": "152212"
},
{
"db": "NVD",
"id": "CVE-2019-9863"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-922"
}
]
},
"id": "VAR-201903-0072",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-161298"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:56:47.386000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.abus.com/eng"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002902"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-330",
"trust": 1.0
},
{
"problemtype": "CWE-326",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161298"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002902"
},
{
"db": "NVD",
"id": "CVE-2019-9863"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2018-034.txt"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9863"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9863"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152212/abus-secvest-3.01.01-insecure-algorithm.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/326.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://seclists.org/fulldisclosure/2019/mar/48"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by/3.0/deed.en"
},
{
"trust": 0.1,
"url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2016-117.txt"
},
{
"trust": 0.1,
"url": "https://www.syss.de/en/news/responsible-disclosure-policy/"
},
{
"trust": 0.1,
"url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2018-035.txt"
},
{
"trust": 0.1,
"url": "https://www.syss.de/fileadmin/dokumente/materialien/pgpkeys/matthias_deeg.asc"
},
{
"trust": 0.1,
"url": "https://www.abus.com/eng/home-security/alarm-systems/secvest-wireless-alarm-system/alarm-panels-and-kits/secvest-wireless-alarm-system"
},
{
"trust": 0.1,
"url": "https://youtu.be/psdsmvn-7gm"
},
{
"trust": 0.1,
"url": "http://www.ti.com/tool/ez430-chronos"
},
{
"trust": 0.1,
"url": "https://greatscottgadgets.com/yardstickone/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161298"
},
{
"db": "VULMON",
"id": "CVE-2019-9863"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002902"
},
{
"db": "PACKETSTORM",
"id": "152212"
},
{
"db": "NVD",
"id": "CVE-2019-9863"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-922"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-161298"
},
{
"db": "VULMON",
"id": "CVE-2019-9863"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002902"
},
{
"db": "PACKETSTORM",
"id": "152212"
},
{
"db": "NVD",
"id": "CVE-2019-9863"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-922"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-27T00:00:00",
"db": "VULHUB",
"id": "VHN-161298"
},
{
"date": "2019-03-27T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9863"
},
{
"date": "2019-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002902"
},
{
"date": "2019-03-25T15:37:12",
"db": "PACKETSTORM",
"id": "152212"
},
{
"date": "2019-03-27T14:29:02.127000",
"db": "NVD",
"id": "CVE-2019-9863"
},
{
"date": "2019-03-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-922"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-28T00:00:00",
"db": "VULHUB",
"id": "VHN-161298"
},
{
"date": "2021-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2019-9863"
},
{
"date": "2019-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002902"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2019-9863"
},
{
"date": "2021-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-922"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "152212"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-922"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ABUS Vulnerability related to cryptographic strength in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002902"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-922"
}
],
"trust": 0.6
}
}
VAR-201903-0071
Vulnerability from variot - Updated: 2023-12-18 13:52An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because "encrypted signal transmission" is missing, an attacker is able to eavesdrop sensitive data as cleartext (for instance, the current rolling code state). A security vulnerability exists in ABUSSecvestFUBE50014 and ABUSSecvestFUBE50015 that originated from the program's unencrypted sensitive data. An attacker could exploit the vulnerability to obtain sensitive data from transmitted packets and analyze all packet formats and communication protocols. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Advisory ID: SYSS-2018-035 Product: ABUS Secvest Remote Control (FUBE50014, FUBE50015) Manufacturer: ABUS Affected Version(s): n/a Tested Version(s): n/a Vulnerability Type: Missing Encryption of Sensitive Data (CWE-311) Risk Level: High Solution Status: Open Manufacturer Notification: 2018-11-21 Solution Date: - Public Disclosure: 2019-03-25 CVE Reference: CVE-2019-9862 Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert
Overview:
ABUS Secvest FUBE50014 and FUBE50015 are wireless remote controls for
the ABUS Secvest wireless alarm system.
Some of the device features as described by the manufacturer are
(see [1]):
"
* User-friendly remote control with easily identifiable symbols
* Features \x91arm\x92, \x91disarm\x92 and \x91status query\x92 keys
* 8 LEDs provide an overview and display current system status
* Button for custom configuration available (Secvest wireless alarm
system only)
* Optional manual panic alarm available (Secvest wireless alarm system
only)
* Encrypted signal transmission
* Rolling Code
Thanks to the rolling code process this product is protected against
so-called replay attacks. All controlling signals between this product
and the Secvest alarm panel are in individualised and thus, are not
able to be reproduced by third parties. This process is protected
from third party tampering, and exceeds the requirements of the
DIN EN 50131-1 level 2 security standard.
Proof of Concept (PoC):
Thomas Detert developed a Teensy-based PoC tool using a CC1101 sub-1GHz transceiver that allows disarming the alarm system in an unauthorized way. He provided his tool including documentation and source to SySS GmbH for responsible disclosure purposes.
SySS GmbH could successfully perform a disarming attack against an ABUS Secvest wireless alarm system by exploiting the unencrypted signal transmission of the ABUS Secvest wireless remote controls FUBE50014 and FUBE50015 and the predictable rolling code implementation using either Mr. Detert's PoC tool, a developed Python tool for the RFCat-based radio dongle YARD Stick One (see [3]), or a eZ430-Chronos (see [4]) with a specially developed firmware.
Successful disarming attacks against an ABUS Secvest wireless alarm system are shown in our SySS proof-of-concept video "ABUS Secvest Rolling Code PoC Attack" [7].
Solution:
SySS GmbH is not aware of a solution for this reported security
vulnerability.
Disclosure Timeline:
2018-11-21: Vulnerability reported to manufacturer 2018-11-28: Vulnerability reported to manufacturer once more 2018-12-12: E-mail to ABUS support asking if they are going to give some feedback regarding the reported security issue 2018-12-12: Phone call with ABUS support, the reported security advisories were forwarded to the ABUS Security Center Support 2018-12-12: E-mail to ABUS Security Center Support asking if they are going to give some feedback regarding the reported security issue 2019-01-14: Updated information regarding remote control ABUS Secvest FUBE50015 2019-03-25: Public release of security advisory
References:
[1] Product website for ABUS Secvest wireless remote control
https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Control-devices-and-extensions/Secvest-Wireless-Remote-Control2
[2] SySS Security Advisory SYSS-2018-034
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-034.txt
[3] Product website YARD Stick One
https://greatscottgadgets.com/yardstickone/
[4] Product website for Texas Instruments eZ430-Chronos
http://www.ti.com/tool/EZ430-CHRONOS
[5] SySS Security Advisory SYSS-2018-035
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-035.txt
[6] SySS GmbH, SySS Responsible Disclosure Policy
https://www.syss.de/en/news/responsible-disclosure-policy/
[7] SySS Proof-of-Concept Video: ABUS Secvest Rolling Code PoC Attack
https://youtu.be/pSdsMVn-7gM
Credits:
This security vulnerability was found by Thomas Detert.
