Details of VAR-200606-0487

ID

VAR-200606-0487

CVE

CVE-2006-2761

TITLE

Hitachi Hitsenser3 Unknown SQL Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2006-3997 // CNNVD: CNNVD-200606-025

DESCRIPTION

SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, HITSENSER3/PUP, HITSENSER3/STP, and HITSENSER3/EUP allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. Hitachi HITSENSER3 HITSENSER3 / PRP, HITSENSER3 / PUP, HITSENSER3 / STP, and HITSENSER3 / EUP have SQL injection vulnerabilities. HITSENSER3 is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. Versions 01-02 through 01-08 are vulnerable to this issue. ---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows bypassing of user authentication. The vulnerability has been reported in versions 01-02 through 01-08 of the following products: * HITSENSER3/PRP Model C-A7120-072 * HITSENSER3/PUP Model C-A7120-082 * HITSENSER3/STP Model C-A7120-092 * HITSENSER3/EUP Model C-A7120-102 SOLUTION: Update to version 01-08-/A. Users can contact Hitachi support service for the update. PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS06-011_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.8

sources: NVD: CVE-2006-2761 // CNVD: CNVD-2006-3997 // BID: 18181 // PACKETSTORM: 46881

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2006-3997

AFFECTED PRODUCTS

vendor:	hitachi	model:	hitsenser3	scope:	eq	version:	pup	Trust: 1.6
vendor:	hitachi	model:	hitsenser3	scope:	eq	version:	prp	Trust: 1.6
vendor:	hitachi	model:	hitsenser3	scope:	eq	version:	stp	Trust: 1.6
vendor:	hitachi	model:	hitsenser3	scope:	eq	version:	eup	Trust: 1.6
vendor:	hitachi	model:	hitsenser3	scope:	eq	version:	*	Trust: 1.0
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	hitachi	model:	hitsenser3	scope:	-	version:	-	Trust: 0.6
vendor:	hitachi	model:	hitsenser3	scope:	eq	version:	01-08	Trust: 0.3
vendor:	hitachi	model:	hitsenser3	scope:	eq	version:	01-02	Trust: 0.3
vendor:	hitachi	model:	hitsenser3 01-08-/a	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2006-3997 // BID: 18181 // CNNVD: CNNVD-200606-025 // NVD: CVE-2006-2761

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-2761
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2006-3997
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-200606-025
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2006-2761
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2006-3997
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2006-3997 // CNNVD: CNNVD-200606-025 // NVD: CVE-2006-2761

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-2761

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200606-025

TYPE

sql injection

Trust: 0.7

sources: PACKETSTORM: 46881 // CNNVD: CNNVD-200606-025

EXTERNAL IDS

db:	BID	id:	18181	Trust: 2.5
db:	NVD	id:	CVE-2006-2761	Trust: 2.2
db:	HITACHI	id:	HS06-011	Trust: 2.0
db:	SECUNIA	id:	20347	Trust: 1.8
db:	VUPEN	id:	ADV-2006-2063	Trust: 1.6
db:	SECTRACK	id:	1016190	Trust: 1.6
db:	CNVD	id:	CNVD-2006-3997	Trust: 0.6
db:	XF	id:	26749	Trust: 0.6
db:	XF	id:	3	Trust: 0.6
db:	CNNVD	id:	CNNVD-200606-025	Trust: 0.6
db:	PACKETSTORM	id:	46881	Trust: 0.1

sources: CNVD: CNVD-2006-3997 // BID: 18181 // PACKETSTORM: 46881 // CNNVD: CNNVD-200606-025 // NVD: CVE-2006-2761

REFERENCES

url:	http://www.securityfocus.com/bid/18181	Trust: 2.2
url:	http://www.hitachi-support.com/security_e/vuls_e/hs06-011_e/index-e.html	Trust: 2.0
url:	http://secunia.com/advisories/20347	Trust: 1.6
url:	http://securitytracker.com/id?1016190	Trust: 1.6
url:	http://www.vupen.com/english/advisories/2006/2063	Trust: 1.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/26749	Trust: 1.0
url:	http://www.frsirt.com/english/advisories/2006/2063	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/26749	Trust: 0.6
url:	http://www.hitachi.com/	Trust: 0.3
url:	http://secunia.com/product/10240/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/20347/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/secunia_security_specialist/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2006-3997 // BID: 18181 // PACKETSTORM: 46881 // CNNVD: CNNVD-200606-025 // NVD: CVE-2006-2761

CREDITS

Hitachi

Trust: 0.6

sources: CNNVD: CNNVD-200606-025

SOURCES

db:	CNVD	id:	CNVD-2006-3997
db:	BID	id:	18181
db:	PACKETSTORM	id:	46881
db:	CNNVD	id:	CNNVD-200606-025
db:	NVD	id:	CVE-2006-2761

LAST UPDATE DATE

2025-04-03T22:02:30.822000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2006-3997	date:	2006-06-01T00:00:00
db:	BID	id:	18181	date:	2006-05-31T19:52:00
db:	CNNVD	id:	CNNVD-200606-025	date:	2006-06-01T00:00:00
db:	NVD	id:	CVE-2006-2761	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2006-3997	date:	2006-06-01T00:00:00
db:	BID	id:	18181	date:	2006-05-31T00:00:00
db:	PACKETSTORM	id:	46881	date:	2006-05-31T21:33:01
db:	CNNVD	id:	CNNVD-200606-025	date:	2006-06-01T00:00:00
db:	NVD	id:	CVE-2006-2761	date:	2006-06-02T01:02:00