Vulnerability-Lookup

CVE-2017-9947 (GCVE-0-2017-9947)

Vulnerability from cvelistv5 – Published: 2017-10-23 00:00 – Updated: 2024-08-05 17:25

Summary

Severity

No CVSS data available.

CWE

CWE-538 - File and Directory Information Exposure

Assigner

siemens

References

4 references

URL	Tags
http://www.securityfocus.com/bid/101248	vdb-entry
https://www.siemens.com/cert/pool/cert/siemens_se…
https://cert-portal.siemens.com/productcert/pdf/s…
http://packetstormsecurity.com/files/169544/Sieme…

Impacted products

1 product

Vendor	Product	Version
n/a	APOGEE PXC and TALON TC BACnet Automation Controllers All versions <V3.5	Affected: APOGEE PXC and TALON TC BACnet Automation Controllers All versions <V3.5

Date Public

2017-10-23 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:25:00.484Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "101248",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101248"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "APOGEE PXC and TALON TC BACnet Automation Controllers All versions \u003cV3.5",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "APOGEE PXC and TALON TC BACnet Automation Controllers All versions \u003cV3.5"
            }
          ]
        }
      ],
      "datePublic": "2017-10-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions \u003cV3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-538",
              "description": "CWE-538: File and Directory Information Exposure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-28T00:00:00.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "name": "101248",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/101248"
        },
        {
          "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf"
        },
        {
          "url": "http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2017-9947",
    "datePublished": "2017-10-23T00:00:00.000Z",
    "dateReserved": "2017-06-26T00:00:00.000Z",
    "dateUpdated": "2024-08-05T17:25:00.484Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2017-9947",
      "date": "2026-05-30",
      "epss": "0.08458",
      "percentile": "0.92481"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:apogee_pxc_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.5\", \"matchCriteriaId\": \"2449F533-CA42-44D4-B69E-B7B9F3A4EAD9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:apogee_pxc:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B73DAA70-4CFB-4E63-ADC7-EC8A93E0BBBB\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.5\", \"matchCriteriaId\": \"B1604D4C-3E06-46D0-8D39-0A5BC7CE5A1D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9485F0B-03E0-4442-B615-2DA91AE1CD00\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.5\", \"matchCriteriaId\": \"23756E05-4AD6-4888-AC07-C8E906CA5722\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46D32EF0-8AEC-4594-8928-45F34DC60600\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:talon_tc_modular_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.5\", \"matchCriteriaId\": \"AB1AF7BE-295B-4386-81F3-B08A1E15DD5F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:talon_tc_modular:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"00C647D8-1725-42FA-8042-6C413EE67573\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions \u003cV3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices.\"}, {\"lang\": \"es\", \"value\": \"Se ha identificado una vulnerabilidad en Siemens APOGEE PXC y TALON TC BACnet Automation Controllers en todas las versiones anteriores a la V3.5. Una vulnerabilidad de salto de directorio podr\\u00c3\\u00ada permitir a un atacante remoto con acceso de red al servidor web integrado (80/tcp y 443/tcp) obtener informaci\\u00c3\\u00b3n de la estructura del sistema de archivos de los dispositivos afectados.\"}]",
      "id": "CVE-2017-9947",
      "lastModified": "2024-11-21T03:37:13.890",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-10-23T08:29:00.867",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/101248\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/101248\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "productcert@siemens.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"productcert@siemens.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-538\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-9947\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2017-10-23T08:29:00.867\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions \u003cV3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en Siemens APOGEE PXC y TALON TC BACnet Automation Controllers en todas las versiones anteriores a la V3.5. Una vulnerabilidad de salto de directorio podr\u00c3\u00ada permitir a un atacante remoto con acceso de red al servidor web integrado (80/tcp y 443/tcp) obtener informaci\u00c3\u00b3n de la estructura del sistema de archivos de los dispositivos afectados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-538\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:apogee_pxc_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.5\",\"matchCriteriaId\":\"2449F533-CA42-44D4-B69E-B7B9F3A4EAD9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:apogee_pxc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B73DAA70-4CFB-4E63-ADC7-EC8A93E0BBBB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.5\",\"matchCriteriaId\":\"B1604D4C-3E06-46D0-8D39-0A5BC7CE5A1D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9485F0B-03E0-4442-B615-2DA91AE1CD00\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.5\",\"matchCriteriaId\":\"23756E05-4AD6-4888-AC07-C8E906CA5722\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D32EF0-8AEC-4594-8928-45F34DC60600\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:talon_tc_modular_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.5\",\"matchCriteriaId\":\"AB1AF7BE-295B-4386-81F3-B08A1E15DD5F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:talon_tc_modular:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00C647D8-1725-42FA-8042-6C413EE67573\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/101248\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/101248\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]}]}}"
  }
}

