var-201710-0805
Vulnerability from variot
An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate his or her privileges. Progea Movicon Contains vulnerabilities related to unquoted search paths or elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Movicon is an industrial monitoring software developed by the Italian automation software provider PROGEA (Scada/HMI). Progea Movicon is prone to a multiple privilege-escalation vulnerabilities. An attacker can exploit these issues to execute arbitrary code to gain elevated privileges. Movicon versions 11.5.1181 and prior are affected.
BACKGROUND
Critical Infrastructure Sectors: Critical Manufacturing, Energy, Food and Agriculture, Transportation Systems, Water and Wastewater Systems Countries/Areas Deployed: Europe, India, and United States Company Headquarters Location: Italy
IMPACT
Successful exploitation of these vulnerabilities could allow privilege escalation or arbitrary code execution. User interaction is required to exploit this vulnerability in that the malicious dll file should be saved in any of the DLL search paths.
The specific flaw exists within the handling of a specific named DLL file used by Movicon SCADA/HMI. By placing specific DLL file (listed below), an attacker is able to force the process to load an arbitrary DLL.
DLL File Name (1)
api-ms-win-appmodel-runtime-l1-1-0.dll
Application Executables (that look for missing DLL)
Movicon.exe MoviconRunTime.exe MoviconService.exe AlarmsImpExp.exe ReportViewerNET.exe
Steps to reproduce
-
Generate a dll payload msfvenom ap windows/exec cmd=calc.exe af dll ao api-ms-win-appmodel-runtime-l1-1-0.dll
-
Place this dll in install directory (or C:\Windows, or any directory defined in the PATH environment variable) C:\Program Files\Progea\Movicon11.5\
-
Run MoviconService.exe (or any of the above listed executables), and Exit
CVE-2017-14017 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot.
aC/ MOVICON (MOVICON) runs as LocalSystem and has path: C:\Program Files\Progea\Movicon11.5\MoviconService.exe:
CVE-2017-14019 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).
+++++
Best Regards, Karn Ganeshen
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0805",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "movicon",
"scope": "eq",
"trust": 1.9,
"vendor": "progea",
"version": "11.5.1181"
},
{
"model": "movicon",
"scope": "lte",
"trust": 0.8,
"vendor": "progea srl",
"version": "11.5.1181"
},
{
"model": "movicon",
"scope": "lte",
"trust": 0.6,
"vendor": "progea",
"version": "\u003c=11.5.1181"
},
{
"model": "movicon",
"scope": "eq",
"trust": 0.3,
"vendor": "progea",
"version": "11.4.1150"
},
{
"model": "movicon build",
"scope": "eq",
"trust": 0.3,
"vendor": "progea",
"version": "11.41150"
},
{
"model": "movicon",
"scope": "eq",
"trust": 0.3,
"vendor": "progea",
"version": "11.4"
},
{
"model": "movicon",
"scope": "eq",
"trust": 0.3,
"vendor": "progea",
"version": "11.3"
},
{
"model": "movicon",
"scope": "eq",
"trust": 0.3,
"vendor": "progea",
"version": "11.2.1085.4"
},
{
"model": "movicon",
"scope": "eq",
"trust": 0.3,
"vendor": "progea",
"version": "11.2.1085.3"
},
{
"model": "movicon build",
"scope": "eq",
"trust": 0.3,
"vendor": "progea",
"version": "11.21085"
},
{
"model": "movicon build",
"scope": "eq",
"trust": 0.3,
"vendor": "progea",
"version": "11.21084"
},
{
"model": "movicon",
"scope": "eq",
"trust": 0.3,
"vendor": "progea",
"version": "11.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "movicon",
"version": "11.5.1181"
}
],
"sources": [
{
"db": "IVD",
"id": "e538bc3b-a533-48aa-a303-eeaf311c363b"
},
{
"db": "CNVD",
"id": "CNVD-2017-30496"
},
{
"db": "BID",
"id": "101483"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009503"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1256"
},
{
"db": "NVD",
"id": "CVE-2017-14019"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:progea:movicon",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009503"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen.",
"sources": [
{
"db": "BID",
"id": "101483"
}
],
"trust": 0.3
},
"cve": "CVE-2017-14019",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-14019",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-30496",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "e538bc3b-a533-48aa-a303-eeaf311c363b",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2017-14019",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-14019",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-14019",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-30496",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1256",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e538bc3b-a533-48aa-a303-eeaf311c363b",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e538bc3b-a533-48aa-a303-eeaf311c363b"
},
{
"db": "CNVD",
"id": "CNVD-2017-30496"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009503"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1256"
},
{
"db": "NVD",
"id": "CVE-2017-14019"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate his or her privileges. Progea Movicon Contains vulnerabilities related to unquoted search paths or elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Movicon is an industrial monitoring software developed by the Italian automation software provider PROGEA (Scada/HMI). Progea Movicon is prone to a multiple privilege-escalation vulnerabilities. \nAn attacker can exploit these issues to execute arbitrary code to gain elevated privileges. \nMovicon versions 11.5.1181 and prior are affected. \n\n------------------------\nBACKGROUND\n------------------------\nCritical Infrastructure Sectors: Critical Manufacturing, Energy, Food and\nAgriculture, Transportation Systems, Water and Wastewater Systems\nCountries/Areas Deployed: Europe, India, and United States\nCompany Headquarters Location: Italy\n\n\n------------------------\nIMPACT\n------------------------\nSuccessful exploitation of these vulnerabilities could allow privilege\nescalation or arbitrary code execution. User interaction is required\nto exploit this vulnerability in that the malicious dll file should be\nsaved