Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by envirosys
VAR-201605-0350
Vulnerability from variot - Updated: 2023-12-18 12:20Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. ESC 8832 is a web-based SCADA system from ESC Corporation of the United States. A security vulnerability exists in ESC 8832 3.02 and earlier. A remote attacker can exploit the vulnerability to gain unauthorized access by performing a brute force attack on the parameters. An authentication-bypass vulnerability 2. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0350",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esc 8832 data controller",
"scope": "lte",
"trust": 1.0,
"vendor": "envirosys",
"version": "3.02"
},
{
"model": "esc 8832 data controller",
"scope": "lte",
"trust": 0.8,
"vendor": "environmental",
"version": "3.02"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "esc",
"version": "8832\u003c=3.02"
},
{
"model": "esc 8832 data controller",
"scope": "eq",
"trust": 0.6,
"vendor": "envirosys",
"version": "3.02"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "esc 8832 data controller",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "6f4179f1-04f9-4dc5-92a9-0335feb0b688"
},
{
"db": "CNVD",
"id": "CNVD-2016-03674"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002965"
},
{
"db": "NVD",
"id": "CVE-2016-4502"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-650"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:envirosys:esc_8832_data_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.02",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4502"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Rupp and Balazs Makany.",
"sources": [
{
"db": "BID",
"id": "90898"
}
],
"trust": 0.3
},
"cve": "CVE-2016-4502",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-4502",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-03674",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "6f4179f1-04f9-4dc5-92a9-0335feb0b688",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-93321",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-4502",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4502",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-03674",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-650",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "6f4179f1-04f9-4dc5-92a9-0335feb0b688",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-93321",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "6f4179f1-04f9-4dc5-92a9-0335feb0b688"
},
{
"db": "CNVD",
"id": "CNVD-2016-03674"
},
{
"db": "VULHUB",
"id": "VHN-93321"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002965"
},
{
"db": "NVD",
"id": "CVE-2016-4502"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-650"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. ESC 8832 is a web-based SCADA system from ESC Corporation of the United States. A security vulnerability exists in ESC 8832 3.02 and earlier. A remote attacker can exploit the vulnerability to gain unauthorized access by performing a brute force attack on the parameters. An authentication-bypass vulnerability\n2. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4502"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002965"
},
{
"db": "CNVD",
"id": "CNVD-2016-03674"
},
{
"db": "BID",
"id": "90898"
},
{
"db": "IVD",
"id": "6f4179f1-04f9-4dc5-92a9-0335feb0b688"
},
{
"db": "VULHUB",
"id": "VHN-93321"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4502",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-147-01",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201605-650",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-03674",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002965",
"trust": 0.8
},
{
"db": "BID",
"id": "90898",
"trust": 0.3
},
{
"db": "IVD",
"id": "6F4179F1-04F9-4DC5-92A9-0335FEB0B688",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-91729",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-91722",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-93321",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "6f4179f1-04f9-4dc5-92a9-0335feb0b688"
},
{
"db": "CNVD",
"id": "CNVD-2016-03674"
},
{
"db": "VULHUB",
"id": "VHN-93321"
},
{
"db": "BID",
"id": "90898"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002965"
},
{
"db": "NVD",
"id": "CVE-2016-4502"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-650"
}
]
},
"id": "VAR-201605-0350",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "6f4179f1-04f9-4dc5-92a9-0335feb0b688"
},
{
"db": "CNVD",
"id": "CNVD-2016-03674"
},
{
"db": "VULHUB",
"id": "VHN-93321"
}
],
"trust": 0.09
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "6f4179f1-04f9-4dc5-92a9-0335feb0b688"
},
{
"db": "CNVD",
"id": "CNVD-2016-03674"
}
]
},
"last_update_date": "2023-12-18T12:20:30.596000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.envirosys.com/"
},
{
"title": "46416\uff1aEnvironmental Systems Corporation Data Controller Privilege Management Vulnerability",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=46416"
},
{
"title": "ESC 8832 is not authorized to access vulnerable patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/76666"
},
{
"title": "ESC 8832 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61960"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03674"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002965"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-650"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93321"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002965"
},
{
"db": "NVD",
"id": "CVE-2016-4502"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-147-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4502"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4502"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03674"
},
{
"db": "VULHUB",
"id": "VHN-93321"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002965"
},
{
"db": "NVD",
