Details of VAR-201102-0197

ID

VAR-201102-0197

CVE

CVE-2010-4730

TITLE

WebSCADA Multiple products cgi-bin/read.cgi Directory Traversal Vulnerability

Trust: 1.6

sources: IVD: 7d7b090f-463f-11e9-91e5-000c29342cb1 // IVD: 47bc253a-2355-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-6679 // CNNVD: CNNVD-201102-225

DESCRIPTION

Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the page parameter, a different vulnerability than CVE-2009-4463. IntelliCom NetBiter NB100 and NB200 Multiple running on the platform IntelliCom Product cgi-bin/read.cgi Contains a directory traversal vulnerability

Trust: 3.33

sources: NVD: CVE-2010-4730 // CERT/CC: VU#114560 // JVNDB: JVNDB-2011-001681 // CNVD: CNVD-2011-6679 // IVD: 7d7b090f-463f-11e9-91e5-000c29342cb1 // IVD: 47bc253a-2355-11e6-abef-000c29c66e3d // VULHUB: VHN-47335

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 7d7b090f-463f-11e9-91e5-000c29342cb1 // IVD: 47bc253a-2355-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-6679

AFFECTED PRODUCTS

vendor:	intellicom	model:	netbiter serial ethernet server ss100	scope:	eq	version:	*	Trust: 1.0
vendor:	intellicom	model:	netbiter webscada ws100	scope:	eq	version:	*	Trust: 1.0
vendor:	intellicom	model:	netbiter easyconnect ec150	scope:	eq	version:	*	Trust: 1.0
vendor:	intellicom	model:	netbiter nb100	scope:	eq	version:	*	Trust: 1.0
vendor:	intellicom	model:	netbiter modbus rtu-tcp gateway mb100	scope:	eq	version:	*	Trust: 1.0
vendor:	intellicom	model:	netbiter nb200	scope:	eq	version:	*	Trust: 1.0
vendor:	intellicom	model:	netbiter webscada ws200	scope:	eq	version:	*	Trust: 1.0
vendor:	intellicom innovation ab	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	intellicom innovation ab	model:	netbiter easy connect ec150	scope:	-	version:	-	Trust: 0.8
vendor:	intellicom innovation ab	model:	netbiter modbus rtu - tcp gateway mb100	scope:	-	version:	-	Trust: 0.8
vendor:	intellicom innovation ab	model:	netbiter serial ethernet server ss100	scope:	-	version:	-	Trust: 0.8
vendor:	intellicom innovation ab	model:	netbiter webscada ws100	scope:	-	version:	-	Trust: 0.8
vendor:	intellicom innovation ab	model:	netbiter webscada ws200	scope:	-	version:	-	Trust: 0.8
vendor:	intellicom	model:	netbiter nb200	scope:	-	version:	-	Trust: 0.6
vendor:	intellicom	model:	netbiter webscada ws200	scope:	-	version:	-	Trust: 0.6
vendor:	intellicom	model:	netbiter easyconnect ec150	scope:	-	version:	-	Trust: 0.6
vendor:	intellicom	model:	netbiter serial ethernet server ss100	scope:	-	version:	-	Trust: 0.6
vendor:	intellicom	model:	netbiter modbus rtu-tcp gateway mb100	scope:	-	version:	-	Trust: 0.6
vendor:	intellicom	model:	netbiter webscada ws100	scope:	-	version:	-	Trust: 0.6
vendor:	netbiter easyconnect ec150	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	netbiter modbus rtu tcp gateway mb100	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	netbiter serial ethernet server ss100	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	netbiter webscada ws100	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	netbiter webscada ws200	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	netbiter nb100	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	netbiter nb200	model:	-	scope:	eq	version:	*	Trust: 0.4

sources: IVD: 7d7b090f-463f-11e9-91e5-000c29342cb1 // IVD: 47bc253a-2355-11e6-abef-000c29c66e3d // CERT/CC: VU#114560 // CNVD: CNVD-2011-6679 // JVNDB: JVNDB-2011-001681 // CNNVD: CNNVD-201102-225 // NVD: CVE-2010-4730