Mr. Detert reported his finding to SySS GmbH where it was verified and later reported to the manufacturer by Matthias Deeg.
E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB
Disclaimer:
The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory may
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS Web
site.
Copyright:
Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAlyUoLoACgkQ2aS/ajSt TauU4Q/8CZRBKZPUkuVKjWkxurI4k9zH2+FRpVGlddz7Icx547VJdYUFLmGGXtQW yH5DrxrDJTM6IjPh8l6Dw3Vrf5EwP/AN5NAKKEeWGam+SVtF4jq2xZu7O+XgL5Q7 MO2BrqMFv5v/8R8bYkWTczMcwnznMZB/9xQnFaGr4Tp//LH8VQ54UfQH/7fCgVGT RcHMKKx05EuRD4coU1uogwdsjfXDmY+hTEl9vArV6S6dtqKa1vXv54PN07mvlZNW CvojEpWXmkzlev4mDmS+WsjvDRKDE5AW9Dflg1pcQLH0/20eK4PAjJAlk+2qaxM0 g1t3U6O/pjotp4BxHhrYvcPjAY0iLz4S1yCVte8VdQ1zZ1LQ0+N8zMBx3sp+Sfo0 mCJuj/GBpgtS/AsBcsNiSlHgUhl6tIkhbrocJ5F8f5yx0NLWeSZ+iZPp2IxHqT/b ZZj5xZd+WQjRnwN/Rp5Pe3Fgg/PBiCOpW4BmTiZytkm9fu23u3BDYC3daXzGgQmg WiodnGM/TsLWryuckh5blqP/595PNbvc/zdjofWHkz9fGX29hsvkoXo3AjFBYsFw mbtGKHPO9qod7Gp6xwLUVq4PXMP8Yhrif4/ZzHh2gzNFQ5gFH+6lUYpomwIqyw51 3knWk51fjOd1suaXGzxN87zbhqKhVh+GsopwsrG5OvbSQXhnYIA= =5FYg -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0071",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secvest wireless alarm system fuaa50000",
"scope": "eq",
"trust": 1.8,
"vendor": "abus",
"version": "3.01.01"
},
{
"model": "secvest wireless remote control fube50015",
"scope": "eq",
"trust": 1.0,
"vendor": "abus",
"version": null
},
{
"model": "secvest wireless remote control fube50014",
"scope": "eq",
"trust": 1.0,
"vendor": "abus",
"version": null
},
{
"model": "secvest wireless remote control fube50014",
"scope": null,
"trust": 0.8,
"vendor": "abus",
"version": null
},
{
"model": "secvest wireless remote control fube50015",
"scope": null,
"trust": 0.8,
"vendor": "abus",
"version": null
},
{
"model": "secvest fube50014",
"scope": null,
"trust": 0.6,
"vendor": "abus",
"version": null
},
{
"model": "secvest fube50015",
"scope": null,
"trust": 0.6,
"vendor": "abus",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-08180"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002901"
},
{
"db": "NVD",
"id": "CVE-2019-9862"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_alarm_system_fuaa50000_firmware:3.01.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_alarm_system_fuaa50000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_remote_control_fube50014_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_remote_control_fube50014:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_remote_control_fube50015_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_remote_control_fube50015:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9862"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matthias Deeg",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-927"
}
],
"trust": 0.6
},
"cve": "CVE-2019-9862",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-9862",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-08180",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-161297",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-9862",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-9862",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-08180",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-927",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-161297",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-08180"
},
{
"db": "VULHUB",
"id": "VHN-161297"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002901"
},
{
"db": "NVD",
"id": "CVE-2019-9862"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-927"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because \"encrypted signal transmission\" is missing, an attacker is able to eavesdrop sensitive data as cleartext (for instance, the current rolling code state). A security vulnerability exists in ABUSSecvestFUBE50014 and ABUSSecvestFUBE50015 that originated from the program\u0027s unencrypted sensitive data. An attacker could exploit the vulnerability to obtain sensitive data from transmitted packets and analyze all packet formats and communication protocols. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAdvisory ID: SYSS-2018-035\nProduct: ABUS Secvest Remote Control (FUBE50014, FUBE50015)\nManufacturer: ABUS\nAffected Version(s): n/a\nTested Version(s): n/a\nVulnerability Type: Missing Encryption of Sensitive Data (CWE-311)\nRisk Level: High\nSolution Status: Open\nManufacturer Notification: 2018-11-21\nSolution Date: -\nPublic Disclosure: 2019-03-25\nCVE Reference: CVE-2019-9862\nAuthors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nOverview:\n\nABUS Secvest FUBE50014 and FUBE50015 are wireless remote controls for\nthe ABUS Secvest wireless alarm system. \n\nSome of the device features as described by the manufacturer are\n(see [1]):\n\n\"\n* User-friendly remote control with easily identifiable symbols\n* Features \\x91arm\\x92, \\x91disarm\\x92 and \\x91status query\\x92 keys\n* 8 LEDs provide an overview and display current system status\n* Button for custom configuration available (Secvest wireless alarm\n system only)\n* Optional manual panic alarm available (Secvest wireless alarm system\n only)\n* Encrypted signal transmission\n* Rolling Code\n Thanks to the rolling code process this product is protected against\n so-called replay attacks. All controlling signals between this product\n and the Secvest alarm panel are in individualised and thus, are not\n able to be reproduced by third parties. This process is protected\n from third party tampering, and exceeds the requirements of the\n DIN EN 50131-1 level 2 security standard. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nProof of Concept (PoC):\n\nThomas Detert developed a Teensy-based PoC tool using a CC1101 sub-1GHz\ntransceiver that allows disarming the alarm system in an unauthorized\nway. He provided his tool including documentation and source to SySS\nGmbH for responsible disclosure purposes. \n\nSySS GmbH could successfully perform a disarming attack against an ABUS\nSecvest wireless alarm system by exploiting the unencrypted signal\ntransmission of the ABUS Secvest wireless remote controls FUBE50014 and\nFUBE50015 and the predictable rolling code implementation using either\nMr. Detert\u0027s PoC tool, a developed Python tool for the RFCat-based radio\ndongle YARD Stick One (see [3]), or a eZ430-Chronos (see [4]) with a\nspecially developed firmware. \n\nSuccessful disarming attacks against an ABUS Secvest wireless alarm\nsystem are shown in our SySS proof-of-concept video \"ABUS Secvest\nRolling Code PoC Attack\" [7]. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSolution:\n\nSySS GmbH is not aware of a solution for this reported security\nvulnerability. