cnvd-2015-07289
Vulnerability from cnvd
Title
Janitza UMG任意文件读写漏洞
Description
Janitza UMG是德国Janitza公司的使用在能源行业中的在线电能质量监测仪。 Janitza UMG 508, 509, 511, 604,605存在任意文件读写漏洞。允许远程攻击者通过与TCP 1239端口会话,读取或写入文件,或执行任意的JASIC代码。
Severity
Patch Name
Janitza UMG任意文件读写漏洞的补丁
Patch Description
Janitza UMG是德国Janitza公司的使用在能源行业中的在线电能质量监测仪。 Janitza UMG 508, 509, 511, 604,605存在任意文件读写漏洞。允许远程攻击者通过与TCP 1239端口会话,读取或写入文件,或执行任意的JASIC代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

用户可联系供应商获得补丁信息: http://www.janitza.com

Reference
https://ics-cert.us-cert.gov/advisories/ICSA-15-265-03
Impacted products
Name
['Janitza UMG 508', 'Janitza UMG 509', 'Janitza UMG 511', 'Janitza UMG 604', 'Janitza UMG 605']
Show details on source website

To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "77291"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-3971"
    }
  },
  "description": "Janitza UMG\u662f\u5fb7\u56fdJanitza\u516c\u53f8\u7684\u4f7f\u7528\u5728\u80fd\u6e90\u884c\u4e1a\u4e2d\u7684\u5728\u7ebf\u7535\u80fd\u8d28\u91cf\u76d1\u6d4b\u4eea\u3002\r\n\r\nJanitza UMG 508, 509, 511, 604,605\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u8bfb\u5199\u6f0f\u6d1e\u3002\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u4e0eTCP 1239\u7aef\u53e3\u4f1a\u8bdd\uff0c\u8bfb\u53d6\u6216\u5199\u5165\u6587\u4ef6\uff0c\u6216\u6267\u884c\u4efb\u610f\u7684JASIC\u4ee3\u7801\u3002",
  "discovererName": "Mattijs van Ommeren",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.janitza.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-07289",
  "openTime": "2015-11-05",
  "patchDescription": "Janitza UMG\u662f\u5fb7\u56fdJanitza\u516c\u53f8\u7684\u4f7f\u7528\u5728\u80fd\u6e90\u884c\u4e1a\u4e2d\u7684\u5728\u7ebf\u7535\u80fd\u8d28\u91cf\u76d1\u6d4b\u4eea\u3002 \r\n\r\nJanitza UMG 508, 509, 511, 604,605\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u8bfb\u5199\u6f0f\u6d1e\u3002\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u4e0eTCP 1239\u7aef\u53e3\u4f1a\u8bdd\uff0c\u8bfb\u53d6\u6216\u5199\u5165\u6587\u4ef6\uff0c\u6216\u6267\u884c\u4efb\u610f\u7684JASIC\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Janitza UMG\u4efb\u610f\u6587\u4ef6\u8bfb\u5199\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Janitza UMG 508",
      "Janitza UMG  509",
      "Janitza UMG  511",
      "Janitza UMG  604",
      "Janitza UMG  605"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-15-265-03",
  "serverity": "\u9ad8",
  "submitTime": "2015-10-30",
  "title": "Janitza UMG\u4efb\u610f\u6587\u4ef6\u8bfb\u5199\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.