var-201612-0415
Vulnerability from variot
Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U (All firmware versions < V6.00.046) use a pseudo random number generator with insufficient entropy to generate certificates for HTTPS, potentially allowing remote attackers to reconstruct the corresponding private key. The SIEMENS building automation system Desigo PX programmable automation station provides a flexible solution that can issue alarm signals, time-based logging procedures and trends, and can be modified or expanded at any time. Remote attackers can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. This aids in other attacks. This could allow the attacker to gain unauthorized access to the system. PXA40-W0 etc. are the room operation unit modules. The following modules are affected: PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX Automation Controllers, PXC00-ED, PXC50-ED, PXC100-ED, PXC200-ED System Controllers; PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automatic controller, PXC00-U, PXC64-U, PXC128-U system controller
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201612-0415",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "desigo web module pxa40-w0",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.00"
},
{
"model": "desigo web module pxa40-w1",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.00"
},
{
"model": "desigo web module pxa30-w1",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.00"
},
{
"model": "desigo web module pxa30-w0",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.00"
},
{
"model": "desigo web module pxa40-w2",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.00"
},
{
"model": "desigo web module pxa30-w2",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.00"
},
{
"model": "desigo px pxa30-w0",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "desigo px pxa30-w0",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "desigo px pxa30-w1",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "desigo px pxa30-w1",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "desigo px pxa30-w2",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "desigo px pxa30-w2",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "desigo px pxa40-w0",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "desigo px pxa40-w0",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "desigo px pxa40-w1",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "desigo px pxa40-w1",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "desigo px pxa40-w2",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "desigo px pxa40-w2",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa40-w0 for pxc00-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa40-w1 for pxc00-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa40-w2 for pxc00-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa40-w0 for pxc50-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa40-w1 for pxc50-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa40-w2 for pxc50-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa40-w0 for pxc100-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa40-w1 for pxc100-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa40-w2 for pxc100-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa40-w0 for pxc200-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa40-w1 for pxc200-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa40-w2 for pxc200-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa30-w0 for pxc00-u",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa30-w1 for pxc00-u",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa30-w2 for pxc00-u",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa30-w0 for pxc64-u",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa30-w1 for pxc64-u",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa30-w2 for pxc64-u",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa30-w0 for pxc128-u",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa30-w1 for pxc128-u",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "pxa30-w2 for pxc128-u",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.046"
},
{
"model": "desigo web module pxa40-w0",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.00"
},
{
"model": "desigo web module pxa40-w1",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.00"
},
{
"model": "desigo web module pxa30-w1",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.00"
},
{
"model": "desigo web module pxa40-w2",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.00"
},
{
"model": "desigo web module pxa30-w2",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.00"
},
{
"model": "desigo web module pxa30-w0",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.00"
},
{
"model": "desigo px pxa40-w2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "desigo px pxa40-w1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "desigo px pxa40-w0",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "desigo px pxa30-w2px",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "desigo px pxa30-w1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "desigo px pxa30-w0",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "desigo px pxa40-w2",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "6.0.46"
},
{
"model": "desigo px pxa40-w1",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "6.0.46"
},
{
"model": "desigo px pxa40-w0",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "6.0.46"
},
{
"model": "desigo px pxa30-w2px",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "6.0.46"
},
{
"model": "desigo px pxa30-w1",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "6.0.46"
},
{
"model": "desigo px pxa30-w0",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "6.0.46"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12572"
},
{
"db": "BID",
"id": "94962"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006497"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-580"
},
{
"db": "NVD",
"id": "CVE-2016-9154"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:siemens:desigo_web_module_pxa30-w0",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:desigo_web_module_pxa30-w0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:siemens:desigo_web_module_pxa30-w1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:desigo_web_module_pxa30-w1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:siemens:desigo_web_module_pxa30-w2",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:desigo_web_module_pxa30-w2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:siemens:desigo_web_module_pxa40-w0",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:desigo_web_module_pxa40-w0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:siemens:desigo_web_module_pxa40-w1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:desigo_web_module_pxa40-w1_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:siemens:desigo_web_module_pxa40-w2",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:desigo_web_module_pxa40-w2_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006497"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcella Hastings, Joshua Fried and Nadia Heninger from the University of\nPennsylvania",
