var-201611-0019
Vulnerability from variot
A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server at port 80/TCP or port 443/TCP of the affected devices could allow remote attackers to perform actions with the permissions of an authenticated user, provided the targeted user has an active session and is induced to trigger the malicious request. plural Siemens SIMATIC Product integration Web The server contains a cross-site request forgery vulnerability.A remote attacker could hijack an arbitrary user's authentication. SiemensSIMATICCP343-1Advanceddevices is an Ethernet communication module from Siemens AG to support PROFINET, the next generation of industrial bus technology-based automation bus standard. A cross-site request forgery vulnerability exists in SiemensSIMATICCP343-1Advanceddevices. A successful exploit may allow an attacker to obtain sensitive information, and perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201611-0019", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic s7 300 cpu", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 443-1", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 343-1", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": null }, { "model": "simatic s7 400 cpu", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 343-1", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 343-1", "scope": "lt", "trust": 0.8, "vendor": "siemens", "version": "3.0.53 (advanced)" }, { "model": "simatic cp 443-1", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 443-1", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "(advanced)" }, { "model": "simatic s7-300 cpu", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-300 cpu", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-400 cpu", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-400 cpu", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp advanced all", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1" }, { "model": "simatic cp advanced", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "343-1\u003c3.0.53" }, { "model": "simatic s7-400 cpu", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-300 cpu", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic cp advanced", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "443-10" }, { "model": "simatic cp advanced", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "343-10" }, { "model": "simatic cp advanced", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "343-13.0.53" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300 cpu", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 443 1", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 343 1", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 400 cpu", "version": null } ], "sources": [ { "db": "IVD", "id": "be3986e8-e8db-40fd-b919-49726aae4f2e" }, { "db": "CNVD", "id": "CNVD-2016-11665" }, { "db": "BID", "id": "94460" }, { "db": "JVNDB", "id": "JVNDB-2016-005923" }, { "db": "CNNVD", "id": "CNNVD-201611-531" }, { "db": "NVD", "id": "CVE-2016-8673" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/h:siemens:simatic_cp_343-1", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:simatic_cp_343-1_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/h:siemens:simatic_cp_443-1", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/h:siemens:simatic_s7-300_cpu", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:simatic_s7-300_cpu_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/h:siemens:simatic_s7-400_cpu", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:simatic_s7-400_cpu_firmware", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-005923" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported this issue.", "sources": [ { "db": "BID", "id": "94460" } ], "trust": 0.3 }, "cve": "CVE-2016-8673", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2016-8673", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2016-11665", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "be3986e8-e8db-40fd-b919-49726aae4f2e", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-97493", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2016-8673", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2016-8673", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2016-8673", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2016-11665", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201611-531", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "be3986e8-e8db-40fd-b919-49726aae4f2e", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-97493", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "be3986e8-e8db-40fd-b919-49726aae4f2e" }, { "db": "CNVD", "id": "CNVD-2016-11665" }, { "db": "VULHUB", "id": "VHN-97493" }, { "db": "JVNDB", "id": "JVNDB-2016-005923" }, { "db": "CNNVD", "id": "CNNVD-201611-531" }, { "db": "NVD", "id": "CVE-2016-8673" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions \u003c V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions \u003c V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server at port 80/TCP or port 443/TCP of the affected devices could allow remote attackers to perform actions with the permissions of an authenticated user, provided the targeted user has an active session and is induced to trigger the malicious request. plural Siemens SIMATIC Product integration Web The server contains a cross-site request forgery vulnerability.A remote attacker could hijack an arbitrary user\u0027s authentication. SiemensSIMATICCP343-1Advanceddevices is an