Sign-up

ID

VAR-201102-0174


CVE

CVE-2010-4733


TITLE

WebSCADA Multiple Product Weak Password Vulnerabilities

Trust: 1.6

sources: IVD: 4869abe2-2355-11e6-abef-000c29c66e3d // IVD: 7d7b301e-463f-11e9-bb33-000c29342cb1 // CNVD: CNVD-2011-6676 // CNNVD: CNNVD-201102-228

DESCRIPTION

WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms have a default username and password, which makes it easier for remote attackers to obtain superadmin access via the web interface, a different vulnerability than CVE-2009-4463. IntelliCom NetBiter NB100 and NB200 There are multiple vulnerabilities in products that run on the platform, including directory traversal. Other NB100 and NB200 Products that run on the platform may also be affected.By a third party with access to the product, superadmin Authority (Netbiter Top-level permissions ) By acquiring, system files and configuration files may be browsed. In addition, an arbitrary command may be executed by uploading malicious code. A remote attacker can gain access to the super administrator through the web interface

Trust: 3.33

sources: NVD: CVE-2010-4733 // CERT/CC: VU#114560 // JVNDB: JVNDB-2011-001155 // CNVD: CNVD-2011-6676 // IVD: 4869abe2-2355-11e6-abef-000c29c66e3d // IVD: 7d7b301e-463f-11e9-bb33-000c29342cb1 // VULHUB: VHN-47338

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 4869abe2-2355-11e6-abef-000c29c66e3d // IVD: 7d7b301e-463f-11e9-bb33-000c29342cb1 // CNVD: CNVD-2011-6676

AFFECTED PRODUCTS

vendor:intellicommodel:netbiter serial ethernet server ss100scope:eqversion:*

Trust: 1.0

vendor:intellicommodel:netbiter webscada ws100scope:eqversion:*

Trust: 1.0

vendor:intellicommodel:netbiter easyconnect ec150scope:eqversion:*

Trust: 1.0

vendor:intellicommodel:netbiter nb100scope:eqversion:*

Trust: 1.0

vendor:intellicommodel:netbiter modbus rtu-tcp gateway mb100scope:eqversion:*

Trust: 1.0

vendor:intellicommodel:netbiter nb200scope:eqversion:*

Trust: 1.0

vendor:intellicommodel:netbiter webscada ws200scope:eqversion:*

Trust: 1.0

vendor:intellicom innovation abmodel: - scope: - version: -

Trust: 0.8

vendor:intellicom innovation abmodel:netbiter easy connect ec150scope: - version: -

Trust: 0.8

vendor:intellicom innovation abmodel:netbiter modbus rtu - tcp gateway mb100scope: - version: -

Trust: 0.8

vendor:intellicom innovation abmodel:netbiter serial ethernet server ss100scope: - version: -

Trust: 0.8

vendor:intellicom innovation abmodel:netbiter webscada ws100scope: - version: -

Trust: 0.8

vendor:intellicom innovation abmodel:netbiter webscada ws200scope: - version: -

Trust: 0.8

vendor:webscadamodel:ws200scope: - version: -

Trust: 0.6

vendor:webscadamodel:ws100scope: - version: -

Trust: 0.6

vendor:intellicommodel:netbiter webscada ws200scope: - version: -

Trust: 0.6

vendor:intellicommodel:netbiter easyconnect ec150scope: - version: -

Trust: 0.6

vendor:intellicommodel:netbiter serial ethernet server ss100scope: - version: -

Trust: 0.6

vendor:intellicommodel:netbiter modbus rtu-tcp gateway mb100scope: - version: -

Trust: 0.6

vendor:intellicommodel:netbiter webscada ws100scope: - version: -

Trust: 0.6

vendor:netbiter easyconnect ec150model: - scope:eqversion:*

Trust: 0.4

vendor:netbiter modbus rtu tcp gateway mb100model: - scope:eqversion:*

Trust: 0.4

vendor:netbiter serial ethernet server ss100model: - scope:eqversion:*

Trust: 0.4

vendor:netbiter webscada ws100model: - scope:eqversion:*

Trust: 0.4

vendor:netbiter webscada ws200model: - scope:eqversion:*

Trust: 0.4

vendor:netbiter nb100model: - scope:eqversion:*

Trust: 0.4

vendor:netbiter nb200model: - scope:eqversion:*

Trust: 0.4

sources: IVD: 4869abe2-2355-11e6-abef-000c29c66e3d // IVD: 7d7b301e-463f-11e9-bb33-000c29342cb1 // CERT/CC: VU#114560 // CNVD: CNVD-2011-6676 // JVNDB: JVNDB-2011-001155 // CNNVD: CNNVD-201102-228 // NVD: CVE-2010-4733

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-4733
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#114560
value: 1.68

Trust: 0.8

NVD: CVE-2010-4733
value: HIGH

Trust: 0.8

CNVD: CNVD-2011-6676
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201102-228
value: CRITICAL

