var-201308-0171
Vulnerability from variot
The universal protocol implementation in Sixnet UDR before 2.0 and RTU firmware before 4.8 allows remote attackers to execute arbitrary code; read, modify, or create files; or obtain file metadata via function opcodes. SIXNET is a long-established manufacturer of industrial automation and industrial Ethernet products. Since 1976, it has provided high quality control systems and industrial network communication products to users all over the world. The Sixnet Universal Protocol has a remote security bypass vulnerability. Both Sixnet UDR and RTU are products of SIXNET in the United States. UDR is a generic driver used in OPC servers. RTU is a data acquisition system suitable for energy metering and environmental monitoring. A security vulnerability exists in common protocol functions in versions prior to Sixnet UDR 2.0 and RTU firmware prior to 4.8
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201308-0171",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "udr",
"scope": "lt",
"trust": 1.4,
"vendor": "sixnet",
"version": "2.0"
},
{
"model": "rtu",
"scope": "lte",
"trust": 1.0,
"vendor": "sixnet",
"version": "4.7"
},
{
"model": "udr",
"scope": "lte",
"trust": 1.0,
"vendor": "sixnet",
"version": "1.9"
},
{
"model": "industrial rtu",
"scope": "lt",
"trust": 0.8,
"vendor": "sixnet",
"version": "4.8"
},
{
"model": "rtu",
"scope": "lt",
"trust": 0.6,
"vendor": "sixnet",
"version": "4.8"
},
{
"model": "rtu",
"scope": "eq",
"trust": 0.6,
"vendor": "sixnet",
"version": "4.7"
},
{
"model": "udr",
"scope": "eq",
"trust": 0.6,
"vendor": "sixnet",
"version": "1.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "udr",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "rtu",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "be59298e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12528"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003840"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-328"
},
{
"db": "NVD",
"id": "CVE-2013-2802"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:sixnet:rtu_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:sixnet:udr",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003840"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mehdi Sabraoui",
"sources": [
{
"db": "BID",
"id": "61837"
}
],
"trust": 0.3
},
"cve": "CVE-2013-2802",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-2802",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-12528",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "be59298e-2352-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-62804",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-2802",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-2802",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-12528",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-328",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "be59298e-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-62804",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "be59298e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12528"
},
{
"db": "VULHUB",
"id": "VHN-62804"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003840"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-328"
},
{
"db": "NVD",
"id": "CVE-2013-2802"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The universal protocol implementation in Sixnet UDR before 2.0 and RTU firmware before 4.8 allows remote attackers to execute arbitrary code; read, modify, or create files; or obtain file metadata via function opcodes. SIXNET is a long-established manufacturer of industrial automation and industrial Ethernet products. Since 1976, it has provided high quality control systems and industrial network communication products to users all over the world. The Sixnet Universal Protocol has a remote security bypass vulnerability. Both Sixnet UDR and RTU are products of SIXNET in the United States. UDR is a generic driver used in OPC servers. RTU is a data acquisition system suitable for energy metering and environmental monitoring. A security vulnerability exists in common protocol functions in versions prior to Sixnet UDR 2.0 and RTU firmware prior to 4.8",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2802"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003840"
},
{
"db": "CNVD",
"id": "CNVD-2013-12528"
},
{
"db": "BID",
"id": "61837"
},
{
"db": "IVD",
"id": "be59298e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-62804"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2802",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-13-231-01",
"trust": 3.1
},
{
"db": "BID",
"id": "61837",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2013-12528",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201308-328",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003840",
"trust": 0.8
},
{
"db": "IVD",
"id": "BE59298E-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-62804",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "be59298e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12528"
},
{
"db": "VULHUB",
"id": "VHN-62804"
},
{
"db": "BID",
"id": "61837"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003840"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-328"
},
{
"db": "NVD",
"id": "CVE-2013-2802"
}
]
},
"id": "VAR-201308-0171",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "be59298e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12528"
},
{
"db": "VULHUB",
"id": "VHN-62804"
}
],
"trust": 1.54583335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "be59298e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12528"
}
]
},
"last_update_date": "2024-08-14T14:06:45.522000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.sixnet.com/index.cfm"
},
{
"title": "Sixnet Universal Protocol Undocumented function code remote security bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/39096"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12528"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003840"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62804"
},
{
"db": "NVD",
"id": "CVE-2013-2802"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-231-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2802"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2802"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12528"
},
{
"db": "VULHUB",
"id": "VHN-62804"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003840"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-328"
},
{
"db": "NVD",
"id": "CVE-2013-2802"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "be59298e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12528"
},
{
"db": "VULHUB",
"id": "VHN-62804"
},
{
"db": "BID",
"id": "61837"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003840"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-328"
},
{
"db": "NVD",
"id": "CVE-2013-2802"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-23T00:00:00",
"db": "IVD",
"id": "be59298e-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-08-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-12528"
},
{
"date": "2013-08-21T00:00:00",
"db": "VULHUB",
"id": "VHN-62804"
},
{
"date": "2013-08-19T00:00:00",
"db": "BID",
"id": "61837"
},
{
"date": "2013-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003840"
},
{
"date": "2013-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-328"
},
{
"date": "2013-08-21T21:55:06.040000",
"db": "NVD",
"id": "CVE-2013-2802"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-12528"
},
{
"date": "2013-08-23T00:00:00",
"db": "VULHUB",
"id": "VHN-62804"
},
{
"date": "2013-08-19T00:00:00",
"db": "BID",
"id": "61837"
},
{
"date": "2013-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003840"
},
{
"date": "2013-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-328"
},
{
"date": "2013-08-23T20:28:06.597000",
"db": "NVD",
"id": "CVE-2013-2802"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-328"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sixnet Universal Protocol Undocumented Function code remote security bypass vulnerability",
"sources": [
{
"db": "IVD",
"id": "be59298e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12528"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code injection",
"sources": [
{
"db": "IVD",
"id": "be59298e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-328"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…