var-201710-0804
Vulnerability from variot
An Uncontrolled Search Path Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An uncontrolled search path element vulnerability has been identified, which may allow a remote attacker without privileges to execute arbitrary code in the form of a malicious DLL file. Progea Movicon Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Movicon is an industrial monitoring software developed by the Italian automation software provider PROGEA (Scada/HMI). Progea Movicon is prone to a multiple privilege-escalation vulnerabilities. Movicon versions 11.5.1181 and prior are affected.
BACKGROUND
Critical Infrastructure Sectors: Critical Manufacturing, Energy, Food and Agriculture, Transportation Systems, Water and Wastewater Systems Countries/Areas Deployed: Europe, India, and United States Company Headquarters Location: Italy
IMPACT
Successful exploitation of these vulnerabilities could allow privilege escalation or arbitrary code execution.
The specific flaw exists within the handling of a specific named DLL file used by Movicon SCADA/HMI. By placing specific DLL file (listed below), an attacker is able to force the process to load an arbitrary DLL.
DLL File Name (1)
api-ms-win-appmodel-runtime-l1-1-0.dll
Application Executables (that look for missing DLL)
Movicon.exe MoviconRunTime.exe MoviconService.exe AlarmsImpExp.exe ReportViewerNET.exe
Steps to reproduce
-
Generate a dll payload msfvenom ap windows/exec cmd=calc.exe af dll ao api-ms-win-appmodel-runtime-l1-1-0.dll
-
Place this dll in install directory (or C:\Windows, or any directory defined in the PATH environment variable) C:\Program Files\Progea\Movicon11.5\
-
Run MoviconService.exe (or any of the above listed executables), and Exit
CVE-2017-14017 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot.
aC/ MOVICON (MOVICON) runs as LocalSystem and has path: C:\Program Files\Progea\Movicon11.5\MoviconService.exe:
CVE-2017-14019 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).
+++++
Best Regards, Karn Ganeshen
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0804",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "movicon",
"scope": "lte",
"trust": 1.0,
"vendor": "progea",
"version": "11.5.1181"
},
{
"model": "movicon",
"scope": "eq",
"trust": 0.9,
"vendor": "progea",
"version": "11.5.1181"
},
{
"model": "movicon",
"scope": "lte",
"trust": 0.8,
"vendor": "progea srl",
"version": "11.5.1181"
},
{
"model": "movicon",
"scope": "lte",
"trust": 0.6,
"vendor": "progea",
"version": "\u003c=11.5.1181"
},
{
"model": "movicon",
"scope": "eq",
"trust": 0.3,
"vendor": "progea",
"version": "11.4.1150"
},
{
"model": "movicon build",
"scope": "eq",
"trust": 0.3,
"vendor": "progea",
"version": "11.41150"
},
{
"model": "movicon",
"scope": "eq",
"trust": 0.3,
"vendor": "progea",
"version": "11.4"
},
{
"model": "movicon",
"scope": "eq",
"trust": 0.3,
"vendor": "progea",
"version": "11.3"
},
{
"model": "movicon",
"scope": "eq",
"trust": 0.3,
"vendor": "progea",
"version": "11.2.1085.4"
},
{
"model": "movicon",
"scope": "eq",
"trust": 0.3,
"vendor": "progea",
"version": "11.2.1085.3"
},
{
"model": "movicon build",
"scope": "eq",
"trust": 0.3,
"vendor": "progea",
"version": "11.21085"
},
{
"model": "movicon build",
"scope": "eq",
"trust": 0.3,
"vendor": "progea",
"version": "11.21084"
},
{
"model": "movicon",
"scope": "eq",
"trust": 0.3,
"vendor": "progea",
"version": "11.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "movicon",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "f722565a-b363-40d4-9b2c-f2853d768656"
},
{
"db": "CNVD",
"id": "CNVD-2017-30495"
},
{
"db": "BID",
"id": "101483"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009507"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1258"
},
{
"db": "NVD",
"id": "CVE-2017-14017"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:progea:movicon",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009507"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen.",
"sources": [
{
"db": "BID",
"id": "101483"
}
],
"trust": 0.3
},
"cve": "CVE-2017-14017",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-14017",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-30495",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "f722565a-b363-40d4-9b2c-f2853d768656",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-14017",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-14017",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-14017",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-30495",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1258",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "f722565a-b363-40d4-9b2c-f2853d768656",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f722565a-b363-40d4-9b2c-f2853d768656"
},
{
"db": "CNVD",
"id": "CNVD-2017-30495"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009507"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1258"
},
{
"db": "NVD",
"id": "CVE-2017-14017"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Uncontrolled Search Path Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An uncontrolled search path element vulnerability has been identified, which may allow a remote attacker without privileges to execute arbitrary code in the form of a malicious DLL file. Progea Movicon Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Movicon is an industrial monitoring software developed by the Italian automation software provider PROGEA (Scada/HMI). Progea Movicon is prone to a multiple privilege-escalation vulnerabilities. \nMovicon versions 11.5.1181 and prior are affected. \n\n------------------------\nBACKGROUND\n------------------------\nCritical Infrastructure Sectors: Critical Manufacturing, Energy, Food and\nAgriculture, Transportation Systems, Water and Wastewater Systems\nCountries/Areas Deployed: Europe, India, and United States\nCompany Headquarters Location: Italy\n\n\n------------------------\nIMPACT\n------------------------\nSuccessful exploitation of these vulnerabilities could allow privilege\nescalation or arbitrary code