Sign-up

ID

VAR-201304-0443


TITLE

Clorius Controls ICS SCADA Information Disclosure Vulnerability

Trust: 1.7

sources: IVD: 9e4cb01c-1f2d-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02636 // BID: 58800 // CNNVD: CNNVD-201304-122

DESCRIPTION

Clorius Controls ICS SCADA fails to properly restrict access to the /html/info.html URL, allowing remote attackers to exploit the vulnerability to directly submit requests for internal IP addresses, MAC addresses, and firmware version information. Clorius Controls ICS SCADA is an industrial control system software. An information disclosure vulnerability exists in Clorius Controls ICS SCADA. Attackers use this vulnerability to gain potentially sensitive information

Trust: 1.53

sources: CNVD: CNVD-2013-02636 // CNNVD: CNNVD-201304-122 // BID: 58800 // IVD: 9e4cb01c-1f2d-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 9e4cb01c-1f2d-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02636

AFFECTED PRODUCTS

vendor:cloriusmodel:controls a/s ics scadascope:eqversion:00.00.0095

Trust: 1.1

vendor:cloriusmodel:controls a/s ics scadascope:eqversion:00.00.0110

Trust: 0.9

vendor:cloriusmodel:controls a/s ics scadascope:eqversion:00.00.0110*

Trust: 0.2

sources: IVD: 9e4cb01c-1f2d-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02636 // BID: 58800

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2013-02636
value: MEDIUM

Trust: 0.6

IVD: 9e4cb01c-1f2d-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

CNVD: CNVD-2013-02636
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 9e4cb01c-1f2d-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 9e4cb01c-1f2d-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02636

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-122

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201304-122

EXTERNAL IDS

db:BIDid:58800

Trust: 1.5

db:ICS CERT ALERTid:ICS-ALERT-13-091-02

Trust: 0.9

db:CNVDid:CNVD-2013-02636

Trust: 0.8

db:CNNVDid:CNNVD-201304-122

Trust: 0.6

db:IVDid:9E4CB01C-1F2D-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 9e4cb01c-1f2d-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02636 // BID: 58800 // CNNVD: CNNVD-201304-122

REFERENCES

url:http://ics-cert.us-cert.gov/pdf/ics-alert-13-091-02.pdf

Trust: 0.9

url:http://dariusfreamon.wordpress.com/2013/03/11/two-minor-vulnerabilities-in-clorius-controls-ics-scada/

Trust: 0.9

url:http://www.securityfocus.com/bid/58800

Trust: 0.6

url:http://www.cloriuscontrols.com/

Trust: 0.3

sources: CNVD: CNVD-2013-02636 // BID: 58800 // CNNVD: CNNVD-201304-122

CREDITS

Darius Freamon

Trust: 0.9

sources: BID: 58800 // CNNVD: CNNVD-201304-122

SOURCES

db:IVDid:9e4cb01c-1f2d-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-02636
db:BIDid:58800
db:CNNVDid:CNNVD-201304-122

LAST UPDATE DATE

2022-05-17T02:10:40.314000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-02636date:2013-04-07T00:00:00
db:BIDid:58800date:2013-04-01T00:00:00
db:CNNVDid:CNNVD-201304-122date:2013-04-12T00:00:00

SOURCES RELEASE DATE

db:IVDid:9e4cb01c-1f2d-11e6-abef-000c29c66e3ddate:2013-04-07T00:00:00
db:CNVDid:CNVD-2013-02636date:2013-04-07T00:00:00
db:BIDid:58800date:2013-04-01T00:00:00
db:CNNVDid:CNNVD-201304-122date:2013-04-12T00:00:00