var-201708-0163
Vulnerability from variot
An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network. ALC WebCTRL , i-Vu ,and SiteScan Web Is XML An external entity vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AutomatedLogic provides a complete set of building electrical and mechanical control systems for the majority of users, including central air conditioning automatic control, power distribution monitoring, water supply and drainage monitoring, lighting monitoring and elevator monitoring. The system has been widely used in the United States, China and other regions. There are XML external entity vulnerabilities in multiple devices of AutomatedLogicCorporation. Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0163",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "i-vu",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "6.5"
},
{
"model": "automatedlogic webctrl",
"scope": "lte",
"trust": 1.0,
"vendor": "carrier",
"version": "6.5"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "6.5"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "carrier i-vu",
"scope": "lte",
"trust": 0.6,
"vendor": "automated logic",
"version": "\u003c=6.5"
},
{
"model": "alc webctrl",
"scope": "lte",
"trust": 0.6,
"vendor": "automated logic",
"version": "\u003c=6.5"
},
{
"model": "liebert sitescan web",
"scope": "lte",
"trust": 0.6,
"vendor": "automated logic",
"version": "\u003c=6.5"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "6.5"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "6.5"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "6.5"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.1"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.0"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.1"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.1"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.0"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "i vu",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sitescan web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webctrl",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "52ef8bd8-d974-45fb-aa99-07306c190de3"
},
{
"db": "CNVD",
"id": "CNVD-2017-24364"
},
{
"db": "BID",
"id": "100558"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008818"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1409"
},
{
"db": "NVD",
"id": "CVE-2016-5795"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:automatedlogic:i-vu",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:automatedlogic:sitescan_web",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:automatedlogic:webctrl",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008818"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Evgeny Ermakov from Kaspersky Lab.",
"sources": [
{
"db": "BID",
"id": "100558"
}
],
"trust": 0.3
},
"cve": "CVE-2016-5795",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5795",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-24364",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "52ef8bd8-d974-45fb-aa99-07306c190de3",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5795",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5795",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-5795",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-24364",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1409",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "52ef8bd8-d974-45fb-aa99-07306c190de3",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "52ef8bd8-d974-45fb-aa99-07306c190de3"
},
{
"db": "CNVD",
"id": "CNVD-2017-24364"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008818"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1409"
},
{
"db": "NVD",
"id": "CVE-2016-5795"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network. ALC WebCTRL , i-Vu ,and SiteScan Web Is XML An external entity vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AutomatedLogic provides a complete set of building electrical and mechanical control systems for the majority of users, including central air conditioning automatic control, power distribution monitoring, water supply and drainage monitoring, lighting monitoring and elevator monitoring. The system has been widely used in the United States, China and other regions. There are XML external entity vulnerabilities in multiple devices of AutomatedLogicCorporation. \nAttackers can exploit this issue to gain access to sensitive information or cause denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5795"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008818"
},
{
"db": "CNVD",
"id": "CNVD-2017-24364"
},
{
"db": "BID",
"id": "100558"
},
{
"db": "IVD",
"id": "52ef8bd8-d974-45fb-aa99-07306c190de3"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5795",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-150-01",
"trust": 3.3
},
{
"db": "BID",
"id": "100558",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-24364",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1409",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008818",
"trust": 0.8
},
{
"db": "IVD",
"id": "52EF8BD8-D974-45FB-AA99-07306C190DE3",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "52ef8bd8-d974-45fb-aa99-07306c190de3"
},
{
"db": "CNVD",
"id": "CNVD-2017-24364"
},
{
"db": "BID",
"id": "100558"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008818"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1409"
},
{
"db": "NVD",
"id": "CVE-2016-5795"
}
]
},
"id": "VAR-201708-0163",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "52ef8bd8-d974-45fb-aa99-07306c190de3"
},
{
"db": "CNVD",
"id": "CNVD-2017-24364"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "52ef8bd8-d974-45fb-aa99-07306c190de3"
},
{
"db": "CNVD",
"id": "CNVD-2017-24364"
}
]
},
"last_update_date": "2024-11-23T22:56:10.467000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.automatedlogic.com/"
},
{
"title": "AutomatedLogicCorporation Patch for Multiple Device XML External Entity Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/101402"
},
{
"title": "ALC Liebert SiteScan Web , ALC WebCTRL and Carrier i-Vu Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74504"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24364"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008818"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1409"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-611",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008818"
},
{
"db": "NVD",
"id": "CVE-2016-5795"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-150-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100558"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5795"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5795"
},
{
"trust": 0.3,
"url": "http://www.automatedlogic.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24364"
},
{
"db": "BID",
"id": "100558"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008818"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1409"
},
{
"db": "NVD",
"id": "CVE-2016-5795"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "52ef8bd8-d974-45fb-aa99-07306c190de3"
},
{
"db": "CNVD",
"id": "CNVD-2017-24364"
},
{
"db": "BID",
"id": "100558"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008818"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1409"
},
{
"db": "NVD",
"id": "CVE-2016-5795"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-02T00:00:00",
"db": "IVD",
"id": "52ef8bd8-d974-45fb-aa99-07306c190de3"
},
{
"date": "2017-09-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-24364"
},
{
"date": "2017-08-31T00:00:00",
"db": "BID",
"id": "100558"
},
{
"date": "2017-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008818"
},
{
"date": "2017-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1409"
},
{
"date": "2017-08-31T21:29:00.187000",
"db": "NVD",
"id": "CVE-2016-5795"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-24364"
},
{
"date": "2017-08-31T00:00:00",
"db": "BID",
"id": "100558"
},
{
"date": "2017-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008818"
},
{
"date": "2021-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1409"
},
{
"date": "2024-11-21T02:55:01.433000",
"db": "NVD",
"id": "CVE-2016-5795"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1409"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ALC In product XML External entity vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008818"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1409"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…