Sign-up

ID

VAR-201102-0172


CVE

CVE-2010-4731


TITLE

WebSCADA Multiple products cgi-bin/read.cgi Absolute path traversal vulnerability

Trust: 1.4

sources: IVD: 47a1985a-2355-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-6678 // CNNVD: CNNVD-201102-226

DESCRIPTION

Absolute path traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a full pathname in the file parameter, a different vulnerability than CVE-2009-4463. IntelliCom NetBiter products based on the NB100 and NB200 platforms contain multiple vulnerabilities. IntelliCom NetBiter NB100 and NB200 Multiple running on the platform IntelliCom Product cgi-bin/read.cgi Is An absolute path traversal vulnerability exists

Trust: 3.15

sources: NVD: CVE-2010-4731 // CERT/CC: VU#114560 // JVNDB: JVNDB-2011-001683 // CNVD: CNVD-2011-6678 // IVD: 47a1985a-2355-11e6-abef-000c29c66e3d // VULHUB: VHN-47336

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 47a1985a-2355-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-6678

AFFECTED PRODUCTS

vendor:intellicommodel:netbiter serial ethernet server ss100scope:eqversion:*

Trust: 1.0

vendor:intellicommodel:netbiter webscada ws100scope:eqversion:*

Trust: 1.0

vendor:intellicommodel:netbiter easyconnect ec150scope:eqversion:*

Trust: 1.0

vendor:intellicommodel:netbiter nb100scope:eqversion:*

Trust: 1.0

vendor:intellicommodel:netbiter modbus rtu-tcp gateway mb100scope:eqversion:*

Trust: 1.0

vendor:intellicommodel:netbiter nb200scope:eqversion:*

Trust: 1.0

vendor:intellicommodel:netbiter webscada ws200scope:eqversion:*

Trust: 1.0

vendor:intellicom innovation abmodel: - scope: - version: -

Trust: 0.8

vendor:intellicom innovation abmodel:netbiter easy connect ec150scope: - version: -

Trust: 0.8

vendor:intellicom innovation abmodel:netbiter modbus rtu - tcp gateway mb100scope: - version: -

Trust: 0.8

vendor:intellicom innovation abmodel:netbiter serial ethernet server ss100scope: - version: -

Trust: 0.8

vendor:intellicom innovation abmodel:netbiter webscada ws100scope: - version: -

Trust: 0.8

vendor:intellicom innovation abmodel:netbiter webscada ws200scope: - version: -

Trust: 0.8

vendor:webscadamodel:ws200scope: - version: -

Trust: 0.6

vendor:webscadamodel:ws100scope: - version: -

Trust: 0.6

vendor:intellicommodel:netbiter webscada ws200scope: - version: -

Trust: 0.6

vendor:intellicommodel:netbiter easyconnect ec150scope: - version: -

Trust: 0.6

vendor:intellicommodel:netbiter serial ethernet server ss100scope: - version: -

Trust: 0.6

vendor:intellicommodel:netbiter modbus rtu-tcp gateway mb100scope: - version: -

Trust: 0.6

vendor:intellicommodel:netbiter webscada ws100scope: - version: -

Trust: 0.6

vendor:netbiter easyconnect ec150model: - scope:eqversion:*

Trust: 0.2

vendor:netbiter modbus rtu tcp gateway mb100model: - scope:eqversion:*

Trust: 0.2

vendor:netbiter serial ethernet server ss100model: - scope:eqversion:*

Trust: 0.2

vendor:netbiter webscada ws100model: - scope:eqversion:*

Trust: 0.2

vendor:netbiter webscada ws200model: - scope:eqversion:*

Trust: 0.2

vendor:netbiter nb100model: - scope:eqversion:*

Trust: 0.2

vendor:netbiter nb200model: - scope:eqversion:*

Trust: 0.2

sources: IVD: 47a1985a-2355-11e6-abef-000c29c66e3d // CERT/CC: VU#114560 // CNVD: CNVD-2011-6678 // JVNDB: JVNDB-2011-001683 // CNNVD: CNNVD-201102-226 // NVD: CVE-2010-4731

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-4731
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#114560
value: 1.68

Trust: 0.8

NVD: CVE-2010-4731
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2011-6678
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201102-226
value: MEDIUM