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclosure Timeline:\n\n2018-11-21: Vulnerability reported to manufacturer\n2018-11-28: Vulnerability reported to manufacturer once more\n2018-12-12: E-mail to ABUS support asking if they are going to give\n some feedback regarding the reported security issue\n2018-12-12: Phone call with ABUS support, the reported security\n advisories were forwarded to the ABUS Security Center\n Support\n2018-12-12: E-mail to ABUS Security Center Support asking if they are\n going to give some feedback regarding the reported security\n issue\n2019-01-14: Updated information regarding remote control ABUS Secvest\n FUBE50015\n2019-03-25: Public release of security advisory\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nReferences:\n\n[1] Product website for ABUS Secvest wireless remote control\n https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Control-devices-and-extensions/Secvest-Wireless-Remote-Control2\n[2] SySS Security Advisory SYSS-2018-034\n https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-034.txt\n[3] Product website YARD Stick One\n https://greatscottgadgets.com/yardstickone/\n[4] Product website for Texas Instruments eZ430-Chronos\n http://www.ti.com/tool/EZ430-CHRONOS\n[5] SySS Security Advisory SYSS-2018-035\n https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-035.txt\n[6] SySS GmbH, SySS Responsible Disclosure Policy\n https://www.syss.de/en/news/responsible-disclosure-policy/\n[7] SySS Proof-of-Concept Video: ABUS Secvest Rolling Code PoC Attack\n https://youtu.be/pSdsMVn-7gM\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCredits:\n\nThis security vulnerability was found by Thomas Detert. \n\nMr. Detert reported his finding to SySS GmbH where it was verified and\nlater reported to the manufacturer by Matthias Deeg. \n\nE-Mail: matthias.deeg (at) syss.de\nPublic Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc\nKey fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclaimer:\n\nThe information provided in this security advisory is provided \"as is\"\nand without warranty of any kind. Details of this security advisory may\nbe updated in order to provide as accurate information as possible. The\nlatest version of this security advisory is available on the SySS Web\nsite. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCopyright:\n\nCreative Commons - Attribution (by) - Version 3.0\nURL: http://creativecommons.org/licenses/by/3.0/deed.en\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAlyUoLoACgkQ2aS/ajSt\nTauU4Q/8CZRBKZPUkuVKjWkxurI4k9zH2+FRpVGlddz7Icx547VJdYUFLmGGXtQW\nyH5DrxrDJTM6IjPh8l6Dw3Vrf5EwP/AN5NAKKEeWGam+SVtF4jq2xZu7O+XgL5Q7\nMO2BrqMFv5v/8R8bYkWTczMcwnznMZB/9xQnFaGr4Tp//LH8VQ54UfQH/7fCgVGT\nRcHMKKx05EuRD4coU1uogwdsjfXDmY+hTEl9vArV6S6dtqKa1vXv54PN07mvlZNW\nCvojEpWXmkzlev4mDmS+WsjvDRKDE5AW9Dflg1pcQLH0/20eK4PAjJAlk+2qaxM0\ng1t3U6O/pjotp4BxHhrYvcPjAY0iLz4S1yCVte8VdQ1zZ1LQ0+N8zMBx3sp+Sfo0\nmCJuj/GBpgtS/AsBcsNiSlHgUhl6tIkhbrocJ5F8f5yx0NLWeSZ+iZPp2IxHqT/b\nZZj5xZd+WQjRnwN/Rp5Pe3Fgg/PBiCOpW4BmTiZytkm9fu23u3BDYC3daXzGgQmg\nWiodnGM/TsLWryuckh5blqP/595PNbvc/zdjofWHkz9fGX29hsvkoXo3AjFBYsFw\nmbtGKHPO9qod7Gp6xwLUVq4PXMP8Yhrif4/ZzHh2gzNFQ5gFH+6lUYpomwIqyw51\n3knWk51fjOd1suaXGzxN87zbhqKhVh+GsopwsrG5OvbSQXhnYIA=\n=5FYg\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9862"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002901"
},
{
"db": "CNVD",
"id": "CNVD-2019-08180"
},
{
"db": "VULHUB",
"id": "VHN-161297"
},
{
"db": "PACKETSTORM",
"id": "152217"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-161297",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161297"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9862",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "152217",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002901",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-927",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-08180",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-161297",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-08180"
},
{
"db": "VULHUB",
"id": "VHN-161297"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002901"
},
{
"db": "PACKETSTORM",
"id": "152217"
},
{
"db": "NVD",
"id": "CVE-2019-9862"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-927"
}
]
},
"id": "VAR-201903-0071",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-08180"
},
{
"db": "VULHUB",
"id": "VHN-161297"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-08180"
}
]
},
"last_update_date": "2023-12-18T13:52:24.566000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.abus.com/eng"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002901"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-311",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-161297"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002901"
},
{
"db": "NVD",
"id": "CVE-2019-9862"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2018-035.txt"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9862"
},
{
"trust": 1.2,
"url": "https://packetstormsecurity.com/files/152217/abus-secvest-remote-control-eavesdropping-issue.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9862"
},
{
"trust": 0.6,
"url": "http://seclists.org/bugtraq/2019/mar/38"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by/3.0/deed.en"
},
{
"trust": 0.1,
"url": "https://www.abus.com/eng/home-security/alarm-systems/secvest-wireless-alarm-system/control-devices-and-extensions/secvest-wireless-remote-control2"
},
{
"trust": 0.1,
"url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2018-034.txt"
},
{
"trust": 0.1,
"url": "https://www.syss.de/en/news/responsible-disclosure-policy/"
},
{
"trust": 0.1,
"url": "https://www.syss.de/fileadmin/dokumente/materialien/pgpkeys/matthias_deeg.asc"
},
{
"trust": 0.1,
"url": "https://youtu.be/psdsmvn-7gm"
},
{
"trust": 0.1,
"url": "http://www.ti.com/tool/ez430-chronos"
},
{
"trust": 0.1,
"url": "https://greatscottgadgets.com/yardstickone/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-08180"
},
{
"db": "VULHUB",
"id": "VHN-161297"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002901"
},
{
"db": "PACKETSTORM",
"id": "152217"
},
{
"db": "NVD",
"id": "CVE-2019-9862"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-927"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-08180"
},
{
"db": "VULHUB",
"id": "VHN-161297"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002901"
},
{
"db": "PACKETSTORM",
"id": "152217"
},
{
"db": "NVD",
"id": "CVE-2019-9862"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-927"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-08180"
},
{
"date": "2019-03-27T00:00:00",
"db": "VULHUB",
"id": "VHN-161297"
},
{
"date": "2019-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002901"
},
{
"date": "2019-03-25T16:07:03",
"db": "PACKETSTORM",
"id": "152217"
},
{
"date": "2019-03-27T14:29:02.097000",
"db": "NVD",
"id": "CVE-2019-9862"
},
{
"date": "2019-03-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-927"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-08180"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-161297"
},
{
"date": "2019-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002901"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-9862"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-927"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-927"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ABUS Information disclosure vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002901"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-927"
}
],
"trust": 0.6
}
}
VAR-202006-0224
Vulnerability from variot - Updated: 2023-12-18 13:01The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system. ABUS Secvest FUBE50001 The device contains a vulnerability related to information leakage.Information may be obtained and tampered with. ABUS Secvest FUBE50001 is a wireless control unit of German ABUS company.
