var-201702-0676
Vulnerability from variot
An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well. Schneider Electric Wonderware Historian is a set of industrial data management software from Schneider Electric that combines high-speed data acquisition storage systems with traditional relational database management systems. A remote attacker could exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. The vulnerability is caused by the program using insecure default passwords
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0676",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wonderware historian",
"scope": "eq",
"trust": 1.6,
"vendor": "schneider electric",
"version": "2014_r2_sp1_p01"
},
{
"model": "wonderware historian",
"scope": "lte",
"trust": 0.8,
"vendor": "schneider electric",
"version": "2014 r2 sp1 p01"
},
{
"model": "wonderware historian r2 sp1 p01",
"scope": "lte",
"trust": 0.6,
"vendor": "schneider electric",
"version": "\u003c=2014"
},
{
"model": "wonderware historian r2 sp1 p01",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "2014"
},
{
"model": "wonderware historian",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
},
{
"model": "2014 r2 sp1 p01",
"scope": null,
"trust": 0.2,
"vendor": "wonderware historian",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "195abc78-1252-4e75-8ed2-fea0f775fa46"
},
{
"db": "CNVD",
"id": "CNVD-2017-01759"
},
{
"db": "BID",
"id": "95766"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002220"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-272"
},
{
"db": "NVD",
"id": "CVE-2017-5155"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:schneider_electric:wonderware_historian",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002220"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ruslan Habalov and Jan Bee of the Google ISA Assessments Team.",
"sources": [
{
"db": "BID",
"id": "95766"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-272"
}
],
"trust": 0.9
},
"cve": "CVE-2017-5155",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-5155",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-01759",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "195abc78-1252-4e75-8ed2-fea0f775fa46",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-113358",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2017-5155",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-5155",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-5155",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-01759",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-272",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "195abc78-1252-4e75-8ed2-fea0f775fa46",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-113358",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "195abc78-1252-4e75-8ed2-fea0f775fa46"
},
{
"db": "CNVD",
"id": "CNVD-2017-01759"
},
{
"db": "VULHUB",
"id": "VHN-113358"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002220"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-272"
},
{
"db": "NVD",
"id": "CVE-2017-5155"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well. Schneider Electric Wonderware Historian is a set of industrial data management software from Schneider Electric that combines high-speed data acquisition storage systems with traditional relational database management systems. A remote attacker could exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. The vulnerability is caused by the program using insecure default passwords",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5155"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002220"
},
{
"db": "CNVD",
"id": "CNVD-2017-01759"
},
{
"db": "BID",
"id": "95766"
},
{
"db": "IVD",
"id": "195abc78-1252-4e75-8ed2-fea0f775fa46"
},
{
"db": "VULHUB",
"id": "VHN-113358"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5155",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-024-01",
"trust": 2.8
},
{
"db": "BID",
"id": "95766",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1037808",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201702-272",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-01759",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002220",
"trust": 0.8
},
{
"db": "IVD",
"id": "195ABC78-1252-4E75-8ED2-FEA0F775FA46",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-113358",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "195abc78-1252-4e75-8ed2-fea0f775fa46"
},
{
"db": "CNVD",
"id": "CNVD-2017-01759"
},
{
"db": "VULHUB",
"id": "VHN-113358"
},
{
"db": "BID",
"id": "95766"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002220"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-272"
},
{
"db": "NVD",
"id": "CVE-2017-5155"
}
]
},
"id": "VAR-201702-0676",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "195abc78-1252-4e75-8ed2-fea0f775fa46"
},
{
"db": "CNVD",
"id": "CNVD-2017-01759"
},
{
"db": "VULHUB",
"id": "VHN-113358"
}
],
"trust": 1.7333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "195abc78-1252-4e75-8ed2-fea0f775fa46"
},
{
"db": "CNVD",
"id": "CNVD-2017-01759"
}
]
},
"last_update_date": "2024-11-23T21:41:47.234000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LFSEC00000115",
"trust": 0.8,
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115/"
},
{
"title": "Schneider Electric Wonderware Historian Unauthorized Access Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/89596"
},
{
"title": "Schneider Electric Wonderware Historian Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67557"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01759"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002220"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-272"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1188",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113358"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002220"
},
{
"db": "NVD",
"id": "CVE-2017-5155"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-024-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/95766"
},
{
"trust": 1.7,
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115/"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1037808"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5155"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5155"
},
{
"trust": 0.3,
"url": "www.controlmicrosystems.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01759"
},
{
"db": "VULHUB",
"id": "VHN-113358"
},
{
"db": "BID",
"id": "95766"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002220"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-272"
},
{
"db": "NVD",
"id": "CVE-2017-5155"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "195abc78-1252-4e75-8ed2-fea0f775fa46"
},
{
"db": "CNVD",
"id": "CNVD-2017-01759"
},
{
"db": "VULHUB",
"id": "VHN-113358"
},
{
"db": "BID",
"id": "95766"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002220"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-272"
},
{
"db": "NVD",
"id": "CVE-2017-5155"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-22T00:00:00",
"db": "IVD",
"id": "195abc78-1252-4e75-8ed2-fea0f775fa46"
},
{
"date": "2017-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01759"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-113358"
},
{
"date": "2017-01-24T00:00:00",
"db": "BID",
"id": "95766"
},
{
"date": "2017-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002220"
},
{
"date": "2017-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-272"
},
{
"date": "2017-02-13T21:59:02.737000",
"db": "NVD",
"id": "CVE-2017-5155"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01759"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-113358"
},
{
"date": "2017-02-02T01:01:00",
"db": "BID",
"id": "95766"
},
{
"date": "2017-04-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002220"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-272"
},
{
"date": "2024-11-21T03:27:09.980000",
"db": "NVD",
"id": "CVE-2017-5155"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-272"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Wonderware Historian Unauthorized Access Vulnerability",
"sources": [
{
"db": "IVD",
"id": "195abc78-1252-4e75-8ed2-fea0f775fa46"
},
{
"db": "CNVD",
"id": "CNVD-2017-01759"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-272"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…