var-202003-1413
Vulnerability from variot
OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacker on the same network segment to bypass authentication and to initialize the device via unspecified vectors. Provided by Plat'Home Co., Ltd. OpenBlocks IoT VX2 Is vulnerable to several vulnerabilities: ・ OS Command injection (CWE-78) - CVE-2020-5535 ・ Insufficient authentication (CWE-287) - CVE-2020-5536 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Ierae Security Co., Ltd. Murashima Masahiro Mr. Kataoka Genta MrThe expected impact depends on each vulnerability, but it may be affected as follows. ・ Depending on the user who can connect to the product root Arbitrary with authority OS The command may be executed - CVE-2020-5535 -Users who can connect to the product may bypass authentication and initialize the device. - CVE-2020-5536. OpenBlocks IoT VX2 is an intelligent edge IoT gateway with the high functionality and reliability required for the actual operation of IoT systems. Plat’Home OpenBlocks IoT VX2 is an IoT gateway device from Japan ’s Plat’Home. An authorization issue vulnerability exists in OpenBlocks IoT VX2 versions prior to 4.0.0, which originated from incorrect authentication
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1413",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openblocks iot vx2",
"scope": "lt",
"trust": 1.0,
"vendor": "plathome",
"version": "4.0.0"
},
{
"model": "openblocks iot vx2",
"scope": "gte",
"trust": 1.0,
"vendor": "plathome",
"version": "3.3.0"
},
{
"model": "openblocks iot vx2",
"scope": "eq",
"trust": 0.8,
"vendor": "plat home",
"version": "ver.4.0.0 (ver.3\u7cfb)"
},
{
"model": "openblocks iot",
"scope": "eq",
"trust": 0.6,
"vendor": "plat home",
"version": "vx2\u003c4.0.0"
},
{
"model": "openblocks iot vx2",
"scope": "eq",
"trust": 0.6,
"vendor": "plathome",
"version": "3.4.0"
},
{
"model": "openblocks iot vx2",
"scope": "eq",
"trust": 0.6,
"vendor": "plathome",
"version": "3.3.1"
},
{
"model": "openblocks iot vx2",
"scope": "eq",
"trust": 0.6,
"vendor": "plathome",
"version": null
},
{
"model": "openblocks iot vx2",
"scope": "eq",
"trust": 0.6,
"vendor": "plathome",
"version": "3.3.0"
},
{
"model": "openblocks iot vx2",
"scope": "eq",
"trust": 0.6,
"vendor": "plathome",
"version": "3.3.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15519"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000020"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-152"
},
{
"db": "NVD",
"id": "CVE-2020-5536"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:misc:plathome_openblocks_IoT_VX2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000020"
}
]
},
"cve": "CVE-2020-5536",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2020-5536",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-000020",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 4.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-000020",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2020-15519",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-5536",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-000020",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-000020",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-5536",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-000020",
"trust": 0.8,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2020-000020",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-15519",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-152",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15519"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000020"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000020"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-152"
},
{
"db": "NVD",
"id": "CVE-2020-5536"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacker on the same network segment to bypass authentication and to initialize the device via unspecified vectors. Provided by Plat\u0027Home Co., Ltd. OpenBlocks IoT VX2 Is vulnerable to several vulnerabilities: \u30fb OS Command injection (CWE-78) - CVE-2020-5535 \u30fb Insufficient authentication (CWE-287) - CVE-2020-5536 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Ierae Security Co., Ltd. Murashima Masahiro Mr. Kataoka Genta MrThe expected impact depends on each vulnerability, but it may be affected as follows. \u30fb Depending on the user who can connect to the product root Arbitrary with authority OS The command may be executed - CVE-2020-5535 -Users who can connect to the product may bypass authentication and initialize the device. - CVE-2020-5536. OpenBlocks IoT VX2 is an intelligent edge IoT gateway with the high functionality and reliability required for the actual operation of IoT systems. Plat\u2019Home OpenBlocks IoT VX2 is an IoT gateway device from Japan \u2019s Plat\u2019Home. \nAn authorization issue vulnerability exists in OpenBlocks IoT VX2 versions prior to 4.0.0, which originated from incorrect authentication",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5536"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000020"
},
{
"db": "CNVD",
"id": "CNVD-2020-15519"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-152"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-5536",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVN19666251",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000020",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2020-15519",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202003-152",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15519"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000020"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-152"
},
{
"db": "NVD",
"id": "CVE-2020-5536"
}
]
},
"id": "VAR-202003-1413",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15519"
}
],
"trust": 1.39166665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15519"
}
]
},
"last_update_date": "2024-11-23T22:33:33.392000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "OpenBlocks IoT VX2\u3000\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u30ea\u30ea\u30fc\u30b9\u60c5\u5831\uff5cFW4.0.0",
"trust": 0.8,
"url": "https://www.plathome.co.jp/software/vx2-v4-0-0/"
},
{
"title": "Patch for OpenBlocks IoT VX2 Certification Bypass Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/206909"
},
{
"title": "Plat\u2019Home OpenBlocks IoT VX2 Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111601"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15519"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000020"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-152"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
},
{
"problemtype": "CWE-78",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000020"
},
{
"db": "NVD",
"id": "CVE-2020-5536"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://jvn.jp/en/jp/jvn19666251/index.html"
},
{
"trust": 1.6,
"url": "https://www.plathome.co.jp/software/vx2-v4-0-0/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5535"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5536"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn19666251/index.html"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-000020.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-15519"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000020"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-152"
},
{
"db": "NVD",
"id": "CVE-2020-5536"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-15519"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000020"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-152"
},
{
"db": "NVD",
"id": "CVE-2020-5536"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15519"
},
{
"date": "2020-03-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-000020"
},
{
"date": "2020-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-152"
},
{
"date": "2020-03-04T02:15:13.347000",
"db": "NVD",
"id": "CVE-2020-5536"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-15519"
},
{
"date": "2020-03-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-000020"
},
{
"date": "2020-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-152"
},
{
"date": "2024-11-21T05:34:14.083000",
"db": "NVD",
"id": "CVE-2020-5536"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-152"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenBlocks IoT VX2 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000020"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-152"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…