There is a security loophole in the wireless communication function of the ABUS Secvest FUBE50001 device, which is caused by the program not encrypting sensitive data. Advisory ID: SYSS-2020-014 Product: ABUS Secvest Wireless Control Device (FUBE50001) Manufacturer: ABUS Affected Version(s): N/A Tested Version(s): N/A Vulnerability Type: Missing Encryption of Sensitive Data (CWE-311) Risk Level: High Solution Status: Open Manufacturer Notification: 2020-04-03 Solution Date: - Public Disclosure: 2020-06-17 CVE Reference: CVE-2020-14157 Authors of Advisory: Michael Rüttgers, Thomas Detert, Matthias Deeg (SySS GmbH)
Overview:
ABUS Secvest Wireless Control Device (FUBE50001) is a wireless control
panel for the ABUS Secvest wireless alarm system.
Some of the device features as described by the manufacturer are
(see [1]):
"
* Easy operation via code or proximity keyfob
The Secvest wireless control panel is an optional Secvest accessory.
Every wireless control panel can be operated from your system via PIN
code. It is possible to arm and disarm the panel via proximity keyfob.
* Flexible use in entrance areas
Up to 8 control panels can be integrated into the alarm system. These
additional modules can be placed in various areas of the building.
This provides added convenience for you, because Secvest can be armed
and disarmed directly on the wireless control panel, without the need
to go back to the central alarm panel every time.
In addition to internal arming or arming individual sub-areas, you can
also switch a single output, such as the garage door, if desired.
* Secure wireless communication
Thanks to a secure wireless communication procedure, this product is
protected against ‘replay attacks’, as are the Secvest wireless alarm
system and Secvest Touch alarm systems. This procedure for preventing
third-party tampering exceeds the requirements of the “DIN EN 50131-1
level 2” security standard.
Thus, an attacker observing radio signals of an ABUS FUBE50001
wireless control panel is able to see all sensitive data of transmitted
packets as cleartext and can analyze the used packet format and the
communication protocol.
By knowing the correct PIN code or the ID of a valid ABUS Secvest
proximity chip key, an attacker is able to disarm the wireless alarm
system in an unauthorized way.
Proof of Concept (PoC):
Michael Rüttgers, Thomas Detert, and Matthias Deeg developed different PoC software tools, either for the RFCat-based radio dongle YARD Stick One [3] in one version, or the GreatFet One neighbor Erica [4] in another one, that allowed sniffing out used PIN codes or used proximity chip key IDs when eavesdropping on the FUBE50001 wireless communication.
The following output exemplarily shows a successful PIN code sniffing attack:
$ python2 abus_fube50001_pin_sniffer.py ABUS Secvest FUBE50001 PIN Code Sniffer PoC - SySS GmbH (c) 2020 by Thomas Detert, Michael Rüttgers, and Matthias Deeg
[] Listening for ABUS FUBE50001 packets ... [] Received packet: f0f352b4ccb4ccd52aab52d2acd2d34d4cb34cb333332b34d4b530f0f0f352b4ccb4ccd52aab52d2acd2d34d4cb34cb333332b34d4b530f0f0f333333333117162f5 [] Decoded packet : da0a077ed5c549888800626b [] Received packet: f0f352b4b32b4d352ad5332aab2cb34cd3332cccb4ccacb354acaaaaccccd2ab32aab54d30f0f0f352b4b32b4d352ad5332aab2cb34cd3332cccb4ccacb354acaaaa [] Decoded packet : da86937707e4884040a0c8ecff005e1fb9 [] Detected FUBE50001 packet with FUBE50001 PIN [+] Sniffed PIN code: 1337 (...)
An example of a successful sniffing attack regarding the ID of an ABUS proximity chip key is illustrated in the following output:
$ python2 abus_fube50001_chip_key_id_sniffer.py ABUS Secvest FUBE50001 Proximity Chip Key ID Sniffer PoC - SySS GmbH (c) 2020 by Thomas Detert, Michael Rüttgers, and Matthias Deeg
[] Listening for ABUS FUBE50001 packets ... [] Received packet: f0f352b4b332b2cad52accd554d34cb32cccd33332b34ab2cd2b2d4ad32ad2aacaacd32b30f0f0f3057c0764bf788b6ce7d0de43f6c1cb71e7374b7bd7c7a1abe567 [] Decoded packet: da81937707e488404018b9165b475f3c46 [] Detected FUBE50001 packet with proximity token ID [+] Sniffed proximity chip key ID: 3805964445 (...)
The described sniffing attacks are also demonstrated in the SySS Proof-of-Concept Video titled "ABUS Secvest Sniffing Attack" which is available on the SySS YouTube Channel [8].
