var-201705-3542
Vulnerability from variot
A Command Injection issue was discovered in Satel Iberia SenNet Data Logger and Electricity Meters: SenNet Optimal DataLogger V5.37c-1.43c and prior, SenNet Solar Datalogger V5.03-1.56a and prior, and SenNet Multitask Meter V5.21a-1.18b and prior. Successful exploitation of this vulnerability could result in the attacker breaking out of the jailed shell and gaining full access to the system. SatelSenNetOptimalDataLogger, SenNetSolarDatalogger and SenNetMultitaskMeter are products of Satel, Spain. Both SenNetOptimalDataLogger and SenNetSolarDatalogger are data collectors. The SenNetMultitaskMeter is a multi-function meter. There are command injection vulnerabilities in several Satel products. SenNet Data Logger and Electricity Meters are prone to a remote command-injection vulnerability. Successful exploit allows an attacker to execute arbitrary commands in the context of the affected devices
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3542",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sennet optimal datalogger",
"scope": "lte",
"trust": 1.0,
"vendor": "satel iberia",
"version": "5.37c-1.43c"
},
{
"model": "sennet solar datalogger",
"scope": "lte",
"trust": 1.0,
"vendor": "satel iberia",
"version": "5.03-1.56a"
},
{
"model": "sennet multitask meter",
"scope": "lte",
"trust": 1.0,
"vendor": "satel iberia",
"version": "5.21a-1.18b"
},
{
"model": "sennet multitask meter",
"scope": "lte",
"trust": 0.8,
"vendor": "satel iberia",
"version": "v5.21a-1.18b"
},
{
"model": "sennet optimal datalogger",
"scope": "lte",
"trust": 0.8,
"vendor": "satel iberia",
"version": "v5.37c-1.43c"
},
{
"model": "sennet solar datalogger",
"scope": "lte",
"trust": 0.8,
"vendor": "satel iberia",
"version": "v5.03-1.56a"
},
{
"model": "iberia sennet multitask meter \u003c=v5.21a-1.18b",
"scope": null,
"trust": 0.6,
"vendor": "satel",
"version": null
},
{
"model": "iberia sennet solar datalogger \u003c=v5.03-1.56a",
"scope": null,
"trust": 0.6,
"vendor": "satel",
"version": null
},
{
"model": "iberia sennet optimal datalogger \u003c=v5.37c-1.43c",
"scope": null,
"trust": 0.6,
"vendor": "satel",
"version": null
},
{
"model": "sennet solar datalogger",
"scope": "eq",
"trust": 0.6,
"vendor": "satel iberia",
"version": "5.03-1.56a"
},
{
"model": "sennet multitask meter",
"scope": "eq",
"trust": 0.6,
"vendor": "satel iberia",
"version": "5.21a-1.18b"
},
{
"model": "sennet optimal datalogger",
"scope": "eq",
"trust": 0.6,
"vendor": "satel iberia",
"version": "5.37c-1.43c"
},
{
"model": "iberia sennet solar datalogger 5.03-1.56a",
"scope": null,
"trust": 0.3,
"vendor": "satel",
"version": null
},
{
"model": "iberia sennet optimal datalogger 5.37c-1.43c",
"scope": null,
"trust": 0.3,
"vendor": "satel",
"version": null
},
{
"model": "iberia sennet multitask meter 5.21a-1.18b",
"scope": null,
"trust": 0.3,
"vendor": "satel",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sennet multitask meter",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sennet optimal datalogger",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sennet solar datalogger",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "404d7f07-4689-4f7c-950c-b795eea8b7ee"
},
{
"db": "CNVD",
"id": "CNVD-2017-06954"
},
{
"db": "BID",
"id": "98417"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004293"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-640"
},
{
"db": "NVD",
"id": "CVE-2017-6048"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:satel-iberia:sennet_multitask_meter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:satel-iberia:sennet_optimal_datalogger",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:satel-iberia:sennet_solar_datalogger",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004293"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshan",
"sources": [
{
"db": "BID",
"id": "98417"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6048",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2017-6048",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-06954",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "404d7f07-4689-4f7c-950c-b795eea8b7ee",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-6048",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6048",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-6048",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-06954",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-640",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "404d7f07-4689-4f7c-950c-b795eea8b7ee",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "404d7f07-4689-4f7c-950c-b795eea8b7ee"
},
{
"db": "CNVD",
"id": "CNVD-2017-06954"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004293"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-640"
},
{
"db": "NVD",