"id": "CVE-2016-4502"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-650"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "6f4179f1-04f9-4dc5-92a9-0335feb0b688"
},
{
"db": "CNVD",
"id": "CNVD-2016-03674"
},
{
"db": "VULHUB",
"id": "VHN-93321"
},
{
"db": "BID",
"id": "90898"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002965"
},
{
"db": "NVD",
"id": "CVE-2016-4502"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-650"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-30T00:00:00",
"db": "IVD",
"id": "6f4179f1-04f9-4dc5-92a9-0335feb0b688"
},
{
"date": "2016-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03674"
},
{
"date": "2016-05-31T00:00:00",
"db": "VULHUB",
"id": "VHN-93321"
},
{
"date": "2016-05-26T00:00:00",
"db": "BID",
"id": "90898"
},
{
"date": "2016-06-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002965"
},
{
"date": "2016-05-31T01:59:09.243000",
"db": "NVD",
"id": "CVE-2016-4502"
},
{
"date": "2016-05-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-650"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03674"
},
{
"date": "2016-06-07T00:00:00",
"db": "VULHUB",
"id": "VHN-93321"
},
{
"date": "2016-05-26T00:00:00",
"db": "BID",
"id": "90898"
},
{
"date": "2016-06-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002965"
},
{
"date": "2016-06-07T14:25:30.227000",
"db": "NVD",
"id": "CVE-2016-4502"
},
{
"date": "2016-06-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-650"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-650"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ESC 8832 Unauthorized Access Vulnerability",
"sources": [
{
"db": "IVD",
"id": "6f4179f1-04f9-4dc5-92a9-0335feb0b688"
},
{
"db": "CNVD",
"id": "CNVD-2016-03674"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-650"
}
],
"trust": 0.6
}
}
VAR-201605-0349
Vulnerability from variot - Updated: 2023-12-18 12:20Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlA third party may bypass authentication and change any settings. ESC 8832 is a web-based SCADA system from ESC Corporation of the United States. A security vulnerability exists in ESC 8832 3.02 and earlier. A remote attacker could exploit the vulnerability to unauthorizedly change the configuration. An authentication-bypass vulnerability 2. A privilege-escalation vulnerability An attacker can exploit these issues to bypass the authentication mechanism and to gain elevated privileges on an affected application. This may aid in further attacks. The vulnerability is caused by the program not handling sessions correctly
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0349",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "esc 8832 data controller",
"scope": "lte",
"trust": 1.0,
"vendor": "envirosys",
"version": "3.02"
},
{
"model": "esc 8832 data controller",
"scope": "lte",
"trust": 0.8,
"vendor": "environmental",
"version": "3.02"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "esc",
"version": "8832\u003c=3.02"
},
{
"model": "esc 8832 data controller",
"scope": "eq",
"trust": 0.6,
"vendor": "envirosys",
"version": "3.02"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "esc 8832 data controller",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "4d3cc405-6675-4e6b-801b-53cca2ad5808"
},
{
"db": "CNVD",
"id": "CNVD-2016-03675"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002964"
},
{
"db": "NVD",
"id": "CVE-2016-4501"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-649"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:envirosys:esc_8832_data_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.02",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4501"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Rupp and Balazs Makany.",
"sources": [
{
"db": "BID",
"id": "90898"
}
],
"trust": 0.3
},
"cve": "CVE-2016-4501",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-4501",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-03675",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "4d3cc405-6675-4e6b-801b-53cca2ad5808",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-93320",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-4501",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4501",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2016-03675",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-649",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "4d3cc405-6675-4e6b-801b-53cca2ad5808",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-93320",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4d3cc405-6675-4e6b-801b-53cca2ad5808"
},
{
"db": "CNVD",
"id": "CNVD-2016-03675"
},
{
"db": "VULHUB",
"id": "VHN-93320"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002964"
},
{
"db": "NVD",
"id": "CVE-2016-4501"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-649"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlA third party may bypass authentication and change any settings. ESC 8832 is a web-based SCADA system from ESC Corporation of the United States. A security vulnerability exists in ESC 8832 3.02 and earlier. A remote attacker could exploit the vulnerability to unauthorizedly change the configuration. An authentication-bypass vulnerability\n2. A privilege-escalation vulnerability\nAn attacker can exploit these issues to bypass the authentication mechanism and to gain elevated privileges on an affected application. This may aid in further attacks. The vulnerability is caused by the program not handling sessions correctly",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4501"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002964"
},
{
"db": "CNVD",
"id": "CNVD-2016-03675"
},
{
"db": "BID",
"id": "90898"
},
{
"db": "IVD",
"id": "4d3cc405-6675-4e6b-801b-53cca2ad5808"
},
{
"db": "VULHUB",
"id": "VHN-93320"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4501",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-147-01",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201605-649",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-03675",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002964",