VAR-201710-1428

Vulnerability from variot - Updated: 2023-12-18 12:57

A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices. BACnet (Building Automation Control Network) is a data communication protocol for building automation and control networks. A directory traversal vulnerability exists in Siemens BACnet Field Panels. Multiple Siemens Products are prone to an authentication-bypass and directory-traversal vulnerabilities. Attackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201710-1428",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "apogee pxc modular",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.5"
      },
      {
        "model": "apogee pxc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.5"
      },
      {
        "model": "talon tc compact",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.5"
      },
      {
        "model": "talon tc modular",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.5"
      },
      {
        "model": "apogee pxc bacnet automation controller",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "3.5"
      },
      {
        "model": "talon tc bacnet automation controller",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "3.5"
      },
      {
        "model": "apogee pxc bacnet automation controllers",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v3.5"
      },
      {
        "model": "talon tc bacnet automation controllers",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v3.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "apogee pxc bacnet automation controller",
        "version": "*"
      },
      {
        "model": "talon tc bacnet automation controllers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.4"
      },
      {
        "model": "apogee pxc bacnet automation controllers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.4"
      },
      {
        "model": "talon tc bacnet automation controllers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.5"
      },
      {
        "model": "apogee pxc bacnet automation controllers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.5"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "5201f8ee-49ee-4f5d-9584-cec33a2a5de7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29972"
      },
      {
        "db": "BID",
        "id": "101248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009851"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9947"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:apogee_pxc_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:apogee_pxc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:talon_tc_modular_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:talon_tc_modular:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-9947"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "RoseSecurity reported the vulnerabilities for APOGEE PXC Series (P2 Ethernet) devices to Siemens.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1050"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2017-9947",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-9947",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-29972",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "5201f8ee-49ee-4f5d-9584-cec33a2a5de7",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2017-9947",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-9947",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-29972",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201710-1050",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "5201f8ee-49ee-4f5d-9584-cec33a2a5de7",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-9947",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "5201f8ee-49ee-4f5d-9584-cec33a2a5de7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29972"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9947"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009851"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9947"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1050"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions \u003cV3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices. BACnet (Building Automation Control Network) is a data communication protocol for building automation and control networks. A directory traversal vulnerability exists in Siemens BACnet Field Panels. Multiple Siemens Products are prone to an authentication-bypass and directory-traversal vulnerabilities. \nAttackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-9947"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009851"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29972"
      },
      {
        "db": "BID",
        "id": "101248"
      },
      {
        "db": "IVD",
        "id": "5201f8ee-49ee-4f5d-9584-cec33a2a5de7"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9947"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-9947",
        "trust": 3.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-285-05",
        "trust": 2.4
      },
      {
        "db": "BID",
        "id": "101248",
        "trust": 2.0
      },
      {
        "db": "SIEMENS",
        "id": "SSA-148078",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "169544",
        "trust": 1.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29972",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1050",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009851",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "5201F8EE-49EE-4F5D-9584-CEC33A2A5DE7",
        "trust": 0.2
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9947",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "5201f8ee-49ee-4f5d-9584-cec33a2a5de7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29972"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9947"
      },
      {
        "db": "BID",
        "id": "101248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009851"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9947"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1050"
      }
    ]
  },
  "id": "VAR-201710-1428",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "5201f8ee-49ee-4f5d-9584-cec33a2a5de7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29972"
      }
    ],
    "trust": 1.4638889000000002
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "5201f8ee-49ee-4f5d-9584-cec33a2a5de7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29972"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:57:11.344000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-148078",
        "trust": 0.8,
        "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf"
      },
      {
        "title": "Siemens BACnet Field Panels Directory Traversal Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/103553"
      },
      {
        "title": "Siemens APOGEE PXC BACnet Automation Controller  and Siemens TALON TC BACnet Automation Controller Repair measures for path traversal vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=75922"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/rosesecurity/apologee "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-29972"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9947"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009851"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1050"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009851"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9947"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/101248"
      },
      {
        "trust": 1.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-285-05"
      },
      {
        "trust": 1.7,
        "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf"
      },
      {
        "trust": 1.6,
        "url": "http://packetstormsecurity.com/files/169544/siemens-apogee-pxc-talon-tc-authentication-bypass.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9947"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9947"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-17-285-05"
      },
      {
        "trust": 0.3,
        "url": "http://subscriber.communications.siemens.com/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/22.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/rosesecurity/apologee"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-17-285-05"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-29972"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9947"
      },
      {
        "db": "BID",
        "id": "101248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009851"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9947"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1050"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "5201f8ee-49ee-4f5d-9584-cec33a2a5de7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29972"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9947"
      },
      {
        "db": "BID",
        "id": "101248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009851"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9947"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1050"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-10-13T00:00:00",
        "db": "IVD",
        "id": "5201f8ee-49ee-4f5d-9584-cec33a2a5de7"
      },
      {
        "date": "2017-10-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-29972"
      },
      {
        "date": "2017-10-23T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-9947"
      },
      {
        "date": "2017-10-12T00:00:00",
        "db": "BID",
        "id": "101248"
      },
      {
        "date": "2017-11-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-009851"
      },
      {
        "date": "2017-10-23T08:29:00.867000",
        "db": "NVD",
        "id": "CVE-2017-9947"
      },
      {
        "date": "2017-10-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201710-1050"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-10-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-29972"
      },
      {
        "date": "2022-06-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-9947"
      },
      {
        "date": "2017-10-12T00:00:00",
        "db": "BID",
        "id": "101248"
      },
      {
        "date": "2017-11-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-009851"
      },
      {
        "date": "2023-05-09T16:27:57.397000",
        "db": "NVD",
        "id": "CVE-2017-9947"
      },
      {
        "date": "2022-10-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201710-1050"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1050"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens BACnet Field Panels Directory Traversal Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "5201f8ee-49ee-4f5d-9584-cec33a2a5de7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29972"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Path traversal",
    "sources": [
      {
        "db": "IVD",
        "id": "5201f8ee-49ee-4f5d-9584-cec33a2a5de7"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1050"
      }
    ],
    "trust": 0.8
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-9947 (GCVE-0-2017-9947)

VAR-201710-1428

Tags

Sightings

Nomenclature