Sign-up

ID

VAR-201102-0173


CVE

CVE-2010-4732


TITLE

WebSCADA Multiple products cgi-bin/read.cgi Remote code execution vulnerability

Trust: 1.6

sources: IVD: 480401ac-2355-11e6-abef-000c29c66e3d // IVD: 7d7b301f-463f-11e9-9040-000c29342cb1 // CNVD: CNVD-2011-6677 // CNNVD: CNNVD-201102-227

DESCRIPTION

cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to execute arbitrary code by using a config.html 2.conf action to replace the logo page's GIF image file with a file containing this code, a different vulnerability than CVE-2009-4463. IntelliCom NetBiter products based on the NB100 and NB200 platforms contain multiple vulnerabilities. IntelliCom NetBiter NB100 and NB200 Multiple running on the platform IntelliCom Product cgi-bin/read.cgi Is A vulnerability that allows arbitrary code execution exists

Trust: 3.33

sources: NVD: CVE-2010-4732 // CERT/CC: VU#114560 // JVNDB: JVNDB-2011-001682 // CNVD: CNVD-2011-6677 // IVD: 480401ac-2355-11e6-abef-000c29c66e3d // IVD: 7d7b301f-463f-11e9-9040-000c29342cb1 // VULHUB: VHN-47337

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 480401ac-2355-11e6-abef-000c29c66e3d // IVD: 7d7b301f-463f-11e9-9040-000c29342cb1 // CNVD: CNVD-2011-6677

AFFECTED PRODUCTS

vendor:intellicommodel:netbiter serial ethernet server ss100scope:eqversion:*

Trust: 1.0

vendor:intellicommodel:netbiter webscada ws100scope:eqversion:*

Trust: 1.0

vendor:intellicommodel:netbiter easyconnect ec150scope:eqversion:*

Trust: 1.0

vendor:intellicommodel:netbiter nb100scope:eqversion:*

Trust: 1.0

vendor:intellicommodel:netbiter modbus rtu-tcp gateway mb100scope:eqversion:*

Trust: 1.0

vendor:intellicommodel:netbiter nb200scope:eqversion:*

Trust: 1.0

vendor:intellicommodel:netbiter webscada ws200scope:eqversion:*

Trust: 1.0

vendor:intellicom innovation abmodel: - scope: - version: -

Trust: 0.8

vendor:intellicom innovation abmodel:netbiter easy connect ec150scope: - version: -

Trust: 0.8

vendor:intellicom innovation abmodel:netbiter modbus rtu - tcp gateway mb100scope: - version: -

Trust: 0.8

vendor:intellicom innovation abmodel:netbiter serial ethernet server ss100scope: - version: -

Trust: 0.8

vendor:intellicom innovation abmodel:netbiter webscada ws100scope: - version: -

Trust: 0.8

vendor:intellicom innovation abmodel:netbiter webscada ws200scope: - version: -

Trust: 0.8

vendor:webscadamodel:ws200scope: - version: -

Trust: 0.6

vendor:webscadamodel:ws100scope: - version: -

Trust: 0.6

vendor:intellicommodel:netbiter webscada ws200scope: - version: -

Trust: 0.6

vendor:intellicommodel:netbiter easyconnect ec150scope: - version: -

Trust: 0.6

vendor:intellicommodel:netbiter serial ethernet server ss100scope: - version: -

Trust: 0.6

vendor:intellicommodel:netbiter modbus rtu-tcp gateway mb100scope: - version: -

Trust: 0.6

vendor:intellicommodel:netbiter webscada ws100scope: - version: -

Trust: 0.6

vendor:netbiter easyconnect ec150model: - scope:eqversion:*

Trust: 0.4

vendor:netbiter modbus rtu tcp gateway mb100model: - scope:eqversion:*

Trust: 0.4

vendor:netbiter serial ethernet server ss100model: - scope:eqversion:*

Trust: 0.4

vendor:netbiter webscada ws100model: - scope:eqversion:*

Trust: 0.4

vendor:netbiter webscada ws200model: - scope:eqversion:*

Trust: 0.4

vendor:netbiter nb100model: - scope:eqversion:*

Trust: 0.4

vendor:netbiter nb200model: - scope:eqversion:*

Trust: 0.4

sources: IVD: 480401ac-2355-11e6-abef-000c29c66e3d // IVD: 7d7b301f-463f-11e9-9040-000c29342cb1 // CERT/CC: VU#114560 // CNVD: CNVD-2011-6677 // JVNDB: JVNDB-2011-001682 // CNNVD: CNNVD-201102-227 // NVD: CVE-2010-4732

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-4732
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#114560
value: 1.68

Trust: 0.8

NVD: CVE-2010-4732
value: HIGH

Trust: 0.8

CNVD: CNVD-2011-6677
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201102-227
value: CRITICAL