"id": "CVE-2017-6048"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Command Injection issue was discovered in Satel Iberia SenNet Data Logger and Electricity Meters: SenNet Optimal DataLogger V5.37c-1.43c and prior, SenNet Solar Datalogger V5.03-1.56a and prior, and SenNet Multitask Meter V5.21a-1.18b and prior. Successful exploitation of this vulnerability could result in the attacker breaking out of the jailed shell and gaining full access to the system. SatelSenNetOptimalDataLogger, SenNetSolarDatalogger and SenNetMultitaskMeter are products of Satel, Spain. Both SenNetOptimalDataLogger and SenNetSolarDatalogger are data collectors. The SenNetMultitaskMeter is a multi-function meter. There are command injection vulnerabilities in several Satel products. SenNet Data Logger and Electricity Meters are prone to a remote command-injection vulnerability. \nSuccessful exploit allows an attacker to execute arbitrary commands in the context of the affected devices",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6048"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004293"
},
{
"db": "CNVD",
"id": "CNVD-2017-06954"
},
{
"db": "BID",
"id": "98417"
},
{
"db": "IVD",
"id": "404d7f07-4689-4f7c-950c-b795eea8b7ee"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6048",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-131-02",
"trust": 3.3
},
{
"db": "CNVD",
"id": "CNVD-2017-06954",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-640",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004293",
"trust": 0.8
},
{
"db": "BID",
"id": "98417",
"trust": 0.3
},
{
"db": "IVD",
"id": "404D7F07-4689-4F7C-950C-B795EEA8B7EE",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "404d7f07-4689-4f7c-950c-b795eea8b7ee"
},
{
"db": "CNVD",
"id": "CNVD-2017-06954"
},
{
"db": "BID",
"id": "98417"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004293"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-640"
},
{
"db": "NVD",
"id": "CVE-2017-6048"
}
]
},
"id": "VAR-201705-3542",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "404d7f07-4689-4f7c-950c-b795eea8b7ee"
},
{
"db": "CNVD",
"id": "CNVD-2017-06954"
}
],
"trust": 1.55
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "404d7f07-4689-4f7c-950c-b795eea8b7ee"
},
{
"db": "CNVD",
"id": "CNVD-2017-06954"
}
]
},
"last_update_date": "2024-11-23T22:34:38.508000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.satel-iberia.com/"
},
{
"title": "Patches for various Satel product command injection vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/93947"
},
{
"title": "Multiple Satel Product Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70110"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06954"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004293"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-640"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004293"
},
{
"db": "NVD",
"id": "CVE-2017-6048"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-131-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6048"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6048"
},
{
"trust": 0.3,
"url": "http://www.sennetmonitoring.com/en/dataloggers/"
},
{
"trust": 0.3,
"url": "http://www.sennetmonitoring.com/en/electricity-meters/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06954"
},
{
"db": "BID",
"id": "98417"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004293"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-640"
},
{
"db": "NVD",
"id": "CVE-2017-6048"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "404d7f07-4689-4f7c-950c-b795eea8b7ee"
},
{
"db": "CNVD",
"id": "CNVD-2017-06954"
},
{
"db": "BID",
"id": "98417"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004293"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-640"
},
{
"db": "NVD",
"id": "CVE-2017-6048"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-18T00:00:00",
"db": "IVD",
"id": "404d7f07-4689-4f7c-950c-b795eea8b7ee"
},
{
"date": "2017-05-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06954"
},
{
"date": "2017-05-11T00:00:00",
"db": "BID",
"id": "98417"
},
{
"date": "2017-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004293"
},
{
"date": "2017-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-640"
},
{
"date": "2017-05-19T03:29:00.543000",
"db": "NVD",
"id": "CVE-2017-6048"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06954"
},
{
"date": "2017-05-11T00:00:00",
"db": "BID",
"id": "98417"
},
{
"date": "2017-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004293"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-640"
},
{
"date": "2024-11-21T03:28:59.190000",
"db": "NVD",
"id": "CVE-2017-6048"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-640"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Satel Iberia of SenNet Data Logger and Electricity Meters Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004293"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Command injection",
"sources": [
{
"db": "IVD",
"id": "404d7f07-4689-4f7c-950c-b795eea8b7ee"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-640"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…