Details of VAR-201702-0009

ID

VAR-201702-0009

CVE

CVE-2016-2274

TITLE

Adcon Telemetry A850 Telemetry Gateway Base Station of Web Interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-007659

DESCRIPTION

An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base Station. The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output; this could allow for cross-site scripting. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Attackers can exploit this vulnerability to inject arbitrary JavaScript code, affecting data integrity

Trust: 2.07

sources: NVD: CVE-2016-2274 // JVNDB: JVNDB-2016-007659 // BID: 94781 // VULHUB: VHN-91093 // VULMON: CVE-2016-2274

AFFECTED PRODUCTS

vendor:	adcon telemetry	model:	a850 telemetry gateway	scope:	-	version:	-	Trust: 1.6
vendor:	adcon telemetry	model:	a850 telemetry gateway base station	scope:	eq	version:	-	Trust: 1.6
vendor:	adcon	model:	telemetry a850 telemetry gateway base station	scope:	eq	version:	0	Trust: 0.3

sources: BID: 94781 // JVNDB: JVNDB-2016-007659 // CNNVD: CNNVD-201612-233 // NVD: CVE-2016-2274

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-2274
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-2274
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201612-233
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-91093
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2016-2274
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-2274
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-91093
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-2274
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-91093 // VULMON: CVE-2016-2274 // JVNDB: JVNDB-2016-007659 // CNNVD: CNNVD-201612-233 // NVD: CVE-2016-2274

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-91093 // JVNDB: JVNDB-2016-007659 // NVD: CVE-2016-2274

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-233

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201612-233

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007659

PATCH

title:	A850 Telemetry Gateway	url:	http://www.adcon.com/products/base-stations-283/a850-telemetry-gateway-1497/	Trust: 0.8
title:	Adcon Telemetry A850 Telemetry Gateway Base Station Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66270	Trust: 0.6

sources: JVNDB: JVNDB-2016-007659 // CNNVD: CNNVD-201612-233

EXTERNAL IDS

db:	NVD	id:	CVE-2016-2274	Trust: 2.9
db:	ICS CERT	id:	ICSA-16-343-03	Trust: 2.9
db:	BID	id:	94781	Trust: 1.5
db:	JVNDB	id:	JVNDB-2016-007659	Trust: 0.8
db:	CNNVD	id:	CNNVD-201612-233	Trust: 0.7
db:	VULHUB	id:	VHN-91093	Trust: 0.1
db:	VULMON	id:	CVE-2016-2274	Trust: 0.1

sources: VULHUB: VHN-91093 // VULMON: CVE-2016-2274 // BID: 94781 // JVNDB: JVNDB-2016-007659 // CNNVD: CNNVD-201612-233 // NVD: CVE-2016-2274

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-343-03	Trust: 2.9
url:	http://www.securityfocus.com/bid/94781	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2274	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2274	Trust: 0.8
url:	http://www.adcon.at/index.php?option=com_content&view=article&id=75:a850-telemetry-gateway&catid=8&itemid=196&lang=en	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-91093 // VULMON: CVE-2016-2274 // BID: 94781 // JVNDB: JVNDB-2016-007659 // CNNVD: CNNVD-201612-233 // NVD: CVE-2016-2274

CREDITS

Aditya K. Sood

Trust: 0.3

sources: BID: 94781

SOURCES

db:	VULHUB	id:	VHN-91093
db:	VULMON	id:	CVE-2016-2274
db:	BID	id:	94781
db:	JVNDB	id:	JVNDB-2016-007659
db:	CNNVD	id:	CNNVD-201612-233
db:	NVD	id:	CVE-2016-2274

LAST UPDATE DATE

2025-04-20T23:38:37.875000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-91093	date:	2017-02-17T00:00:00
db:	VULMON	id:	CVE-2016-2274	date:	2017-02-17T00:00:00
db:	BID	id:	94781	date:	2016-12-20T01:08:00
db:	JVNDB	id:	JVNDB-2016-007659	date:	2017-03-09T00:00:00
db:	CNNVD	id:	CNNVD-201612-233	date:	2016-12-09T00:00:00
db:	NVD	id:	CVE-2016-2274	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-91093	date:	2017-02-13T00:00:00
db:	VULMON	id:	CVE-2016-2274	date:	2017-02-13T00:00:00
db:	BID	id:	94781	date:	2016-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2016-007659	date:	2017-03-09T00:00:00
db:	CNNVD	id:	CNNVD-201612-233	date:	2016-12-09T00:00:00
db:	NVD	id:	CVE-2016-2274	date:	2017-02-13T21:59:00.157