Trust: 0.6

IVD: 4869abe2-2355-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

IVD: 7d7b301e-463f-11e9-bb33-000c29342cb1
value: CRITICAL

Trust: 0.2

VULHUB: VHN-47338
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-4733
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2011-6676
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 4869abe2-2355-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 7d7b301e-463f-11e9-bb33-000c29342cb1
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-47338
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 4869abe2-2355-11e6-abef-000c29c66e3d // IVD: 7d7b301e-463f-11e9-bb33-000c29342cb1 // CERT/CC: VU#114560 // CNVD: CNVD-2011-6676 // VULHUB: VHN-47338 // JVNDB: JVNDB-2011-001155 // CNNVD: CNNVD-201102-228 // NVD: CVE-2010-4733

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-47338 // JVNDB: JVNDB-2011-001155 // NVD: CVE-2010-4733

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201102-228

TYPE

Trust management

Trust: 1.0

sources: IVD: 4869abe2-2355-11e6-abef-000c29c66e3d // IVD: 7d7b301e-463f-11e9-bb33-000c29342cb1 // CNNVD: CNNVD-201102-228

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-001155

PATCH
title:Netbiter webSCADA WS100 - Supporturl:http://support.intellicom.se/dynpage.cfm?FPID=85&CatID=93&SubCatID=297
Trust: 0.8
title:Intellicom Innovation AB - SUPPORTurl:http://support.intellicom.se
Trust: 0.8
title:WebSCADA patch for multiple product weak password vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/37313
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2011-6676 // 
            
            
            
            JVNDB: JVNDB-2011-001155

EXTERNAL IDS
db:NVDid:CVE-2010-4733
Trust: 3.5
db:ICS CERTid:ICSA-10-316-01A
Trust: 3.3
db:CERT/CCid:VU#114560
Trust: 1.6
db:CNNVDid:CNNVD-201102-228
Trust: 1.1
db:CNVDid:CNVD-2011-6676
Trust: 1.0
db:JVNDBid:JVNDB-2011-001155
Trust: 0.8
db:BUGTRAQid:20101001 [STANKOINFORMZASCHITA-10-01] NETBITER, WEBSCADA MULTIPLE VULNERABILITIES
Trust: 0.6
db:IVDid:4869ABE2-2355-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:IVDid:7D7B301E-463F-11E9-BB33-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-47338
Trust: 0.1
sources:
            
            
            IVD: 4869abe2-2355-11e6-abef-000c29c66e3d // 
            
            
            
            IVD: 7d7b301e-463f-11e9-bb33-000c29342cb1 // 
            
            
            
            CERT/CC: VU#114560 // 
            
            
            
            CNVD: CNVD-2011-6676 // 
            
            
            
            VULHUB: VHN-47338 // 
            
            
            
            JVNDB: JVNDB-2011-001155 // 
            
            
            
            CNNVD: CNNVD-201102-228 // 
            
            
            
            NVD: CVE-2010-4733

REFERENCES
url:http://www.us-cert.gov/control_systems/pdf/icsa-10-316-01a.pdf
Trust: 3.3
url:http://archives.neohapsis.com/archives/bugtraq/2010-10/0002.html
Trust: 2.5
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4733
Trust: 1.4
url:http://support.intellicom.se
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4733
Trust: 0.8
url:http://jvn.jp/cert/jvnvu114560
Trust: 0.8
url:http://www.kb.cert.org/vuls/id/114560
Trust: 0.8
sources:
            
            
            CERT/CC: VU#114560 // 
            
            
            
            CNVD: CNVD-2011-6676 // 
            
            
            
            VULHUB: VHN-47338 // 
            
            
            
            JVNDB: JVNDB-2011-001155 // 
            
            
            
            CNNVD: CNNVD-201102-228 // 
            
            
            
            NVD: CVE-2010-4733

SOURCES
db:IVDid:4869abe2-2355-11e6-abef-000c29c66e3d
db:IVDid:7d7b301e-463f-11e9-bb33-000c29342cb1
db:CERT/CCid:VU#114560
db:CNVDid:CNVD-2011-6676
db:VULHUBid:VHN-47338
db:JVNDBid:JVNDB-2011-001155
db:CNNVDid:CNNVD-201102-228
db:NVDid:CVE-2010-4733

LAST UPDATE DATE
2025-04-11T23:05:54.523000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#114560date:2011-02-23T00:00:00
db:CNVDid:CNVD-2011-6676date:2011-02-16T00:00:00
db:VULHUBid:VHN-47338date:2011-02-15T00:00:00
db:JVNDBid:JVNDB-2011-001155date:2011-03-04T00:00:00
db:CNNVDid:CNNVD-201102-228date:2011-02-16T00:00:00
db:NVDid:CVE-2010-4733date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:4869abe2-2355-11e6-abef-000c29c66e3ddate:2011-02-16T00:00:00
db:IVDid:7d7b301e-463f-11e9-bb33-000c29342cb1date:2011-02-16T00:00:00
db:CERT/CCid:VU#114560date:2011-02-03T00:00:00
db:CNVDid:CNVD-2011-6676date:2011-02-16T00:00:00
db:VULHUBid:VHN-47338date:2011-02-15T00:00:00
db:JVNDBid:JVNDB-2011-001155date:2011-03-04T00:00:00
db:CNNVDid:CNNVD-201102-228date:2011-02-16T00:00:00
db:NVDid:CVE-2010-4733date:2011-02-15T01:00:01.853