Solution:
SySS GmbH is not aware of a solution for this reported security
vulnerability.
Disclosure Timeline:
2020-04-03: Vulnerability reported to manufacturer 2020-06-17: Public release of security advisory
References:
[1] Product website for ABUS Secvest wireless control device
https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Control-devices-and-extensions/Secvest-Wireless-Control-Device
[2] SySS Security Advisory SYSS-2018-035
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-035.txt
[3] Product website YARD Stick One
https://greatscottgadgets.com/yardstickone/
[4] GreatFET One neighbor Erica targeting the 315/433/868/915 MHz
freqency bands
https://github.com/AsFaBw/erica
[5] GreatFET wiki
https://github.com/greatscottgadgets/greatfet/wiki
[6] SySS Security Advisory SYSS-2020-014
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt
[7] SySS GmbH, SySS Responsible Disclosure Policy
https://www.syss.de/en/news/responsible-disclosure-policy/
[8] SySS Proof of Concept Video: ABUS Secvest Sniffing Attack
https://www.youtube.com/watch?v=kCqAVYyahLc
Credits:
This security vulnerability was found by Michael Rüttgers and Thomas Detert.
Mr. Rüttgers and Mr. Detert reported this finding to SySS GmbH where it was verified and later reported to the manufacturer by Matthias Deeg.
E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB
Disclaimer:
The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory may
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS website.
Copyright:
Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-0224",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secvest wireless control fube50001",
"scope": "eq",
"trust": 1.0,
"vendor": "abus",
"version": null
},
{
"model": "secvest wireless remote control fube50001",
"scope": null,
"trust": 0.8,
"vendor": "abus",
"version": null
},
{
"model": "secvest fube50001",
"scope": null,
"trust": 0.6,
"vendor": "abus",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20276"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006935"
},
{
"db": "NVD",
"id": "CVE-2020-14157"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_control_fube50001_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_control_fube50001:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14157"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Thomas Detert, Michael Ruttgers",
"sources": [
{
"db": "PACKETSTORM",
"id": "158204"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1196"
}
],
"trust": 0.7
},
"cve": "CVE-2020-14157",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-006935",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2021-20276",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006935",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-14157",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006935",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-20276",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1196",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20276"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006935"
},
{
"db": "NVD",
"id": "CVE-2020-14157"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1196"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system. ABUS Secvest FUBE50001 The device contains a vulnerability related to information leakage.Information may be obtained and tampered with. ABUS Secvest FUBE50001 is a wireless control unit of German ABUS company. \n\r\n\r\nThere is a security loophole in the wireless communication function of the ABUS Secvest FUBE50001 device, which is caused by the program not encrypting sensitive data. Advisory ID: SYSS-2020-014\nProduct: ABUS Secvest Wireless Control Device (FUBE50001)\nManufacturer: ABUS\nAffected Version(s): N/A\nTested Version(s): N/A\nVulnerability Type: Missing Encryption of Sensitive Data (CWE-311)\nRisk Level: High\nSolution Status: Open\nManufacturer Notification: 2020-04-03\nSolution Date: -\nPublic Disclosure: 2020-06-17\nCVE Reference: CVE-2020-14157\nAuthors of Advisory: Michael R\u00fcttgers, Thomas Detert,\n Matthias Deeg (SySS GmbH)\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nOverview:\n\nABUS Secvest Wireless Control Device (FUBE50001) is a wireless control\npanel for the ABUS Secvest wireless alarm system. \n\nSome of the device features as described by the manufacturer are\n(see [1]):\n\n\"\n* Easy operation via code or proximity keyfob\n The Secvest wireless control panel is an optional Secvest accessory. \n Every wireless control panel can be operated from your system via PIN\n code. It is possible to arm and disarm the panel via proximity keyfob. \n\n* Flexible use in entrance areas\n Up to 8 control panels can be integrated into the alarm system. These\n additional modules can be placed in various areas of the building. \n This provides added convenience for you, because Secvest can be armed\n and disarmed directly on the wireless control panel, without the need\n to go back to the central alarm panel every time. \n In addition to internal arming or arming individual sub-areas, you can\n also switch a single output, such as the garage door, if desired. \n\n* Secure wireless communication\n Thanks to a secure wireless communication procedure, this product is\n protected against \u2018replay attacks\u2019, as are the Secvest wireless alarm\n system and Secvest Touch alarm systems. This procedure for preventing\n third-party tampering exceeds the requirements of the \u201cDIN EN 50131-1\n level 2\u201d security standard. \n\nThus, an attacker observing radio signals of an ABUS FUBE50001\nwireless control panel is able to see all sensitive data of transmitted\npackets as cleartext and can analyze the used packet format and the\ncommunication protocol. \n\nBy knowing the correct PIN code or the ID of a valid ABUS Secvest\nproximity chip key, an attacker is able to disarm the wireless alarm\nsystem in an unauthorized way. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nProof of Concept (PoC):\n\nMichael R\u00fcttgers, Thomas Detert, and Matthias Deeg developed different\nPoC software tools, either for the RFCat-based radio dongle YARD Stick\nOne [3] in one version, or the GreatFet One neighbor Erica [4] in another\none, that allowed sniffing out used PIN codes or used proximity chip key\nIDs when eavesdropping on the FUBE50001 wireless communication. \n\nThe following output exemplarily shows a successful PIN code sniffing\nattack:\n\n$ python2 abus_fube50001_pin_sniffer.py\nABUS Secvest FUBE50001 PIN Code Sniffer PoC - SySS GmbH (c) 2020\nby Thomas Detert, Michael R\u00fcttgers, and Matthias Deeg\n---\n[*] Listening for ABUS FUBE50001 packets ... \n[*] Received packet:\nf0f352b4ccb4ccd52aab52d2acd2d34d4cb34cb333332b34d4b530f0f0f352b4ccb4ccd52aab52d2acd2d34d4cb34cb333332b34d4b530f0f0f333333333117162f5\n[*] Decoded packet : da0a077ed5c549888800626b\n[*] Received packet:\nf0f352b4b32b4d352ad5332aab2cb34cd3332cccb4ccacb354acaaaaccccd2ab32aab54d30f0f0f352b4b32b4d352ad5332aab2cb34cd3332cccb4ccacb354acaaaa\n[*] Decoded packet : da86937707e4884040a0c8ecff005e1fb9\n[*] Detected FUBE50001 packet with FUBE50001 PIN\n[+] Sniffed PIN code: 1337\n(...)\n\nAn example of a successful sniffing attack regarding the ID of an ABUS\nproximity chip key is illustrated in the following output:\n\n$ python2 abus_fube50001_chip_key_id_sniffer.py\nABUS Secvest FUBE50001 Proximity Chip Key ID Sniffer PoC - SySS GmbH (c)\n2020\nby Thomas Detert, Michael R\u00fcttgers, and Matthias Deeg\n---\n[*] Listening for ABUS FUBE50001 packets ... \n[*] Received packet:\nf0f352b4b332b2cad52accd554d34cb32cccd33332b34ab2cd2b2d4ad32ad2aacaacd32b30f0f0f3057c0764bf788b6ce7d0de43f6c1cb71e7374b7bd7c7a1abe567\n[*] Decoded packet: da81937707e488404018b9165b475f3c46\n[*] Detected FUBE50001 packet with proximity token ID\n[+] Sniffed proximity chip key ID: 3805964445\n(...)\n\n\nThe described sniffing attacks are also demonstrated in the SySS\nProof-of-Concept Video titled \"ABUS Secvest Sniffing Attack\" which is\navailable on the SySS YouTube Channel [8]. