var-201703-0462
Vulnerability from variot
An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating. Eaton xComfort is a smart home solution from Eaton, USA. The program includes a wireless home automation system that provides home security and energy management features. There are security vulnerabilities in Eaton xComfort ECI 1.07 and earlier. An unauthorized attacker could exploit the vulnerability to access files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0462",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xcomfort ethernet communication interface",
"scope": "lte",
"trust": 1.8,
"vendor": "eaton",
"version": "1.07"
},
{
"model": "xcomfort ethernet communication interface",
"scope": "lte",
"trust": 0.6,
"vendor": "eaton",
"version": "\u003c=1.07"
},
{
"model": "xcomfort ethernet communication interface",
"scope": "eq",
"trust": 0.6,
"vendor": "eaton",
"version": "1.07"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "xcomfort ethernet communication interface",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "ca995212-3594-4e10-b2bc-114358bb39bc"
},
{
"db": "CNVD",
"id": "CNVD-2017-03834"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007967"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-593"
},
{
"db": "NVD",
"id": "CVE-2016-9368"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:eaton:xcomfort_ethernet_communication_interface",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007967"
}
]
},
"cve": "CVE-2016-9368",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-9368",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-03834",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "ca995212-3594-4e10-b2bc-114358bb39bc",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-9368",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-9368",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-9368",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-03834",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-593",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "ca995212-3594-4e10-b2bc-114358bb39bc",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ca995212-3594-4e10-b2bc-114358bb39bc"
},
{
"db": "CNVD",
"id": "CNVD-2017-03834"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007967"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-593"
},
{
"db": "NVD",
"id": "CVE-2016-9368"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating. Eaton xComfort is a smart home solution from Eaton, USA. The program includes a wireless home automation system that provides home security and energy management features. There are security vulnerabilities in Eaton xComfort ECI 1.07 and earlier. An unauthorized attacker could exploit the vulnerability to access files",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9368"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007967"
},
{
"db": "CNVD",
"id": "CNVD-2017-03834"
},
{
"db": "IVD",
"id": "ca995212-3594-4e10-b2bc-114358bb39bc"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9368",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-17-061-01",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2017-03834",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-593",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007967",
"trust": 0.8
},
{
"db": "IVD",
"id": "CA995212-3594-4E10-B2BC-114358BB39BC",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "ca995212-3594-4e10-b2bc-114358bb39bc"
},
{
"db": "CNVD",
"id": "CNVD-2017-03834"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007967"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-593"
},
{
"db": "NVD",
"id": "CVE-2016-9368"
}
]
},
"id": "VAR-201703-0462",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ca995212-3594-4e10-b2bc-114358bb39bc"
},
{
"db": "CNVD",
"id": "CNVD-2017-03834"
}
],
"trust": 1.5
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ca995212-3594-4e10-b2bc-114358bb39bc"
},
{
"db": "CNVD",
"id": "CNVD-2017-03834"
}
]
},
"last_update_date": "2024-11-23T22:38:36.842000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "xComfort - RF Smart Home Solutions",
"trust": 0.8,
"url": "http://www.eaton.eu/Europe/Electrical/ProductsServices/Residential/xComfort-RFSmartHomeSolutions/index.htm?wtredirect=www.eaton.eu/xcomfort#tabs-11"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007967"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007967"
},
{
"db": "NVD",
"id": "CVE-2016-9368"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-061-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9368"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9368"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03834"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007967"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-593"
},
{
"db": "NVD",
"id": "CVE-2016-9368"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ca995212-3594-4e10-b2bc-114358bb39bc"
},
{
"db": "CNVD",
"id": "CNVD-2017-03834"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007967"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-593"
},
{
"db": "NVD",
"id": "CVE-2016-9368"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-02T00:00:00",
"db": "IVD",
"id": "ca995212-3594-4e10-b2bc-114358bb39bc"
},
{
"date": "2017-04-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-03834"
},
{
"date": "2017-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007967"
},
{
"date": "2017-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-593"
},
{
"date": "2017-03-14T09:59:00.300000",
"db": "NVD",
"id": "CVE-2016-9368"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-03834"
},
{
"date": "2017-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007967"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-593"
},
{
"date": "2024-11-21T03:01:02.127000",
"db": "NVD",
"id": "CVE-2016-9368"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-593"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eaton xComfort Ethernet Communication Interface Unauthorized Access Vulnerability",
"sources": [
{
"db": "IVD",
"id": "ca995212-3594-4e10-b2bc-114358bb39bc"
},
{
"db": "CNVD",
"id": "CNVD-2017-03834"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "ca995212-3594-4e10-b2bc-114358bb39bc"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-593"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…