Sign-up

ID

VAR-201308-0171


CVE

CVE-2013-2802


TITLE

Sixnet Universal Protocol Undocumented Function code remote security bypass vulnerability

Trust: 0.8

sources: IVD: be59298e-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-12528

DESCRIPTION

The universal protocol implementation in Sixnet UDR before 2.0 and RTU firmware before 4.8 allows remote attackers to execute arbitrary code; read, modify, or create files; or obtain file metadata via function opcodes. SIXNET is a long-established manufacturer of industrial automation and industrial Ethernet products. Since 1976, it has provided high quality control systems and industrial network communication products to users all over the world. The Sixnet Universal Protocol has a remote security bypass vulnerability. Both Sixnet UDR and RTU are products of SIXNET in the United States. UDR is a generic driver used in OPC servers. RTU is a data acquisition system suitable for energy metering and environmental monitoring. A security vulnerability exists in common protocol functions in versions prior to Sixnet UDR 2.0 and RTU firmware prior to 4.8

Trust: 2.7

sources: NVD: CVE-2013-2802 // JVNDB: JVNDB-2013-003840 // CNVD: CNVD-2013-12528 // BID: 61837 // IVD: be59298e-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-62804

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: be59298e-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-12528

AFFECTED PRODUCTS

vendor:sixnetmodel:udrscope:ltversion:2.0

Trust: 1.4

vendor:sixnetmodel:udrscope:lteversion:1.9

Trust: 1.0

vendor:sixnetmodel:rtuscope:lteversion:4.7

Trust: 1.0

vendor:sixnetmodel:industrial rtuscope:ltversion:4.8

Trust: 0.8

vendor:sixnetmodel:rtuscope:ltversion:4.8

Trust: 0.6

vendor:sixnetmodel:rtuscope:eqversion:4.7

Trust: 0.6

vendor:sixnetmodel:udrscope:eqversion:1.9

Trust: 0.6

vendor:udrmodel: - scope:eqversion:*

Trust: 0.2

vendor:rtumodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: be59298e-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-12528 // JVNDB: JVNDB-2013-003840 // CNNVD: CNNVD-201308-328 // NVD: CVE-2013-2802

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-2802
value: HIGH

Trust: 1.0

NVD: CVE-2013-2802
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-12528
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201308-328
value: CRITICAL

Trust: 0.6

IVD: be59298e-2352-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-62804
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-2802
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-12528
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: be59298e-2352-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-62804
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: be59298e-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-12528 // VULHUB: VHN-62804 // JVNDB: JVNDB-2013-003840 // CNNVD: CNNVD-201308-328 // NVD: CVE-2013-2802

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.1

sources: VULHUB: VHN-62804 // NVD: CVE-2013-2802

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-328

TYPE

Code injection

Trust: 0.8

sources: IVD: be59298e-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201308-328

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003840

PATCH
title:Top Pageurl:http://www.sixnet.com/index.cfm
Trust: 0.8
title:Sixnet Universal Protocol Undocumented function code remote security bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/39096
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-12528 // 
            
            
            
            JVNDB: JVNDB-2013-003840

EXTERNAL IDS
db:NVDid:CVE-2013-2802
Trust: 3.6
db:ICS CERTid:ICSA-13-231-01
Trust: 3.1
db:BIDid:61837
Trust: 1.0
db:CNVDid:CNVD-2013-12528
Trust: 0.8
db:CNNVDid:CNNVD-201308-328
Trust: 0.8
db:JVNDBid:JVNDB-2013-003840
Trust: 0.8
db:IVDid:BE59298E-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-62804
Trust: 0.1
sources:
            
            
            IVD: be59298e-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-12528 // 
            
            
            
            VULHUB: VHN-62804 // 
            
            
            
            BID: 61837 // 
            
            
            
            JVNDB: JVNDB-2013-003840 // 
            
            
            
            CNNVD: CNNVD-201308-328 // 
            
            
            
            NVD: CVE-2013-2802

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-13-231-01
Trust: 3.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2802
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2802
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2013-12528 // 
            
            
            
            VULHUB: VHN-62804 // 
            
            
            
            JVNDB: JVNDB-2013-003840 // 
            
            
            
            CNNVD: CNNVD-201308-328 // 
            
            
            
            NVD: CVE-2013-2802

CREDITS
Mehdi Sabraoui
Trust: 0.3
sources:
            
            
            BID: 61837

SOURCES
db:IVDid:be59298e-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-12528
db:VULHUBid:VHN-62804
db:BIDid:61837
db:JVNDBid:JVNDB-2013-003840
db:CNNVDid:CNNVD-201308-328
db:NVDid:CVE-2013-2802

LAST UPDATE DATE
2025-04-11T23:18:53.840000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-12528date:2013-08-26T00:00:00
db:VULHUBid:VHN-62804date:2013-08-23T00:00:00
db:BIDid:61837date:2013-08-19T00:00:00
db:JVNDBid:JVNDB-2013-003840date:2013-08-23T00:00:00
db:CNNVDid:CNNVD-201308-328date:2013-09-16T00:00:00
db:NVDid:CVE-2013-2802date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:be59298e-2352-11e6-abef-000c29c66e3ddate:2013-08-23T00:00:00
db:CNVDid:CNVD-2013-12528date:2013-08-23T00:00:00
db:VULHUBid:VHN-62804date:2013-08-21T00:00:00
db:BIDid:61837date:2013-08-19T00:00:00
db:JVNDBid:JVNDB-2013-003840date:2013-08-23T00:00:00
db:CNNVDid:CNNVD-201308-328date:2013-08-23T00:00:00
db:NVDid:CVE-2013-2802date:2013-08-21T21:55:06.040