in any of the DLL search paths. \n\nThe specific flaw exists within the handling of a specific named DLL file\nused by Movicon SCADA/HMI. By placing specific DLL file (listed below), an\nattacker is able to force the process to load an arbitrary DLL. \n\n------------------------\nDLL File Name (1)\n------------------------\napi-ms-win-appmodel-runtime-l1-1-0.dll\n\n------------------------\nApplication Executables (that look for missing DLL)\n------------------------\nMovicon.exe\nMoviconRunTime.exe\nMoviconService.exe\nAlarmsImpExp.exe\nReportViewerNET.exe\n\n------------------------\nSteps to reproduce\n------------------------\n\n1. Generate a dll payload\nmsfvenom ap windows/exec cmd=calc.exe af dll ao\napi-ms-win-appmodel-runtime-l1-1-0.dll\n\n2. Place this dll in install directory (or C:\\Windows, or any directory\ndefined in the PATH environment variable)\nC:\\Program Files\\Progea\\Movicon11.5\\\n\n3. Run MoviconService.exe (or any of the above listed executables), and Exit\n\n------------------------\nCVE-2017-14017 has been assigned to this vulnerability. A CVSS v3 base\nscore of 6.8 has been assigned; the CVSS vector string is\n(AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). \n\nA successful attempt would require the local user to be able to insert\ntheir code in the system root path undetected by the OS or other security\napplications where it could potentially be executed during application\nstartup or reboot. \n\naC/ MOVICON (MOVICON) runs as LocalSystem and has path: C:\\Program\nFiles\\Progea\\Movicon11.5\\MoviconService.exe:\n\nCVE-2017-14019 has been assigned to this vulnerability. A CVSS v3 base\nscore of 6.5 has been assigned; the CVSS vector string is\n(AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). \n\n+++++\n\nBest Regards,\nKarn Ganeshen\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14019"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009503"
},
{
"db": "CNVD",
"id": "CNVD-2017-30496"
},
{
"db": "BID",
"id": "101483"
},
{
"db": "IVD",
"id": "e538bc3b-a533-48aa-a303-eeaf311c363b"
},
{
"db": "PACKETSTORM",
"id": "144818"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14019",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-290-01",
"trust": 3.4
},
{
"db": "BID",
"id": "101483",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-30496",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1256",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009503",
"trust": 0.8
},
{
"db": "IVD",
"id": "E538BC3B-A533-48AA-A303-EEAF311C363B",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "144818",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e538bc3b-a533-48aa-a303-eeaf311c363b"
},
{
"db": "CNVD",
"id": "CNVD-2017-30496"
},
{
"db": "BID",
"id": "101483"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009503"
},
{
"db": "PACKETSTORM",
"id": "144818"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1256"
},
{
"db": "NVD",
"id": "CVE-2017-14019"
}
]
},
"id": "VAR-201710-0805",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e538bc3b-a533-48aa-a303-eeaf311c363b"
},
{
"db": "CNVD",
"id": "CNVD-2017-30496"
}
],
"trust": 1.4500000000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e538bc3b-a533-48aa-a303-eeaf311c363b"
},
{
"db": "CNVD",
"id": "CNVD-2017-30496"
}
]
},
"last_update_date": "2024-11-23T21:53:40.616000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.progea.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009503"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-428",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009503"
},
{
"db": "NVD",
"id": "CVE-2017-14019"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-290-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/101483"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14019"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14019"
},
{
"trust": 0.3,
"url": "http://www.progea.com/it-it/downloads/software.aspx"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14017"
},
{
"trust": 0.1,
"url": "https://ipositivesecurity.com/2017/10/28/ics-progea-movicon-scadahmi-vulnerabilities/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30496"
},
{
"db": "BID",
"id": "101483"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009503"
},
{
"db": "PACKETSTORM",
"id": "144818"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1256"
},
{
"db": "NVD",
"id": "CVE-2017-14019"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e538bc3b-a533-48aa-a303-eeaf311c363b"
},
{
"db": "CNVD",
"id": "CNVD-2017-30496"
},
{
"db": "BID",
"id": "101483"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009503"
},
{
"db": "PACKETSTORM",
"id": "144818"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1256"
},
{
"db": "NVD",
"id": "CVE-2017-14019"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-18T00:00:00",
"db": "IVD",
"id": "e538bc3b-a533-48aa-a303-eeaf311c363b"
},
{
"date": "2017-10-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-30496"
},
{
"date": "2017-10-17T00:00:00",
"db": "BID",
"id": "101483"
},
{
"date": "2017-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009503"
},
{
"date": "2017-10-31T13:44:44",
"db": "PACKETSTORM",
"id": "144818"
},
{
"date": "2017-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1256"
},
{
"date": "2017-10-19T23:29:00.327000",
"db": "NVD",
"id": "CVE-2017-14019"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-30496"
},
{
"date": "2017-10-17T00:00:00",
"db": "BID",
"id": "101483"
},
{
"date": "2017-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009503"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1256"
},
{
"date": "2024-11-21T03:11:58.483000",
"db": "NVD",
"id": "CVE-2017-14019"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1256"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Progea Movicon Vulnerabilities related to unquoted search paths or elements",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009503"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "e538bc3b-a533-48aa-a303-eeaf311c363b"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1256"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…