Details of VAR-201410-1180

ID

VAR-201410-1180

CVE

CVE-2014-8329

TITLE

Schrack Emergency Lights System Multiple Security Vulnerabilities

Trust: 0.9

sources: BID: 68484 // CNNVD: CNNVD-201407-300

DESCRIPTION

Schrack Technik microControl with firmware before 1.7.0 (937) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain access data for the ftp and telnet services via a direct request for ZTPUsrDtls.txt. Schrack Emergency Lights System is a set of emergency lighting system of Austria Schrack company. The system includes self-contained emergency luminaires, low power systems (LPS), and more. Schrack Emergency Lights System versions prior to 1.7.0 (937) have the following security vulnerabilities: 1. Insecure default password vulnerability 2. Authentication bypass vulnerability 3. HTML injection vulnerability 4. Information disclosure vulnerability. Attackers can use these vulnerabilities to bypass authentication mechanisms, perform unauthorized operations, obtain sensitive information, and execute arbitrary script code in the context of affected browsers. Steal cookie-based authentication. Multiple HTML-injection vulnerabilities 4. Schrack Technik microControl is a distributed power supply system (low power consumption system) of Schrack Technik Company in Austria

Trust: 2.52

sources: NVD: CVE-2014-8329 // JVNDB: JVNDB-2014-005017 // CNNVD: CNNVD-201407-300 // BID: 68484 // VULHUB: VHN-76274

AFFECTED PRODUCTS

vendor:	schrack	model:	technik microcontrol	scope:	lte	version:	1.7.0	Trust: 1.8
vendor:	schrack	model:	technik microcontrol	scope:	eq	version:	-	Trust: 1.0
vendor:	schrack	model:	technik microcontrol	scope:	-	version:	-	Trust: 0.8
vendor:	schrack	model:	technik microcontrol	scope:	eq	version:	1.7.0	Trust: 0.6

sources: JVNDB: JVNDB-2014-005017 // CNNVD: CNNVD-201410-985 // NVD: CVE-2014-8329

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-8329
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-8329
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201410-985
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-76274
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-8329
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-76274
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-76274 // JVNDB: JVNDB-2014-005017 // CNNVD: CNNVD-201410-985 // NVD: CVE-2014-8329

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-76274 // JVNDB: JVNDB-2014-005017 // NVD: CVE-2014-8329

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201410-985 // CNNVD: CNNVD-201407-300

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201410-985

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-005017

PATCH

title:

Sicherheitsbeleuchtung

url:

http://www.schrack.at/shop/sicherheitsbeleuchtung.html

Trust: 0.8

sources: JVNDB: JVNDB-2014-005017

EXTERNAL IDS

db:	NVD	id:	CVE-2014-8329	Trust: 2.8
db:	BID	id:	68484	Trust: 0.9
db:	JVNDB	id:	JVNDB-2014-005017	Trust: 0.8
db:	CNNVD	id:	CNNVD-201410-985	Trust: 0.7
db:	CNNVD	id:	CNNVD-201407-300	Trust: 0.6
db:	VULHUB	id:	VHN-76274	Trust: 0.1

sources: VULHUB: VHN-76274 // BID: 68484 // JVNDB: JVNDB-2014-005017 // CNNVD: CNNVD-201410-985 // CNNVD: CNNVD-201407-300 // NVD: CVE-2014-8329

REFERENCES

url:	http://seclists.org/fulldisclosure/2014/jul/40	Trust: 2.5
url:	https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140710-2_schrack_technik_microcontrol_multiple_critical_vulnerabilities_v10.txt	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8329	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8329	Trust: 0.8
url:	http://www.securityfocus.com/bid/68484	Trust: 0.6

sources: VULHUB: VHN-76274 // JVNDB: JVNDB-2014-005017 // CNNVD: CNNVD-201410-985 // CNNVD: CNNVD-201407-300 // NVD: CVE-2014-8329

CREDITS

C. Kudera

Trust: 0.9

sources: BID: 68484 // CNNVD: CNNVD-201407-300

SOURCES

db:	VULHUB	id:	VHN-76274
db:	BID	id:	68484
db:	JVNDB	id:	JVNDB-2014-005017
db:	CNNVD	id:	CNNVD-201410-985
db:	CNNVD	id:	CNNVD-201407-300
db:	NVD	id:	CVE-2014-8329

LAST UPDATE DATE

2025-04-13T23:10:08.355000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-76274	date:	2014-10-23T00:00:00
db:	BID	id:	68484	date:	2014-10-21T16:00:00
db:	JVNDB	id:	JVNDB-2014-005017	date:	2014-10-27T00:00:00
db:	CNNVD	id:	CNNVD-201410-985	date:	2014-10-24T00:00:00
db:	CNNVD	id:	CNNVD-201407-300	date:	2014-07-14T00:00:00
db:	NVD	id:	CVE-2014-8329	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-76274	date:	2014-10-20T00:00:00
db:	BID	id:	68484	date:	2014-07-10T00:00:00
db:	JVNDB	id:	JVNDB-2014-005017	date:	2014-10-27T00:00:00
db:	CNNVD	id:	CNNVD-201410-985	date:	2014-10-22T00:00:00
db:	CNNVD	id:	CNNVD-201407-300	date:	2014-07-14T00:00:00
db:	NVD	id:	CVE-2014-8329	date:	2014-10-20T15:55:05.010