Details of VAR-201405-0556

ID

VAR-201405-0556

TITLE

ABB UNITROL 1000 Series Commissioning and Maintenance Tool Arbitrary file coverage vulnerability

Trust: 1.6

sources: IVD: 7d714510-463f-11e9-b944-000c29342cb1 // IVD: f46f43b4-1ed9-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02840 // CNNVD: CNNVD-201405-068

DESCRIPTION

ABB UNITROL 1000 series commissioning and maintenance tool ActiveX control is a set of tools for system debugging and maintenance of UNITROL 1000 series equipment by Swiss ABB company. An arbitrary file coverage vulnerability exists in the ABB UNITROL 1000 series commissioning and maintenance tool ActiveX control. An attacker could use this vulnerability to overwrite arbitrary files in the context of a Web page using the control

Trust: 1.71

sources: CNVD: CNVD-2014-02840 // CNNVD: CNNVD-201405-068 // BID: 67206 // IVD: 7d714510-463f-11e9-b944-000c29342cb1 // IVD: f46f43b4-1ed9-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 7d714510-463f-11e9-b944-000c29342cb1 // IVD: f46f43b4-1ed9-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02840

AFFECTED PRODUCTS

vendor:	abb	model:	unitrol series commissioning and maintenance	scope:	eq	version:	10005.x	Trust: 1.0
vendor:	abb	model:	unitrol series commissioning and maintenance	scope:	eq	version:	10004.x	Trust: 0.6
vendor:	abb	model:	unitrol series commissioning and maintenance	scope:	eq	version:	10006.x	Trust: 0.6
vendor:	abb	model:	unitrol series commissioning and maintenance	scope:	eq	version:	10004.x*	Trust: 0.4
vendor:	abb	model:	unitrol series commissioning and maintenance	scope:	eq	version:	10006.x*	Trust: 0.4

sources: IVD: 7d714510-463f-11e9-b944-000c29342cb1 // IVD: f46f43b4-1ed9-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02840

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-02840
value:	MEDIUM
Trust: 0.6
IVD:	7d714510-463f-11e9-b944-000c29342cb1
value:	MEDIUM
Trust: 0.2
IVD:	f46f43b4-1ed9-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2014-02840
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7d714510-463f-11e9-b944-000c29342cb1
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	f46f43b4-1ed9-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 7d714510-463f-11e9-b944-000c29342cb1 // IVD: f46f43b4-1ed9-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02840

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-068

TYPE

Input validation

Trust: 0.8

sources: IVD: f46f43b4-1ed9-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201405-068

PATCH

title:

ABB UNITROL 1000 Series Commissioning and Maintenance Tool patch for any file coverage vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/45394

Trust: 0.6

sources: CNVD: CNVD-2014-02840

EXTERNAL IDS

db:	BID	id:	67206	Trust: 1.5
db:	CNVD	id:	CNVD-2014-02840	Trust: 1.0
db:	CNNVD	id:	CNNVD-201405-068	Trust: 0.6
db:	IVD	id:	7D714510-463F-11E9-B944-000C29342CB1	Trust: 0.2
db:	IVD	id:	F46F43B4-1ED9-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 7d714510-463f-11e9-b944-000c29342cb1 // IVD: f46f43b4-1ed9-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02840 // BID: 67206 // CNNVD: CNNVD-201405-068

REFERENCES

url:	http://www.securelist.com/en/advisories/58443	Trust: 0.6
url:	http://www.securityfocus.com/bid/67206	Trust: 0.6

sources: CNVD: CNVD-2014-02840 // CNNVD: CNNVD-201405-068

CREDITS

ABB

Trust: 0.9

sources: BID: 67206 // CNNVD: CNNVD-201405-068

SOURCES

db:	IVD	id:	7d714510-463f-11e9-b944-000c29342cb1
db:	IVD	id:	f46f43b4-1ed9-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-02840
db:	BID	id:	67206
db:	CNNVD	id:	CNNVD-201405-068

LAST UPDATE DATE

2022-05-17T01:51:10.078000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-02840	date:	2014-05-07T00:00:00
db:	BID	id:	67206	date:	2014-05-05T00:00:00
db:	CNNVD	id:	CNNVD-201405-068	date:	2014-05-07T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	7d714510-463f-11e9-b944-000c29342cb1	date:	2014-05-07T00:00:00
db:	IVD	id:	f46f43b4-1ed9-11e6-abef-000c29c66e3d	date:	2014-05-07T00:00:00
db:	CNVD	id:	CNVD-2014-02840	date:	2014-05-07T00:00:00
db:	BID	id:	67206	date:	2014-05-05T00:00:00
db:	CNNVD	id:	CNNVD-201405-068	date:	2014-05-07T00:00:00