var-201609-0334
Vulnerability from variot
ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory. ABB DataManagerPro Contains a privileged vulnerability. Supplementary information : CWE Vulnerability type by CWE-427: Uncontrolled Search Path Element ( Uncontrolled search path elements ) Has been identified. ABB DataManagerPro is a suite of data analysis software from ABB, Switzerland. The software automatically collects data via Ethernet and database management. ABB DataManagerPro is prone to a local arbitrary code-execution vulnerability because it fails to sanitize user-supplied input. A local attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. ABB DataManagerPro versions 1.0.0 through 1.7.0 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0334",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tracer sc",
"scope": "lte",
"trust": 1.0,
"vendor": "trane",
"version": "4.2.1134"
},
{
"model": "datamanagerpro",
"scope": "eq",
"trust": 0.9,
"vendor": "abb",
"version": "1.7.0"
},
{
"model": "datamanagerpro",
"scope": "eq",
"trust": 0.9,
"vendor": "abb",
"version": "1.0.0"
},
{
"model": "datamanagerpro",
"scope": "lt",
"trust": 0.8,
"vendor": "abb",
"version": "1.x"
},
{
"model": "datamanagerpro",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "1.7.1"
},
{
"model": "tracer sc",
"scope": "eq",
"trust": 0.6,
"vendor": "trane",
"version": "4.2.1134"
},
{
"model": "datamanagerpro",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "1.7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tracer sc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "bdfe210a-e3a3-4a84-8115-984187198303"
},
{
"db": "CNVD",
"id": "CNVD-2016-07742"
},
{
"db": "BID",
"id": "92980"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004812"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-339"
},
{
"db": "NVD",
"id": "CVE-2016-4526"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:abb:datamanagerpro",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004812"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrea Micalizzi.",
"sources": [
{
"db": "BID",
"id": "92980"
}
],
"trust": 0.3
},
"cve": "CVE-2016-4526",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2016-4526",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2016-07742",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "bdfe210a-e3a3-4a84-8115-984187198303",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2016-4526",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4526",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-4526",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-07742",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201609-339",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "bdfe210a-e3a3-4a84-8115-984187198303",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "bdfe210a-e3a3-4a84-8115-984187198303"
},
{
"db": "CNVD",
"id": "CNVD-2016-07742"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004812"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-339"
},
{
"db": "NVD",
"id": "CVE-2016-4526"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory. ABB DataManagerPro Contains a privileged vulnerability. Supplementary information : CWE Vulnerability type by CWE-427: Uncontrolled Search Path Element ( Uncontrolled search path elements ) Has been identified. ABB DataManagerPro is a suite of data analysis software from ABB, Switzerland. The software automatically collects data via Ethernet and database management. ABB DataManagerPro is prone to a local arbitrary code-execution vulnerability because it fails to sanitize user-supplied input. \nA local attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. \nABB DataManagerPro versions 1.0.0 through 1.7.0 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4526"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004812"
},
{
"db": "CNVD",
"id": "CNVD-2016-07742"
},
{
"db": "BID",
"id": "92980"
},
{
"db": "IVD",
"id": "bdfe210a-e3a3-4a84-8115-984187198303"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4526",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-259-02",
"trust": 3.3
},
{
"db": "BID",
"id": "92980",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2016-07742",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201609-339",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004812",
"trust": 0.8
},
{
"db": "IVD",
"id": "BDFE210A-E3A3-4A84-8115-984187198303",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "bdfe210a-e3a3-4a84-8115-984187198303"
},
{
"db": "CNVD",
"id": "CNVD-2016-07742"
},
{
"db": "BID",
"id": "92980"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004812"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-339"
},
{
"db": "NVD",
"id": "CVE-2016-4526"
}
]
},
"id": "VAR-201609-0334",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "bdfe210a-e3a3-4a84-8115-984187198303"
},
{
"db": "CNVD",
"id": "CNVD-2016-07742"
}
],
"trust": 1.51428573
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "bdfe210a-e3a3-4a84-8115-984187198303"
},
{
"db": "CNVD",
"id": "CNVD-2016-07742"
}
]
},
"last_update_date": "2024-11-23T22:52:39.358000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "089290",
"trust": 0.8,
"url": "https://library.e.abb.com/public/93e52dbfd6ab4f64aa435973ccf1b6e2/9ADB005557_ABB_SoftwareVulnerabilityHandlingAdvisory_DMPro.pdf"
},
{
"title": "Patch for ABB DataManagerPro DLL native code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/81525"
},
{
"title": "ABB DataManagerPro Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64139"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07742"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004812"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-339"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004812"
},
{
"db": "NVD",
"id": "CVE-2016-4526"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-259-02"
},
{
"trust": 1.6,
"url": "https://library.e.abb.com/public/93e52dbfd6ab4f64aa435973ccf1b6e2/9adb005557_abb_softwarevulnerabilityhandlingadvisory_dmpro.pdf"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/92980"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4526"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4526"
},
{
"trust": 0.3,
"url": "http://www.abb.com/"
},
{
"trust": 0.3,
"url": "http://blog.rapid7.com/?p=5325"
},
{
"trust": 0.3,
"url": "http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html"
},
{
"trust": 0.3,
"url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07742"
},
{
"db": "BID",
"id": "92980"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004812"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-339"
},
{
"db": "NVD",
"id": "CVE-2016-4526"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "bdfe210a-e3a3-4a84-8115-984187198303"
},
{
"db": "CNVD",
"id": "CNVD-2016-07742"
},
{
"db": "BID",
"id": "92980"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004812"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-339"
},
{
"db": "NVD",
"id": "CVE-2016-4526"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-20T00:00:00",
"db": "IVD",
"id": "bdfe210a-e3a3-4a84-8115-984187198303"
},
{
"date": "2016-09-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-07742"
},
{
"date": "2016-09-16T00:00:00",
"db": "BID",
"id": "92980"
},
{
"date": "2016-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004812"
},
{
"date": "2016-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-339"
},
{
"date": "2016-09-19T01:59:02.790000",
"db": "NVD",
"id": "CVE-2016-4526"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-07742"
},
{
"date": "2016-09-16T00:00:00",
"db": "BID",
"id": "92980"
},
{
"date": "2016-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004812"
},
{
"date": "2016-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-339"
},
{
"date": "2024-11-21T02:52:24.560000",
"db": "NVD",
"id": "CVE-2016-4526"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "92980"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-339"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB DataManagerPro DLL Native code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "bdfe210a-e3a3-4a84-8115-984187198303"
},
{
"db": "CNVD",
"id": "CNVD-2016-07742"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-339"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…