execution. \n\nThe specific flaw exists within the handling of a specific named DLL file\nused by Movicon SCADA/HMI. By placing specific DLL file (listed below), an\nattacker is able to force the process to load an arbitrary DLL. \n\n------------------------\nDLL File Name (1)\n------------------------\napi-ms-win-appmodel-runtime-l1-1-0.dll\n\n------------------------\nApplication Executables (that look for missing DLL)\n------------------------\nMovicon.exe\nMoviconRunTime.exe\nMoviconService.exe\nAlarmsImpExp.exe\nReportViewerNET.exe\n\n------------------------\nSteps to reproduce\n------------------------\n\n1. Generate a dll payload\nmsfvenom ap windows/exec cmd=calc.exe af dll ao\napi-ms-win-appmodel-runtime-l1-1-0.dll\n\n2. Place this dll in install directory (or C:\\Windows, or any directory\ndefined in the PATH environment variable)\nC:\\Program Files\\Progea\\Movicon11.5\\\n\n3. Run MoviconService.exe (or any of the above listed executables), and Exit\n\n------------------------\nCVE-2017-14017 has been assigned to this vulnerability. A CVSS v3 base\nscore of 6.8 has been assigned; the CVSS vector string is\n(AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). \n\nA successful attempt would require the local user to be able to insert\ntheir code in the system root path undetected by the OS or other security\napplications where it could potentially be executed during application\nstartup or reboot. \n\naC/ MOVICON (MOVICON) runs as LocalSystem and has path: C:\\Program\nFiles\\Progea\\Movicon11.5\\MoviconService.exe:\n\nCVE-2017-14019 has been assigned to this vulnerability. A CVSS v3 base\nscore of 6.5 has been assigned; the CVSS vector string is\n(AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). \n\n+++++\n\nBest Regards,\nKarn Ganeshen\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14017"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009507"
},
{
"db": "CNVD",
"id": "CNVD-2017-30495"
},
{
"db": "BID",
"id": "101483"
},
{
"db": "IVD",
"id": "f722565a-b363-40d4-9b2c-f2853d768656"
},
{
"db": "PACKETSTORM",
"id": "144818"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14017",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-290-01",
"trust": 3.4
},
{
"db": "BID",
"id": "101483",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-30495",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1258",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009507",
"trust": 0.8
},
{
"db": "IVD",
"id": "F722565A-B363-40D4-9B2C-F2853D768656",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "144818",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "f722565a-b363-40d4-9b2c-f2853d768656"
},
{
"db": "CNVD",
"id": "CNVD-2017-30495"
},
{
"db": "BID",
"id": "101483"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009507"
},
{
"db": "PACKETSTORM",
"id": "144818"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1258"
},
{
"db": "NVD",
"id": "CVE-2017-14017"
}
]
},
"id": "VAR-201710-0804",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f722565a-b363-40d4-9b2c-f2853d768656"
},
{
"db": "CNVD",
"id": "CNVD-2017-30495"
}
],
"trust": 1.4500000000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "f722565a-b363-40d4-9b2c-f2853d768656"
},
{
"db": "CNVD",
"id": "CNVD-2017-30495"
}
]
},
"last_update_date": "2024-11-23T21:53:40.654000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.progea.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009507"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009507"
},
{
"db": "NVD",
"id": "CVE-2017-14017"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-290-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/101483"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14017"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14017"
},
{
"trust": 0.3,
"url": "http://www.progea.com/it-it/downloads/software.aspx"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14019"
},
{
"trust": 0.1,
"url": "https://ipositivesecurity.com/2017/10/28/ics-progea-movicon-scadahmi-vulnerabilities/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30495"
},
{
"db": "BID",
"id": "101483"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009507"
},
{
"db": "PACKETSTORM",
"id": "144818"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1258"
},
{
"db": "NVD",
"id": "CVE-2017-14017"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f722565a-b363-40d4-9b2c-f2853d768656"
},
{
"db": "CNVD",
"id": "CNVD-2017-30495"
},
{
"db": "BID",
"id": "101483"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009507"
},
{
"db": "PACKETSTORM",
"id": "144818"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1258"
},
{
"db": "NVD",
"id": "CVE-2017-14017"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-18T00:00:00",
"db": "IVD",
"id": "f722565a-b363-40d4-9b2c-f2853d768656"
},
{
"date": "2017-10-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-30495"
},
{
"date": "2017-10-17T00:00:00",
"db": "BID",
"id": "101483"
},
{
"date": "2017-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009507"
},
{
"date": "2017-10-31T13:44:44",
"db": "PACKETSTORM",
"id": "144818"
},
{
"date": "2017-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1258"
},
{
"date": "2017-10-19T23:29:00.280000",
"db": "NVD",
"id": "CVE-2017-14017"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-30495"
},
{
"date": "2017-10-17T00:00:00",
"db": "BID",
"id": "101483"
},
{
"date": "2017-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009507"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1258"
},
{
"date": "2024-11-21T03:11:58.247000",
"db": "NVD",
"id": "CVE-2017-14017"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1258"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Progea Movicon SCADA/HMI Arbitrary code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "f722565a-b363-40d4-9b2c-f2853d768656"
},
{
"db": "CNVD",
"id": "CNVD-2017-30495"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "f722565a-b363-40d4-9b2c-f2853d768656"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1258"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…