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSolution:\n\nSySS GmbH is not aware of a solution for this reported security\nvulnerability. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclosure Timeline:\n\n2020-04-03: Vulnerability reported to manufacturer\n2020-06-17: Public release of security advisory\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nReferences:\n\n[1] Product website for ABUS Secvest wireless control device\n\nhttps://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Control-devices-and-extensions/Secvest-Wireless-Control-Device\n[2] SySS Security Advisory SYSS-2018-035\n\nhttps://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-035.txt\n[3] Product website YARD Stick One\n https://greatscottgadgets.com/yardstickone/\n[4] GreatFET One neighbor Erica targeting the 315/433/868/915 MHz\nfreqency bands\n https://github.com/AsFaBw/erica\n[5] GreatFET wiki\n https://github.com/greatscottgadgets/greatfet/wiki\n[6] SySS Security Advisory SYSS-2020-014\n\nhttps://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-014.txt\n[7] SySS GmbH, SySS Responsible Disclosure Policy\n https://www.syss.de/en/news/responsible-disclosure-policy/\n[8] SySS Proof of Concept Video: ABUS Secvest Sniffing Attack\n https://www.youtube.com/watch?v=kCqAVYyahLc\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCredits:\n\nThis security vulnerability was found by Michael R\u00fcttgers and Thomas\nDetert. \n\nMr. R\u00fcttgers and Mr. Detert reported this finding to SySS GmbH where it\nwas verified and later reported to the manufacturer by Matthias Deeg. \n\nE-Mail: matthias.deeg (at) syss.de\nPublic Key:\nhttps://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc\nKey fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclaimer:\n\nThe information provided in this security advisory is provided \"as is\"\nand without warranty of any kind. Details of this security advisory may\nbe updated in order to provide as accurate information as possible. The\nlatest version of this security advisory is available on the SySS website. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCopyright:\n\nCreative Commons - Attribution (by) - Version 3.0\nURL: http://creativecommons.org/licenses/by/3.0/deed.en\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14157"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006935"
},
{
"db": "CNVD",
"id": "CNVD-2021-20276"
},
{
"db": "PACKETSTORM",
"id": "158204"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-14157",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "158204",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006935",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-20276",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47348",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1196",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20276"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006935"
},
{
"db": "PACKETSTORM",
"id": "158204"
},
{
"db": "NVD",
"id": "CVE-2020-14157"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1196"
}
]
},
"id": "VAR-202006-0224",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20276"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20276"
}
]
},
"last_update_date": "2023-12-18T13:01:44.492000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.abus.com/eng"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006935"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006935"
},
{
"db": "NVD",
"id": "CVE-2020-14157"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2020-014.txt"
},
{
"trust": 2.2,
"url": "http://packetstormsecurity.com/files/158204/abus-secvest-wireless-control-device-missing-encryption.html"
},
{
"trust": 1.7,
"url": "https://www.youtube.com/watch?v=kcqavyyahlc"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2020/jun/26"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14157"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14157"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47348"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by/3.0/deed.en"
},
{
"trust": 0.1,
"url": "https://www.syss.de/en/news/responsible-disclosure-policy/"
},
{
"trust": 0.1,
"url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2018-035.txt"
},
{
"trust": 0.1,
"url": "https://www.abus.com/eng/home-security/alarm-systems/secvest-wireless-alarm-system/control-devices-and-extensions/secvest-wireless-control-device"
},
{
"trust": 0.1,
"url": "https://www.syss.de/fileadmin/dokumente/materialien/pgpkeys/matthias_deeg.asc"
},
{
"trust": 0.1,
"url": "https://github.com/asfabw/erica"
},
{
"trust": 0.1,
"url": "https://github.com/greatscottgadgets/greatfet/wiki"
},
{
"trust": 0.1,
"url": "https://greatscottgadgets.com/yardstickone/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20276"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006935"
},
{
"db": "PACKETSTORM",
"id": "158204"
},
{
"db": "NVD",
"id": "CVE-2020-14157"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1196"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-20276"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006935"
},
{
"db": "PACKETSTORM",
"id": "158204"
},
{
"db": "NVD",
"id": "CVE-2020-14157"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1196"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-20276"
},
{
"date": "2020-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006935"
},
{
"date": "2020-06-23T21:28:06",
"db": "PACKETSTORM",
"id": "158204"
},
{
"date": "2020-06-17T20:15:10.057000",
"db": "NVD",
"id": "CVE-2020-14157"
},
{
"date": "2020-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1196"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-20276"
},
{
"date": "2020-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006935"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2020-14157"
},
{
"date": "2020-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1196"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1196"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABUS Secvest FUBE50001 Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20276"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1196"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1196"
}
],
"trust": 0.6
}
}
VAR-201909-1013
Vulnerability from variot - Updated: 2023-12-18 12:43An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Due to an insufficient implementation of jamming detection, an attacker is able to suppress correctly received RF messages sent between wireless peripheral components, e.g., wireless detectors or remote controls, and the ABUS Secvest alarm central. An attacker is able to perform a "reactive jamming" attack. The reactive jamming simply detects the start of a RF message sent by a component of the ABUS Secvest wireless alarm system, for instance a wireless motion detector (FUBW50000) or a remote control (FUBE50014 or FUBE50015), and overlays it with random data before the original RF message ends. Thereby, the receiver (alarm central) is not able to properly decode the original transmitted signal. This enables an attacker to suppress correctly received RF messages of the wireless alarm system in an unauthorized manner, for instance status messages sent by a detector indicating an intrusion. ABUS Secvest FUAA50000 The device contains cryptographic vulnerabilities.Information may be tampered with. ABUS Secvest FUAA50000 is a wireless remote control from ABUS, Germany. A security vulnerability exists in ABUS Secvest FUAA50000. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Advisory ID: SYSS-2019-004 Product: ABUS Secvest (FUAA50000) Manufacturer: ABUS Affected Version(s): v3.01.01 Tested Version(s): v3.01.01 Vulnerability Type: Message Transmission - Unchecked Error Condition (CWE-391) Risk Level: High Solution Status: Open Manufacturer Notification: 2019-03-02 Solution Date: - Public Disclosure: 2019-07-26 CVE Reference: CVE-2019-14261 Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert
Overview:
ABUS Secvest (FUAA50000) is a wireless alarm system with different
features.