"trust": 0.8
},
{
"db": "BID",
"id": "90898",
"trust": 0.3
},
{
"db": "IVD",
"id": "4D3CC405-6675-4E6B-801B-53CCA2AD5808",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-93320",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "4d3cc405-6675-4e6b-801b-53cca2ad5808"
},
{
"db": "CNVD",
"id": "CNVD-2016-03675"
},
{
"db": "VULHUB",
"id": "VHN-93320"
},
{
"db": "BID",
"id": "90898"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002964"
},
{
"db": "NVD",
"id": "CVE-2016-4501"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-649"
}
]
},
"id": "VAR-201605-0349",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "4d3cc405-6675-4e6b-801b-53cca2ad5808"
},
{
"db": "CNVD",
"id": "CNVD-2016-03675"
},
{
"db": "VULHUB",
"id": "VHN-93320"
}
],
"trust": 0.09
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "4d3cc405-6675-4e6b-801b-53cca2ad5808"
},
{
"db": "CNVD",
"id": "CNVD-2016-03675"
}
]
},
"last_update_date": "2023-12-18T12:20:30.559000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.envirosys.com/"
},
{
"title": "46415\uff1aEnvironmental Systems Corporation Data Controller Authentication Bypass Vulnerability",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=46415"
},
{
"title": "ESC 8832 is not authorized to patch vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/76665"
},
{
"title": "ESC 8832 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61959"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03675"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002964"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-649"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93320"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002964"
},
{
"db": "NVD",
"id": "CVE-2016-4501"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-147-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4501"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4501"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03675"
},
{
"db": "VULHUB",
"id": "VHN-93320"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002964"
},
{
"db": "NVD",
"id": "CVE-2016-4501"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-649"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "4d3cc405-6675-4e6b-801b-53cca2ad5808"
},
{
"db": "CNVD",
"id": "CNVD-2016-03675"
},
{
"db": "VULHUB",
"id": "VHN-93320"
},
{
"db": "BID",
"id": "90898"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002964"
},
{
"db": "NVD",
"id": "CVE-2016-4501"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-649"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-30T00:00:00",
"db": "IVD",
"id": "4d3cc405-6675-4e6b-801b-53cca2ad5808"
},
{
"date": "2016-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03675"
},
{
"date": "2016-05-31T00:00:00",
"db": "VULHUB",
"id": "VHN-93320"
},
{
"date": "2016-05-26T00:00:00",
"db": "BID",
"id": "90898"
},
{
"date": "2016-06-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002964"
},
{
"date": "2016-05-31T01:59:08.337000",
"db": "NVD",
"id": "CVE-2016-4501"
},
{
"date": "2016-05-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-649"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03675"
},
{
"date": "2016-06-07T00:00:00",
"db": "VULHUB",
"id": "VHN-93320"
},
{
"date": "2016-05-26T00:00:00",
"db": "BID",
"id": "90898"
},
{
"date": "2016-06-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002964"
},
{
"date": "2016-06-07T14:23:30.477000",
"db": "NVD",
"id": "CVE-2016-4501"
},
{
"date": "2016-06-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-649"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-649"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Environmental Systems Corporation 8832 Data Controller Vulnerabilities that bypass authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002964"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-649"
}
],
"trust": 0.6
}
}
CVE-2016-4502 (GCVE-0-2016-4502)
Vulnerability from nvd – Published: 2016-05-31 01:00 – Updated: 2024-08-06 00:32- n/a
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-05-31T01:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-4502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-4502",
"datePublished": "2016-05-31T01:00:00.000Z",
"dateReserved": "2016-05-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:32:25.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4501 (GCVE-0-2016-4501)
Vulnerability from nvd – Published: 2016-05-31 01:00 – Updated: 2024-08-06 00:32- n/a
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-05-31T01:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-4501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-4501",
"datePublished": "2016-05-31T01:00:00.000Z",
"dateReserved": "2016-05-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:32:25.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4501 (GCVE-0-2016-4501)
Vulnerability from cvelistv5 – Published: 2016-05-31 01:00 – Updated: 2024-08-06 00:32- n/a
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-05-31T01:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-4501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-4501",
"datePublished": "2016-05-31T01:00:00.000Z",
"dateReserved": "2016-05-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:32:25.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4502 (GCVE-0-2016-4502)
Vulnerability from cvelistv5 – Published: 2016-05-31 01:00 – Updated: 2024-08-06 00:32- n/a
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-05-31T01:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-4502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier allows remote attackers to bypass intended access restrictions and execute arbitrary functions via a modified parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-147-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-4502",
"datePublished": "2016-05-31T01:00:00.000Z",
"dateReserved": "2016-05-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:32:25.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}