var-201505-0070
Vulnerability from variot
SQL injection vulnerability in Emerson AMS Device Manager before 13 allows remote authenticated users to gain privileges via malformed input. Emerson Electric AMS Device Manager is a set of fixed asset management software. The software provides predictive diagnostics, device configuration management and more. The attacker can submit the malformed input to the affected software. This vulnerability can be used to access the application and its data files with administrator privileges. An authenticated attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201505-0070",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ams device manager",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "12.5"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "12.5"
},
{
"model": "ams device manager",
"scope": "lt",
"trust": 0.8,
"vendor": "emerson",
"version": "13"
},
{
"model": "ams device manager",
"scope": "lte",
"trust": 0.6,
"vendor": "emerson",
"version": "\u003c=12.5"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "12.4"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "12.3"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "12.2"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "12.1"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "12.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ams device manager",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"db": "BID",
"id": "74774"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-505"
},
{
"db": "NVD",
"id": "CVE-2015-1008"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:emerson:ams_device_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson Process Management",
"sources": [
{
"db": "BID",
"id": "74774"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-505"
}
],
"trust": 0.9
},
"cve": "CVE-2015-1008",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2015-1008",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.1,
"id": "CNVD-2015-03472",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.1,
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-1008",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-1008",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-03472",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201505-505",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-505"
},
{
"db": "NVD",
"id": "CVE-2015-1008"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in Emerson AMS Device Manager before 13 allows remote authenticated users to gain privileges via malformed input. Emerson Electric AMS Device Manager is a set of fixed asset management software. The software provides predictive diagnostics, device configuration management and more. The attacker can submit the malformed input to the affected software. This vulnerability can be used to access the application and its data files with administrator privileges. \nAn authenticated attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1008"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"db": "BID",
"id": "74774"
},
{
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-1008",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-15-111-01",
"trust": 3.3
},
{
"db": "BID",
"id": "74774",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2015-03472",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201505-505",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002810",
"trust": 0.8
},
{
"db": "IVD",
"id": "8EAADD14-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"db": "BID",
"id": "74774"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-505"
},
{
"db": "NVD",
"id": "CVE-2015-1008"
}
]
},
"id": "VAR-201505-0070",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-03472"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-03472"
}
]
},
"last_update_date": "2024-11-23T23:12:43.243000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSN15003-2 AMS Device Manager SQL Injection Vulnerability",
"trust": 0.8,
"url": "http://community.emerson.com/process/emerson-exchange/operateandmanage/deltav/deltav_security/b/securitynotificationblog/archive/2015/04/16/dsn15003-2-ams-device-management-sql-injection-vulnerability"
},
{
"title": "Emerson AMS Device Manager patch for local SQL injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/59067"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"db": "NVD",
"id": "CVE-2015-1008"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-111-01"
},
{
"trust": 1.6,
"url": "http://community.emerson.com/process/emerson-exchange/operateandmanage/deltav/deltav_security/b/securitynotificationblog/archive/2015/04/16/dsn15003-2-ams-device-management-sql-injection-vulnerability"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/74774"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1008"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1008"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/amssuite/amsdevicemanager/pages/amsdevicemanager.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"db": "BID",
"id": "74774"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-505"
},
{
"db": "NVD",
"id": "CVE-2015-1008"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"db": "BID",
"id": "74774"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-505"
},
{
"db": "NVD",
"id": "CVE-2015-1008"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-29T00:00:00",
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"date": "2015-05-21T00:00:00",
"db": "BID",
"id": "74774"
},
{
"date": "2015-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"date": "2015-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-505"
},
{
"date": "2015-05-26T01:59:00.180000",
"db": "NVD",
"id": "CVE-2015-1008"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"date": "2015-05-21T00:00:00",
"db": "BID",
"id": "74774"
},
{
"date": "2015-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"date": "2015-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-505"
},
{
"date": "2024-11-21T02:24:29.023000",
"db": "NVD",
"id": "CVE-2015-1008"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-505"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson AMS Device Manager In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-505"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…