Details of VAR-201905-0056

ID

VAR-201905-0056

CVE

CVE-2019-9106

TITLE

SAET Impianti Speciali TEBE Small Device and WebApp Path traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004977

DESCRIPTION

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php. SAET Impianti Speciali TEBE Small Device and WebApp Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SAET Impianti Speciali TEBE Small is a set of physical access control system of Italy SAET company. WebApp is one of the web-based management programs. A security vulnerability exists in WebApp v04.68 in SAET Impianti Speciali TEBE Small 05.01 build 1137

Trust: 1.8

sources: NVD: CVE-2019-9106 // JVNDB: JVNDB-2019-004977 // VULHUB: VHN-160541 // VULMON: CVE-2019-9106

AFFECTED PRODUCTS

vendor:	saet	model:	webapp	scope:	eq	version:	04.68	Trust: 1.8
vendor:	saet	model:	tebe small	scope:	eq	version:	05.01	Trust: 1.0
vendor:	saet	model:	tebe small	scope:	eq	version:	05.01 build 1137	Trust: 0.8

sources: JVNDB: JVNDB-2019-004977 // NVD: CVE-2019-9106

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-9106
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-9106
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201905-1231
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-160541
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-9106
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-9106
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-160541
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-9106
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-160541 // VULMON: CVE-2019-9106 // JVNDB: JVNDB-2019-004977 // CNNVD: CNNVD-201905-1231 // NVD: CVE-2019-9106

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-160541 // JVNDB: JVNDB-2019-004977 // NVD: CVE-2019-9106

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-1231

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201905-1231

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004977

PATCH

title:

TEBE CRESCE E SI FA PICCOLA

url:

https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf

Trust: 0.8

sources: JVNDB: JVNDB-2019-004977

EXTERNAL IDS

db:	NVD	id:	CVE-2019-9106	Trust: 2.6
db:	JVNDB	id:	JVNDB-2019-004977	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-1231	Trust: 0.7
db:	VULHUB	id:	VHN-160541	Trust: 0.1
db:	VULMON	id:	CVE-2019-9106	Trust: 0.1

sources: VULHUB: VHN-160541 // VULMON: CVE-2019-9106 // JVNDB: JVNDB-2019-004977 // CNNVD: CNNVD-201905-1231 // NVD: CVE-2019-9106

REFERENCES

url:	https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/	Trust: 2.6
url:	https://www.saet.org/wp-content/uploads/2017/04/depliant_tebe-tebe_small.pdf	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9106	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9106	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-160541 // VULMON: CVE-2019-9106 // JVNDB: JVNDB-2019-004977 // CNNVD: CNNVD-201905-1231 // NVD: CVE-2019-9106

SOURCES

db:	VULHUB	id:	VHN-160541
db:	VULMON	id:	CVE-2019-9106
db:	JVNDB	id:	JVNDB-2019-004977
db:	CNNVD	id:	CNNVD-201905-1231
db:	NVD	id:	CVE-2019-9106

LAST UPDATE DATE

2024-11-23T21:59:58.776000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-160541	date:	2019-06-03T00:00:00
db:	VULMON	id:	CVE-2019-9106	date:	2019-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2019-004977	date:	2019-06-13T00:00:00
db:	CNNVD	id:	CNNVD-201905-1231	date:	2019-06-04T00:00:00
db:	NVD	id:	CVE-2019-9106	date:	2024-11-21T04:50:59.690

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-160541	date:	2019-05-31T00:00:00
db:	VULMON	id:	CVE-2019-9106	date:	2019-05-31T00:00:00
db:	JVNDB	id:	JVNDB-2019-004977	date:	2019-06-13T00:00:00
db:	CNNVD	id:	CNNVD-201905-1231	date:	2019-05-31T00:00:00
db:	NVD	id:	CVE-2019-9106	date:	2019-05-31T22:29:01.410