Trust: 0.6

IVD: 47a1985a-2355-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-47336
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-4731
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2011-6678
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 47a1985a-2355-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-47336
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 47a1985a-2355-11e6-abef-000c29c66e3d // CERT/CC: VU#114560 // CNVD: CNVD-2011-6678 // VULHUB: VHN-47336 // JVNDB: JVNDB-2011-001683 // CNNVD: CNNVD-201102-226 // NVD: CVE-2010-4731

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-47336 // JVNDB: JVNDB-2011-001683 // NVD: CVE-2010-4731

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201102-226

TYPE

Path traversal

Trust: 0.8

sources: IVD: 47a1985a-2355-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201102-226

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-001683

PATCH
title:Top Pageurl:http://support.intellicom.se
Trust: 0.8
title:WebSCADA multiple products cgi-bin/read.cgi absolute path traversal vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/37315
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2011-6678 // 
            
            
            
            JVNDB: JVNDB-2011-001683

EXTERNAL IDS
db:CERT/CCid:VU#114560
Trust: 3.9
db:NVDid:CVE-2010-4731
Trust: 3.3
db:ICS CERTid:ICSA-10-316-01A
Trust: 3.3
db:CNNVDid:CNNVD-201102-226
Trust: 0.9
db:CNVDid:CNVD-2011-6678
Trust: 0.8
db:JVNDBid:JVNDB-2011-001683
Trust: 0.8
db:BUGTRAQid:20101001 [STANKOINFORMZASCHITA-10-01] NETBITER, WEBSCADA MULTIPLE VULNERABILITIES
Trust: 0.6
db:IVDid:47A1985A-2355-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-47336
Trust: 0.1
sources:
            
            
            IVD: 47a1985a-2355-11e6-abef-000c29c66e3d // 
            
            
            
            CERT/CC: VU#114560 // 
            
            
            
            CNVD: CNVD-2011-6678 // 
            
            
            
            VULHUB: VHN-47336 // 
            
            
            
            JVNDB: JVNDB-2011-001683 // 
            
            
            
            CNNVD: CNNVD-201102-226 // 
            
            
            
            NVD: CVE-2010-4731

REFERENCES
url:http://www.us-cert.gov/control_systems/pdf/icsa-10-316-01a.pdf
Trust: 3.3
url:http://www.kb.cert.org/vuls/id/114560
Trust: 3.1
url:http://archives.neohapsis.com/archives/bugtraq/2010-10/0002.html
Trust: 2.5
url:http://support.intellicom.se
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4731
Trust: 0.8
url:http://jvn.jp/cert/jvnvu114560
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4731
Trust: 0.8
sources:
            
            
            CERT/CC: VU#114560 // 
            
            
            
            CNVD: CNVD-2011-6678 // 
            
            
            
            VULHUB: VHN-47336 // 
            
            
            
            JVNDB: JVNDB-2011-001683 // 
            
            
            
            CNNVD: CNNVD-201102-226 // 
            
            
            
            NVD: CVE-2010-4731

SOURCES
db:IVDid:47a1985a-2355-11e6-abef-000c29c66e3d
db:CERT/CCid:VU#114560
db:CNVDid:CNVD-2011-6678
db:VULHUBid:VHN-47336
db:JVNDBid:JVNDB-2011-001683
db:CNNVDid:CNNVD-201102-226
db:NVDid:CVE-2010-4731

LAST UPDATE DATE
2025-04-11T23:05:54.650000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#114560date:2011-02-23T00:00:00
db:CNVDid:CNVD-2011-6678date:2011-02-16T00:00:00
db:VULHUBid:VHN-47336date:2011-02-15T00:00:00
db:JVNDBid:JVNDB-2011-001683date:2011-06-06T00:00:00
db:CNNVDid:CNNVD-201102-226date:2011-02-16T00:00:00
db:NVDid:CVE-2010-4731date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:47a1985a-2355-11e6-abef-000c29c66e3ddate:2011-02-16T00:00:00
db:CERT/CCid:VU#114560date:2011-02-03T00:00:00
db:CNVDid:CNVD-2011-6678date:2011-02-16T00:00:00
db:VULHUBid:VHN-47336date:2011-02-15T00:00:00
db:JVNDBid:JVNDB-2011-001683date:2011-06-06T00:00:00
db:CNNVDid:CNNVD-201102-226date:2011-02-16T00:00:00
db:NVDid:CVE-2010-4731date:2011-02-15T01:00:01.603