var-201703-0231
Vulnerability from variot
A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function. plural Meteocontrol WEB'log The product contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Meteocontrol WEB'log is a SCADA system from Meteocontrol, Germany, which provides different energy and power configuration management functions based on the Web using different connection (energy/industrial) equipment. A cross-site request forgery vulnerability exists in several Meteocontrol WEB'log products. A remote attacker could exploit this vulnerability to perform unauthorized operations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0231",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "weblog",
"scope": "eq",
"trust": 1.6,
"vendor": "meteocontrol",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "weblog",
"version": null
},
{
"model": "web\u0027log basic 100",
"scope": null,
"trust": 0.8,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\u0027log light",
"scope": null,
"trust": 0.8,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\u0027log pro",
"scope": null,
"trust": 0.8,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\u0027log pro unlimited",
"scope": null,
"trust": 0.8,
"vendor": "meteocontrol",
"version": null
},
{
"model": "web\u0027log",
"scope": null,
"trust": 0.6,
"vendor": "meteocontrol",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "57149dcc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03358"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008063"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-429"
},
{
"db": "NVD",
"id": "CVE-2016-4504"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:meteocontrol:web%27log_basic_100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:meteocontrol:web%27log_light",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:meteocontrol:web%27log_pro",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:meteocontrol:web%27log_pro_unlimited",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008063"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-429"
}
],
"trust": 0.6
},
"cve": "CVE-2016-4504",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-4504",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-03358",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "57149dcc-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-4504",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4504",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-4504",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-03358",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-429",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "57149dcc-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "57149dcc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03358"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008063"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-429"
},
{
"db": "NVD",
"id": "CVE-2016-4504"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB\u0027log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function. plural Meteocontrol WEB\u0027log The product contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Meteocontrol WEB\u0027log is a SCADA system from Meteocontrol, Germany, which provides different energy and power configuration management functions based on the Web using different connection (energy/industrial) equipment. A cross-site request forgery vulnerability exists in several Meteocontrol WEB\u0027log products. A remote attacker could exploit this vulnerability to perform unauthorized operations",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4504"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008063"
},
{
"db": "CNVD",
"id": "CNVD-2016-03358"
},
{
"db": "IVD",
"id": "57149dcc-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4504",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-16-133-01",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2016-03358",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201605-429",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008063",
"trust": 0.8
},
{
"db": "IVD",
"id": "57149DCC-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "57149dcc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03358"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008063"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-429"
},
{
"db": "NVD",
"id": "CVE-2016-4504"
}
]
},
"id": "VAR-201703-0231",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "57149dcc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03358"
}
],
"trust": 1.657142865
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "57149dcc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03358"
}
]
},
"last_update_date": "2024-11-23T22:38:37.072000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WEB\u0027LOG",
"trust": 0.8,
"url": "https://www.meteocontrol.com/en/industrial-line/data-logger-weblogs/weblog/"
},
{
"title": "Patches for multiple Meteocontrol WEB\u0027log products across site request forgery vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/76083"
},
{
"title": "Multiple Meteocontrol WEB\u0027log Repair measures for product cross-site request forgery vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61744"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03358"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008063"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-429"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008063"
},
{
"db": "NVD",
"id": "CVE-2016-4504"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-133-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4504"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4504"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03358"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008063"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-429"
},
{
"db": "NVD",
"id": "CVE-2016-4504"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "57149dcc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03358"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008063"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-429"
},
{
"db": "NVD",
"id": "CVE-2016-4504"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-20T00:00:00",
"db": "IVD",
"id": "57149dcc-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-05-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03358"
},
{
"date": "2017-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008063"
},
{
"date": "2016-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-429"
},
{
"date": "2017-03-21T16:59:00.163000",
"db": "NVD",
"id": "CVE-2016-4504"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03358"
},
{
"date": "2017-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008063"
},
{
"date": "2017-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-429"
},
{
"date": "2024-11-21T02:52:21.780000",
"db": "NVD",
"id": "CVE-2016-4504"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-429"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Meteocontrol WEB\u0027log Product cross-site request forgery vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008063"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-429"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…