Proof of Concept (PoC):
Thomas Detert developed a Teensy-based PoC tool using a CC1101 sub-1GHz transceiver that allows suppressing arming the alarm system in an unauthorized way. He provided his tool including documentation and source to SySS GmbH for responsible disclosure purposes.
Solution:
SySS GmbH is not aware of a solution for this reported security
vulnerability.
Disclosure Timeline:
2019-03-02: Vulnerability reported to manufacturer 2019-07-26: Public release of security advisory
References:
[1] Product website for ABUS Secvest wireless alarm system
https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Alarm-panels-and-kits/Secvest-Wireless-Alarm-System
[2] SySS Security Advisory SYSS-2019-004
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-004.txt
[3] SySS GmbH, SySS Responsible Disclosure Policy
https://www.syss.de/en/news/responsible-disclosure-policy/
Credits:
This security vulnerability was found by Thomas Detert.
Mr. Detert reported his finding to SySS GmbH where it was verified and later reported to the manufacturer by Matthias Deeg.
E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB
Disclaimer:
The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory may
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS Web
site.
Copyright:
Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-1013",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secvest wireless alarm system fuaa50000",
"scope": "eq",
"trust": 1.8,
"vendor": "abus",
"version": "3.01.01"
},
{
"model": "secvest fuaa50000",
"scope": "eq",
"trust": 0.6,
"vendor": "abus",
"version": "v3.01.01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-29126"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008882"
},
{
"db": "NVD",
"id": "CVE-2019-14261"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_alarm_system_fuaa50000_firmware:3.01.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_alarm_system_fuaa50000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-14261"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matthias Deeg",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-1412"
}
],
"trust": 0.6
},
"cve": "CVE-2019-14261",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-14261",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-29126",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-146190",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-14261",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-14261",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-29126",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-1412",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-146190",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-29126"
},
{
"db": "VULHUB",
"id": "VHN-146190"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008882"
},
{
"db": "NVD",
"id": "CVE-2019-14261"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1412"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Due to an insufficient implementation of jamming detection, an attacker is able to suppress correctly received RF messages sent between wireless peripheral components, e.g., wireless detectors or remote controls, and the ABUS Secvest alarm central. An attacker is able to perform a \"reactive jamming\" attack. The reactive jamming simply detects the start of a RF message sent by a component of the ABUS Secvest wireless alarm system, for instance a wireless motion detector (FUBW50000) or a remote control (FUBE50014 or FUBE50015), and overlays it with random data before the original RF message ends. Thereby, the receiver (alarm central) is not able to properly decode the original transmitted signal. This enables an attacker to suppress correctly received RF messages of the wireless alarm system in an unauthorized manner, for instance status messages sent by a detector indicating an intrusion. ABUS Secvest FUAA50000 The device contains cryptographic vulnerabilities.Information may be tampered with. ABUS Secvest FUAA50000 is a wireless remote control from ABUS, Germany. A security vulnerability exists in ABUS Secvest FUAA50000. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Advisory ID: SYSS-2019-004\nProduct: ABUS Secvest (FUAA50000)\nManufacturer: ABUS\nAffected Version(s): v3.01.01\nTested Version(s): v3.01.01\nVulnerability Type: Message Transmission - Unchecked Error Condition\n(CWE-391)\nRisk Level: High\nSolution Status: Open\nManufacturer Notification: 2019-03-02\nSolution Date: -\nPublic Disclosure: 2019-07-26\nCVE Reference: CVE-2019-14261\nAuthors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nOverview:\n\nABUS Secvest (FUAA50000) is a wireless alarm system with different\nfeatures. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nProof of Concept (PoC):\n\nThomas Detert developed a Teensy-based PoC tool using a CC1101 sub-1GHz\ntransceiver that allows suppressing arming the alarm system in an\nunauthorized way. He provided his tool including documentation and\nsource to SySS GmbH for responsible disclosure purposes. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSolution:\n\nSySS GmbH is not aware of a solution for this reported security\nvulnerability. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclosure Timeline:\n\n2019-03-02: Vulnerability reported to manufacturer\n2019-07-26: Public release of security advisory\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nReferences:\n\n[1] Product website for ABUS Secvest wireless alarm system\n\nhttps://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Alarm-panels-and-kits/Secvest-Wireless-Alarm-System\n[2] SySS Security Advisory SYSS-2019-004\n\nhttps://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-004.txt\n[3] SySS GmbH, SySS Responsible Disclosure Policy\n https://www.syss.de/en/news/responsible-disclosure-policy/\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCredits:\n\nThis security vulnerability was found by Thomas Detert. \n\nMr. Detert reported his finding to SySS GmbH where it was verified and\nlater reported to the manufacturer by Matthias Deeg. \n\nE-Mail: matthias.deeg (at) syss.de\nPublic Key:\nhttps://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc\nKey fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nDisclaimer:\n\nThe information provided in this security advisory is provided \"as is\"\nand without warranty of any kind. Details of this security advisory may\nbe updated in order to provide as accurate information as possible. The\nlatest version of this security advisory is available on the SySS Web\nsite. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nCopyright:\n\nCreative Commons - Attribution (by) - Version 3.0\nURL: http://creativecommons.org/licenses/by/3.0/deed.en\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-14261"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008882"
},
{
"db": "CNVD",
"id": "CNVD-2019-29126"
},
{
"db": "VULHUB",
"id": "VHN-146190"
},
{
"db": "PACKETSTORM",
"id": "153780"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-14261",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "153780",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008882",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1412",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-29126",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-146190",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-29126"
},
{
"db": "VULHUB",
"id": "VHN-146190"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008882"
},
{
"db": "PACKETSTORM",
"id": "153780"
},
{
"db": "NVD",
"id": "CVE-2019-14261"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1412"
}
]
},
"id": "VAR-201909-1013",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-29126"
},
{
"db": "VULHUB",
"id": "VHN-146190"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-29126"
}
]
},
