Sign-up

ID

VAR-201603-0366


TITLE

Schneider Electric Automation Server Series has multiple vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2016-05106

DESCRIPTION

Schneider Electric Automation Server is a multifunctional automated deployment server from Schneider Electric of France. Schneider Electric Automation Server Series 1.7 and earlier versions have security bypass loopholes, operating system command injection loopholes, and elevation of privilege loopholes. Attackers can use these vulnerabilities to bypass security restrictions and execute arbitrary commands to gain privileges

Trust: 1.08

sources: CNVD: CNVD-2016-05106 // CNNVD: CNNVD-201607-402

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-05106

AFFECTED PRODUCTS

vendor:schneidermodel:electric automation server seriesscope:ltversion:1.7

Trust: 0.6

sources: CNVD: CNVD-2016-05106

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2016-05106
value: HIGH

Trust: 0.6

CNVD: CNVD-2016-05106
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2016-05106

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-402

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201607-402

PATCH

title:Patch for Schneider Electric Automation Server Series has multiple vulnerabilitiesurl:https://www.cnvd.org.cn/patchinfo/show/79400

Trust: 0.6

sources: CNVD: CNVD-2016-05106

EXTERNAL IDS

db:BIDid:84136

Trust: 1.2

db:CNVDid:CNVD-2016-05106

Trust: 0.6

db:CNNVDid:CNNVD-201607-402

Trust: 0.6

sources: CNVD: CNVD-2016-05106 // CNNVD: CNNVD-201607-402

REFERENCES

url:http://www.securityfocus.com/bid/84136

Trust: 1.2

sources: CNVD: CNVD-2016-05106 // CNNVD: CNNVD-201607-402

CREDITS

Karn Ganeshen.

Trust: 0.6

sources: CNNVD: CNNVD-201607-402

SOURCES

db:CNVDid:CNVD-2016-05106
db:CNNVDid:CNNVD-201607-402

LAST UPDATE DATE

2022-05-17T02:09:47.521000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-05106date:2016-07-21T00:00:00
db:CNNVDid:CNNVD-201607-402date:2016-07-15T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2016-05106date:2016-07-21T00:00:00
db:CNNVDid:CNNVD-201607-402date:2016-03-01T00:00:00