Ethernet communication module from Siemens AG to support PROFINET, the next generation of industrial bus technology-based automation bus standard. A cross-site request forgery vulnerability exists in SiemensSIMATICCP343-1Advanceddevices. \nA successful exploit may allow an attacker to obtain sensitive information, and perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client", "sources": [ { "db": "NVD", "id": "CVE-2016-8673" }, { "db": "JVNDB", "id": "JVNDB-2016-005923" }, { "db": "CNVD", "id": "CNVD-2016-11665" }, { "db": "BID", "id": "94460" }, { "db": "IVD", "id": "be3986e8-e8db-40fd-b919-49726aae4f2e" }, { "db": "VULHUB", "id": "VHN-97493" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-8673", "trust": 3.6 }, { "db": "SIEMENS", "id": "SSA-603476", "trust": 2.6 }, { "db": "ICS CERT", "id": "ICSA-16-327-02", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-201611-531", "trust": 0.9 }, { "db": "BID", "id": "94460", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2016-11665", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-005923", "trust": 0.8 }, { "db": "IVD", "id": "BE3986E8-E8DB-40FD-B919-49726AAE4F2E", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-97493", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "be3986e8-e8db-40fd-b919-49726aae4f2e" }, { "db": "CNVD", "id": "CNVD-2016-11665" }, { "db": "VULHUB", "id": "VHN-97493" }, { "db": "BID", "id": "94460" }, { "db": "JVNDB", "id": "JVNDB-2016-005923" }, { "db": "CNNVD", "id": "CNNVD-201611-531" }, { "db": "NVD", "id": "CVE-2016-8673" } ] }, "id": "VAR-201611-0019", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "be3986e8-e8db-40fd-b919-49726aae4f2e" }, { "db": "CNVD", "id": "CNVD-2016-11665" }, { "db": "VULHUB", "id": "VHN-97493" } ], "trust": 1.6505322625 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS", "Network device" ], "sub_category": null, "trust": 0.6 }, { "category": [ "ICS" ], "sub_category": null, "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "be3986e8-e8db-40fd-b919-49726aae4f2e" }, { "db": "CNVD", "id": "CNVD-2016-11665" } ] }, "last_update_date": "2024-11-23T22:26:55.231000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-603476", "trust": 0.8, "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476.pdf" }, { "title": "SiemensSIMATICCP343-1Advanceddevices patch for cross-site request forgery vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/84156" }, { "title": "Multiple Siemens Repair measures for product cross-site request forgery vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65866" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-11665" }, { "db": "JVNDB", "id": "JVNDB-2016-005923" }, { "db": "CNNVD", "id": "CNNVD-201611-531" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-352", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-97493" }, { "db": "JVNDB", "id": "JVNDB-2016-005923" }, { "db": "NVD", "id": "CVE-2016-8673" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-603476.pdf" }, { "trust": 1.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-327-02" }, { "trust": 0.9, "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476.pdf" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8673" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8673" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-16-327-02" }, { "trust": 0.3, "url": "http://www.siemens.com/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-11665" }, { "db": "VULHUB", "id": "VHN-97493" }, { "db": "BID", "id": "94460" }, { "db": "JVNDB", "id": "JVNDB-2016-005923" }, { "db": "CNNVD", "id": "CNNVD-201611-531" }, { "db": "NVD", "id": "CVE-2016-8673" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "be3986e8-e8db-40fd-b919-49726aae4f2e" }, { "db": "CNVD", "id": "CNVD-2016-11665" }, { "db": "VULHUB", "id": "VHN-97493" }, { "db": "BID", "id": "94460" }, { "db": "JVNDB", "id": "JVNDB-2016-005923" }, { "db": "CNNVD", "id": "CNNVD-201611-531" }, { "db": "NVD", "id": "CVE-2016-8673" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-11-30T00:00:00", "db": "IVD", "id": "be3986e8-e8db-40fd-b919-49726aae4f2e" }, { "date": "2016-11-30T00:00:00", "db": "CNVD", "id": "CNVD-2016-11665" }, { "date": "2016-11-23T00:00:00", "db": "VULHUB", "id": "VHN-97493" }, { "date": "2016-11-21T00:00:00", "db": "BID", "id": "94460" }, { "date": "2016-11-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-005923" }, { "date": "2016-11-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201611-531" }, { "date": "2016-11-23T11:59:01.657000", "db": "NVD", "id": "CVE-2016-8673" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-11-30T00:00:00", "db": "CNVD", "id": "CNVD-2016-11665" }, { "date": "2019-12-12T00:00:00", "db": "VULHUB", "id": "VHN-97493" }, { "date": "2016-11-24T00:16:00", "db": "BID", "id": "94460" }, { "date": "2016-11-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-005923" }, { "date": "2019-12-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201611-531" }, { "date": "2024-11-21T02:59:48.720000", "db": "NVD", "id": "CVE-2016-8673" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201611-531" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens SIMATIC CP 343-1 Advanced devices Cross-Site Request Forgery Vulnerability", "sources": [ { "db": "IVD", "id": "be3986e8-e8db-40fd-b919-49726aae4f2e" }, { "db": "CNVD", "id": "CNVD-2016-11665" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "cross-site request forgery", "sources": [ { "db": "CNNVD", "id": "CNNVD-201611-531" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.