"sources": [
{
"db": "BID",
"id": "94962"
}
],
"trust": 0.3
},
"cve": "CVE-2016-9154",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-9154",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2016-12572",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-97974",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-9154",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-9154",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-9154",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-12572",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-580",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-97974",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12572"
},
{
"db": "VULHUB",
"id": "VHN-97974"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006497"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-580"
},
{
"db": "NVD",
"id": "CVE-2016-9154"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions \u003c V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U (All firmware versions \u003c V6.00.046) use a pseudo random number generator with insufficient entropy to generate certificates for HTTPS, potentially allowing remote attackers to reconstruct the corresponding private key. The SIEMENS building automation system Desigo PX programmable automation station provides a flexible solution that can issue alarm signals, time-based logging procedures and trends, and can be modified or expanded at any time. \nRemote attackers can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. This aids in other attacks. This could allow the attacker to gain unauthorized access to the system. PXA40-W0 etc. are the room operation unit modules. The following modules are affected: PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX Automation Controllers, PXC00-ED, PXC50-ED, PXC100-ED, PXC200-ED System Controllers; PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automatic controller, PXC00-U, PXC64-U, PXC128-U system controller",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9154"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006497"
},
{
"db": "CNVD",
"id": "CNVD-2016-12572"
},
{
"db": "BID",
"id": "94962"
},
{
"db": "VULHUB",
"id": "VHN-97974"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9154",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-16-355-01",
"trust": 2.8
},
{
"db": "SIEMENS",
"id": "SSA-856492",
"trust": 2.6
},
{
"db": "BID",
"id": "94962",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006497",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-580",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-12572",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-97974",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12572"
},
{
"db": "VULHUB",
"id": "VHN-97974"
},
{
"db": "BID",
"id": "94962"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006497"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-580"
},
{
"db": "NVD",
"id": "CVE-2016-9154"
}
]
},
"id": "VAR-201612-0415",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12572"
},
{
"db": "VULHUB",
"id": "VHN-97974"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12572"
}
]
},
"last_update_date": "2024-11-23T23:12:34.010000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-856492",
"trust": 0.8,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856492.pdf"
},
{
"title": "Patch for SIEMENS Desigo PX Web module pseudo-random number generation has insufficient entropy vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/86124"
},
{
"title": "Desigo PX Web Modules Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66607"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12572"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006497"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-580"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-332",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97974"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006497"
},
{
"db": "NVD",
"id": "CVE-2016-9154"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-355-01"
},
{
"trust": 2.6,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856492.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94962"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9154"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9154"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12572"
},
{
"db": "VULHUB",
"id": "VHN-97974"
},
{
"db": "BID",
"id": "94962"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006497"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-580"
},
{
"db": "NVD",
"id": "CVE-2016-9154"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-12572"
},
{
"db": "VULHUB",
"id": "VHN-97974"
},
{
"db": "BID",
"id": "94962"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006497"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-580"
},
{
"db": "NVD",
"id": "CVE-2016-9154"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12572"
},
{
"date": "2016-12-23T00:00:00",
"db": "VULHUB",
"id": "VHN-97974"
},
{
"date": "2016-12-19T00:00:00",
"db": "BID",
"id": "94962"
},
{
"date": "2017-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006497"
},
{
"date": "2016-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-580"
},
{
"date": "2016-12-23T05:59:00.593000",
"db": "NVD",
"id": "CVE-2016-9154"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12572"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-97974"
},
{
"date": "2017-01-12T00:03:00",
"db": "BID",
"id": "94962"
},
{
"date": "2017-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006497"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-580"
},
{
"date": "2024-11-21T03:00:42.713000",
"db": "NVD",
"id": "CVE-2016-9154"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-580"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens Desigo PX For automation controllers Desigo PX Web Vulnerability of reconfiguring corresponding private key in module",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006497"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-580"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…