"last_update_date": "2023-12-18T12:43:17.872000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.abus.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008882"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-146190"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008882"
},
{
"db": "NVD",
"id": "CVE-2019-14261"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.syss.de/fileadmin/dokumente/publikationen/advisories/syss-2019-004.txt"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/jul/52"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2019/jul/30"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/153780/abus-secvest-3.01.01-unchecked-message-transmission-error-condition.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14261"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14261"
},
{
"trust": 0.6,
"url": "http://seclists.org/fulldisclosure/2019/jul/36"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by/3.0/deed.en"
},
{
"trust": 0.1,
"url": "https://www.syss.de/en/news/responsible-disclosure-policy/"
},
{
"trust": 0.1,
"url": "https://www.syss.de/fileadmin/dokumente/materialien/pgpkeys/matthias_deeg.asc"
},
{
"trust": 0.1,
"url": "https://www.abus.com/eng/home-security/alarm-systems/secvest-wireless-alarm-system/alarm-panels-and-kits/secvest-wireless-alarm-system"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-29126"
},
{
"db": "VULHUB",
"id": "VHN-146190"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008882"
},
{
"db": "PACKETSTORM",
"id": "153780"
},
{
"db": "NVD",
"id": "CVE-2019-14261"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1412"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-29126"
},
{
"db": "VULHUB",
"id": "VHN-146190"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008882"
},
{
"db": "PACKETSTORM",
"id": "153780"
},
{
"db": "NVD",
"id": "CVE-2019-14261"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1412"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-29126"
},
{
"date": "2019-09-03T00:00:00",
"db": "VULHUB",
"id": "VHN-146190"
},
{
"date": "2019-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008882"
},
{
"date": "2019-07-27T17:38:08",
"db": "PACKETSTORM",
"id": "153780"
},
{
"date": "2019-09-03T18:15:12.327000",
"db": "NVD",
"id": "CVE-2019-14261"
},
{
"date": "2019-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-1412"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-29126"
},
{
"date": "2019-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-146190"
},
{
"date": "2019-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008882"
},
{
"date": "2019-09-05T20:37:22.630000",
"db": "NVD",
"id": "CVE-2019-14261"
},
{
"date": "2019-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-1412"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "153780"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1412"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABUS Secvest FUAA50000 Cryptographic vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008882"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-1412"
}
],
"trust": 0.6
}
}
VAR-202104-0194
Vulnerability from variot - Updated: 2023-12-18 11:49The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface. Someone can use this vulnerability to obtain sensitive information from the system, such as usernames and passwords. This information can then be used to reconfigure or disable the alarm system. ABUS Secvest FUAA50000 is a wireless remote control made by ABUS in Germany.
ABUS Secvest FUAA50000 version 3.01.17 has an information disclosure vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-0194",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secvest wireless alarm system fuaa50000",
"scope": "eq",
"trust": 1.0,
"vendor": "abus",
"version": "3.01.17"
},
{
"model": "secvest fuaa50000",
"scope": "eq",
"trust": 0.6,
"vendor": "abus",
"version": "3.01.17"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-36600"
},
{
"db": "NVD",
"id": "CVE-2020-28973"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abus:secvest_wireless_alarm_system_fuaa50000_firmware:3.01.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abus:secvest_wireless_alarm_system_fuaa50000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-28973"
}
]
},
"cve": "CVE-2020-28973",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-36600",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-28973",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-28973",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-36600",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-1598",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-28973",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-36600"
},
{
"db": "VULMON",
"id": "CVE-2020-28973"
},
{
"db": "NVD",
"id": "CVE-2020-28973"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1598"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface. Someone can use this vulnerability to obtain sensitive information from the system, such as usernames and passwords. This information can then be used to reconfigure or disable the alarm system. ABUS Secvest FUAA50000 is a wireless remote control made by ABUS in Germany. \n\r\n\r\nABUS Secvest FUAA50000 version 3.01.17 has an information disclosure vulnerability. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-28973"
},
{
"db": "CNVD",
"id": "CNVD-2021-36600"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2020-28973"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-28973",
"trust": 2.3
},
{
"db": "CNVD",
"id": "CNVD-2021-36600",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042601",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1598",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-28973",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-36600"
},
{
"db": "VULMON",
"id": "CVE-2020-28973"
},
{
"db": "NVD",
"id": "CVE-2020-28973"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1598"
}
]
},
"id": "VAR-202104-0194",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-36600"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-36600"
}
]
},
"last_update_date": "2023-12-18T11:49:48.515000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for ABUS Secvest FUAA50000 Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/266756"
},
{
"title": "ABUS Secvest FUAA50000 Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=148732"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-36600"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1598"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-28973"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://eye.security/en/blog/breaking-abus-secvest-internet-connected-alarm-systems-cve-2020-28973"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28973"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042601"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-36600"
},
{
"db": "VULMON",
"id": "CVE-2020-28973"
},
{
"db": "NVD",
"id": "CVE-2020-28973"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1598"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-36600"
},
{
"db": "VULMON",
"id": "CVE-2020-28973"
},
{
"db": "NVD",
"id": "CVE-2020-28973"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1598"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-36600"
},
{
"date": "2021-04-21T00:00:00",
"db": "VULMON",
"id": "CVE-2020-28973"
},
{
"date": "2021-04-21T19:15:35.783000",
"db": "NVD",
"id": "CVE-2020-28973"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-1598"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-36600"
},
{
"date": "2021-04-27T00:00:00",
"db": "VULMON",
"id": "CVE-2020-28973"
},
{
"date": "2022-06-28T14:11:45.273000",
"db": "NVD",
"id": "CVE-2020-28973"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-1598"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-1598"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABUS Secvest FUAA50000 Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-36600"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1598"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}