Details of VAR-201208-0748

ID

VAR-201208-0748

TITLE

SPECVIEW Directory Traversal Vulnerability

Trust: 0.8

sources: IVD: 4c335ba2-1f5d-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-4098

DESCRIPTION

SPECVIEW is a SCADA/HMI product. The WEB server included in SPECVIEW fails to properly filter the specially requested requests submitted by the user. The attacker can exploit the vulnerability for directory traversal attacks and view the contents of the system files with WEB permissions

Trust: 0.72

sources: CNVD: CNVD-2012-4098 // IVD: 4c335ba2-1f5d-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 4c335ba2-1f5d-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-4098

AFFECTED PRODUCTS

vendor:	specview	model:	specview	scope:	-	version:	-	Trust: 0.6
vendor:	specview	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	specview	model:	null	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 4c335ba2-1f5d-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-4098

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD:	4c335ba2-1f5d-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

IVD:	4c335ba2-1f5d-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2

sources: IVD: 4c335ba2-1f5d-11e6-abef-000c29c66e3d

TYPE

Path traversal

Trust: 0.2

sources: IVD: 4c335ba2-1f5d-11e6-abef-000c29c66e3d

EXTERNAL IDS

db:	CNVD	id:	CNVD-2012-4098	Trust: 0.8
db:	ICS CERT ALERT	id:	ICS-ALERT-12-214-01	Trust: 0.6
db:	IVD	id:	4C335BA2-1F5D-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 4c335ba2-1f5d-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-4098

REFERENCES

url:

http://www.us-cert.gov/control_systems/pdf/ics-alert-12-214-01.pdf

Trust: 0.6

sources: CNVD: CNVD-2012-4098

SOURCES

db:	IVD	id:	4c335ba2-1f5d-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2012-4098

LAST UPDATE DATE

2022-05-17T02:10:42.163000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2012-4098

date:

2012-08-07T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	4c335ba2-1f5d-11e6-abef-000c29c66e3d	date:	2012-08-07T00:00:00
db:	CNVD	id:	CNVD-2012-4098	date:	2012-08-07T00:00:00