var-201708-1506
Vulnerability from variot
A vulnerability was discovered in Siemens ViewPort for Web Office Portal before revision number 1453 that could allow an unauthenticated remote user to upload arbitrary code and execute it with the permissions of the operating-system user running the web server by sending specially crafted network packets to port 443/TCP or port 80/TCP. Siemens ViewPort for Web Office Portal Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Web Office Portal provides authorized users to retrieve current data from the Control Center solution Spectrum PowerTM in a read-only manner
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1506",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "viewport for web office portal",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "viewport for web office portal",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "revision number 1453"
},
{
"model": "viewport for web office portal",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "1453"
},
{
"model": "viewport for web office portal",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1452"
},
{
"model": "viewport for web office portal",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "1453"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "viewport for web office portal",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d"
},
{
"db": "CNVD",
"id": "CNVD-2017-12112"
},
{
"db": "BID",
"id": "99343"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007163"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-628"
},
{
"db": "NVD",
"id": "CVE-2017-6869"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:viewport_for_web_office_portal",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007163"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hannes Trunde from Kapsch BusinessCom AG",
"sources": [
{
"db": "BID",
"id": "99343"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6869",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-6869",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-12112",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6869",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6869",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-6869",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-12112",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-628",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-6869",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d"
},
{
"db": "CNVD",
"id": "CNVD-2017-12112"
},
{
"db": "VULMON",
"id": "CVE-2017-6869"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007163"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-628"
},
{
"db": "NVD",
"id": "CVE-2017-6869"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was discovered in Siemens ViewPort for Web Office Portal before revision number 1453 that could allow an unauthenticated remote user to upload arbitrary code and execute it with the permissions of the operating-system user running the web server by sending specially crafted network packets to port 443/TCP or port 80/TCP. Siemens ViewPort for Web Office Portal Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Web Office Portal provides authorized users to retrieve current data from the Control Center solution Spectrum PowerTM in a read-only manner",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6869"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007163"
},
{
"db": "CNVD",
"id": "CNVD-2017-12112"
},
{
"db": "BID",
"id": "99343"
},
{
"db": "IVD",
"id": "0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d"
},
{
"db": "VULMON",
"id": "CVE-2017-6869"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6869",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-545214",
"trust": 2.3
},
{
"db": "BID",
"id": "99343",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-17-180-03",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2017-12112",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-628",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007163",
"trust": 0.8
},
{
"db": "IVD",
"id": "0A4ACB9E-A4F9-4E80-AACD-8CA53BBD700D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2017-6869",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d"
},
{
"db": "CNVD",
"id": "CNVD-2017-12112"
},
{
"db": "VULMON",
"id": "CVE-2017-6869"
},
{
"db": "BID",
"id": "99343"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007163"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-628"
},
{
"db": "NVD",
"id": "CVE-2017-6869"
}
]
},
"id": "VAR-201708-1506",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d"
},
{
"db": "CNVD",
"id": "CNVD-2017-12112"
}
],
"trust": 1.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d"
},
{
"db": "CNVD",
"id": "CNVD-2017-12112"
}
]
},
"last_update_date": "2024-11-23T23:08:56.285000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-545214",
"trust": 0.8,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-545214.pdf"
},
{
"title": "Patch for Siemens ViewPort for Web Office Portal Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/96915"
},
{
"title": "Siemens ViewPort for Web Office Portal Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99681"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12112"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007163"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-628"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007163"
},
{
"db": "NVD",
"id": "CVE-2017-6869"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-545214.pdf"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/99343"
},
{
"trust": 1.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-180-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6869"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6869"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12112"
},
{
"db": "VULMON",
"id": "CVE-2017-6869"
},
{
"db": "BID",
"id": "99343"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007163"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-628"
},
{
"db": "NVD",
"id": "CVE-2017-6869"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d"
},
{
"db": "CNVD",
"id": "CNVD-2017-12112"
},
{
"db": "VULMON",
"id": "CVE-2017-6869"
},
{
"db": "BID",
"id": "99343"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007163"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-628"
},
{
"db": "NVD",
"id": "CVE-2017-6869"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-30T00:00:00",
"db": "IVD",
"id": "0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d"
},
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12112"
},
{
"date": "2017-08-08T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6869"
},
{
"date": "2017-06-29T00:00:00",
"db": "BID",
"id": "99343"
},
{
"date": "2017-09-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007163"
},
{
"date": "2017-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-628"
},
{
"date": "2017-08-08T00:29:00.180000",
"db": "NVD",
"id": "CVE-2017-6869"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12112"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6869"
},
{
"date": "2017-06-29T00:00:00",
"db": "BID",
"id": "99343"
},
{
"date": "2017-09-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007163"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-628"
},
{
"date": "2024-11-21T03:30:41.943000",
"db": "NVD",
"id": "CVE-2017-6869"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-628"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens ViewPort for Web Office Portal Remote code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d"
},
{
"db": "CNVD",
"id": "CNVD-2017-12112"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-628"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…