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-4730
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#114560
value:	1.68
Trust: 0.8
NVD:	CVE-2010-4730
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2011-6679
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201102-225
value:	MEDIUM
Trust: 0.6
IVD:	7d7b090f-463f-11e9-91e5-000c29342cb1
value:	MEDIUM
Trust: 0.2
IVD:	47bc253a-2355-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-47335
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-4730
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2011-6679
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7d7b090f-463f-11e9-91e5-000c29342cb1
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	47bc253a-2355-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-47335
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 7d7b090f-463f-11e9-91e5-000c29342cb1 // IVD: 47bc253a-2355-11e6-abef-000c29c66e3d // CERT/CC: VU#114560 // CNVD: CNVD-2011-6679 // VULHUB: VHN-47335 // JVNDB: JVNDB-2011-001681 // CNNVD: CNNVD-201102-225 // NVD: CVE-2010-4730

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-47335 // JVNDB: JVNDB-2011-001681 // NVD: CVE-2010-4730

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201102-225

TYPE

Path traversal

Trust: 1.0

sources: IVD: 7d7b090f-463f-11e9-91e5-000c29342cb1 // IVD: 47bc253a-2355-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201102-225

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-001681

PATCH

title:	Top Page	url:	http://support.intellicom.se	Trust: 0.8
title:	WebSCADA multiple products cgi-bin/read.cgi directory traversal vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/36987	Trust: 0.6

sources: CNVD: CNVD-2011-6679 // JVNDB: JVNDB-2011-001681

EXTERNAL IDS

db:	NVD	id:	CVE-2010-4730	Trust: 3.5
db:	ICS CERT	id:	ICSA-10-316-01A	Trust: 3.3
db:	CERT/CC	id:	VU#114560	Trust: 3.3
db:	CNNVD	id:	CNNVD-201102-225	Trust: 1.1
db:	CNVD	id:	CNVD-2011-6679	Trust: 1.0
db:	JVNDB	id:	JVNDB-2011-001681	Trust: 0.8
db:	BUGTRAQ	id:	20101001 [STANKOINFORMZASCHITA-10-01] NETBITER, WEBSCADA MULTIPLE VULNERABILITIES	Trust: 0.6
db:	IVD	id:	7D7B090F-463F-11E9-91E5-000C29342CB1	Trust: 0.2
db:	IVD	id:	47BC253A-2355-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-47335	Trust: 0.1

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/icsa-10-316-01a.pdf	Trust: 3.3
url:	http://archives.neohapsis.com/archives/bugtraq/2010-10/0002.html	Trust: 2.5
url:	http://www.kb.cert.org/vuls/id/114560	Trust: 2.5
url:	http://support.intellicom.se	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4730	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu114560	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4730	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/search-results?query=cve-2010-4730	Trust: 0.6

sources: CERT/CC: VU#114560 // CNVD: CNVD-2011-6679 // VULHUB: VHN-47335 // JVNDB: JVNDB-2011-001681 // CNNVD: CNNVD-201102-225 // NVD: CVE-2010-4730

SOURCES

db:	IVD	id:	7d7b090f-463f-11e9-91e5-000c29342cb1
db:	IVD	id:	47bc253a-2355-11e6-abef-000c29c66e3d
db:	CERT/CC	id:	VU#114560
db:	CNVD	id:	CNVD-2011-6679
db:	VULHUB	id:	VHN-47335
db:	JVNDB	id:	JVNDB-2011-001681
db:	CNNVD	id:	CNNVD-201102-225
db:	NVD	id:	CVE-2010-4730

LAST UPDATE DATE

2025-04-11T23:05:54.608000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#114560	date:	2011-02-23T00:00:00
db:	CNVD	id:	CNVD-2011-6679	date:	2011-02-16T00:00:00
db:	VULHUB	id:	VHN-47335	date:	2011-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2011-001681	date:	2011-06-06T00:00:00
db:	CNNVD	id:	CNNVD-201102-225	date:	2011-02-16T00:00:00
db:	NVD	id:	CVE-2010-4730	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	IVD	id:	7d7b090f-463f-11e9-91e5-000c29342cb1	date:	2011-02-16T00:00:00
db:	IVD	id:	47bc253a-2355-11e6-abef-000c29c66e3d	date:	2011-02-16T00:00:00
db:	CERT/CC	id:	VU#114560	date:	2011-02-03T00:00:00
db:	CNVD	id:	CNVD-2011-6679	date:	2011-02-16T00:00:00
db:	VULHUB	id:	VHN-47335	date:	2011-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2011-001681	date:	2011-06-06T00:00:00
db:	CNNVD	id:	CNNVD-201102-225	date:	2011-02-16T00:00:00
db:	NVD	id:	CVE-2010-4730	date:	2011-02-15T01:00:01.477