Trust: 0.6

IVD: 480401ac-2355-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

IVD: 7d7b301f-463f-11e9-9040-000c29342cb1
value: CRITICAL

Trust: 0.2

VULHUB: VHN-47337
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-4732
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2011-6677
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 480401ac-2355-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 7d7b301f-463f-11e9-9040-000c29342cb1
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-47337
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 480401ac-2355-11e6-abef-000c29c66e3d // IVD: 7d7b301f-463f-11e9-9040-000c29342cb1 // CERT/CC: VU#114560 // CNVD: CNVD-2011-6677 // VULHUB: VHN-47337 // JVNDB: JVNDB-2011-001682 // CNNVD: CNNVD-201102-227 // NVD: CVE-2010-4732

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.9

sources: VULHUB: VHN-47337 // JVNDB: JVNDB-2011-001682 // NVD: CVE-2010-4732

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201102-227

TYPE

Code injection

Trust: 1.0

sources: IVD: 480401ac-2355-11e6-abef-000c29c66e3d // IVD: 7d7b301f-463f-11e9-9040-000c29342cb1 // CNNVD: CNNVD-201102-227

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-001682

PATCH
title:Top Pageurl:http://support.intellicom.se
Trust: 0.8
title:Patch for multiple cSC-bin/read.cgi remote code execution vulnerabilities in WebSCADAurl:https://www.cnvd.org.cn/patchInfo/show/37314
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2011-6677 // 
            
            
            
            JVNDB: JVNDB-2011-001682

EXTERNAL IDS
db:CERT/CCid:VU#114560
Trust: 3.9
db:NVDid:CVE-2010-4732
Trust: 3.5
db:ICS CERTid:ICSA-10-316-01A
Trust: 3.3
db:CNNVDid:CNNVD-201102-227
Trust: 1.1
db:CNVDid:CNVD-2011-6677
Trust: 1.0
db:JVNDBid:JVNDB-2011-001682
Trust: 0.8
db:BUGTRAQid:20101001 [STANKOINFORMZASCHITA-10-01] NETBITER, WEBSCADA MULTIPLE VULNERABILITIES
Trust: 0.6
db:IVDid:480401AC-2355-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:IVDid:7D7B301F-463F-11E9-9040-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-47337
Trust: 0.1
sources:
            
            
            IVD: 480401ac-2355-11e6-abef-000c29c66e3d // 
            
            
            
            IVD: 7d7b301f-463f-11e9-9040-000c29342cb1 // 
            
            
            
            CERT/CC: VU#114560 // 
            
            
            
            CNVD: CNVD-2011-6677 // 
            
            
            
            VULHUB: VHN-47337 // 
            
            
            
            JVNDB: JVNDB-2011-001682 // 
            
            
            
            CNNVD: CNNVD-201102-227 // 
            
            
            
            NVD: CVE-2010-4732

REFERENCES
url:http://www.us-cert.gov/control_systems/pdf/icsa-10-316-01a.pdf
Trust: 3.3
url:http://www.kb.cert.org/vuls/id/114560
Trust: 3.1
url:http://archives.neohapsis.com/archives/bugtraq/2010-10/0002.html
Trust: 2.5
url:http://support.intellicom.se
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4732
Trust: 0.8
url:http://jvn.jp/cert/jvnvu114560
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4732
Trust: 0.8
sources:
            
            
            CERT/CC: VU#114560 // 
            
            
            
            CNVD: CNVD-2011-6677 // 
            
            
            
            VULHUB: VHN-47337 // 
            
            
            
            JVNDB: JVNDB-2011-001682 // 
            
            
            
            CNNVD: CNNVD-201102-227 // 
            
            
            
            NVD: CVE-2010-4732

SOURCES
db:IVDid:480401ac-2355-11e6-abef-000c29c66e3d
db:IVDid:7d7b301f-463f-11e9-9040-000c29342cb1
db:CERT/CCid:VU#114560
db:CNVDid:CNVD-2011-6677
db:VULHUBid:VHN-47337
db:JVNDBid:JVNDB-2011-001682
db:CNNVDid:CNNVD-201102-227
db:NVDid:CVE-2010-4732

LAST UPDATE DATE
2025-04-11T23:05:54.565000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#114560date:2011-02-23T00:00:00
db:CNVDid:CNVD-2011-6677date:2011-02-16T00:00:00
db:VULHUBid:VHN-47337date:2011-02-15T00:00:00
db:JVNDBid:JVNDB-2011-001682date:2011-06-06T00:00:00
db:CNNVDid:CNNVD-201102-227date:2011-02-16T00:00:00
db:NVDid:CVE-2010-4732date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:480401ac-2355-11e6-abef-000c29c66e3ddate:2011-02-16T00:00:00
db:IVDid:7d7b301f-463f-11e9-9040-000c29342cb1date:2011-02-16T00:00:00
db:CERT/CCid:VU#114560date:2011-02-03T00:00:00
db:CNVDid:CNVD-2011-6677date:2011-02-16T00:00:00
db:VULHUBid:VHN-47337date:2011-02-15T00:00:00
db:JVNDBid:JVNDB-2011-001682date:2011-06-06T00:00:00
db:CNNVDid:CNNVD-201102-227date:2011-02-16T00:00:00
db:NVDid:CVE-2010-4732date:2011-02-15T01:00:01.727