Search criteria
5 vulnerabilities found for SpecView by SpecView
VAR-201301-0096
Vulnerability from variot - Updated: 2023-12-18 14:02Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI. SpecView is a SCADA software. SPECVIEW is a SCADA/HMI product. The WEB server included in SPECVIEW does not properly filter the specially requested requests submitted by users. SpecView is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201301-0096",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "build",
"scope": "lte",
"trust": 1.4,
"vendor": "specview",
"version": "\u003c=2.5853"
},
{
"model": "specview",
"scope": "lte",
"trust": 1.0,
"vendor": "specview",
"version": "2.5"
},
{
"model": "specview",
"scope": "lte",
"trust": 0.8,
"vendor": "specview",
"version": "2.5 build 853"
},
{
"model": "specview",
"scope": "eq",
"trust": 0.6,
"vendor": "specview",
"version": "2.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "specview",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "45954f4e-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "21fe9db6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3475"
},
{
"db": "CNVD",
"id": "CNVD-2013-00456"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001207"
},
{
"db": "NVD",
"id": "CVE-2012-5972"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-553"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:specview:specview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-5972"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "54243"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-553"
}
],
"trust": 0.9
},
"cve": "CVE-2012-5972",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-5972",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.7,
"id": "CNVD-2012-3475",
"impactScore": 0.0,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:S/C:N/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.7,
"id": "45954f4e-1f62-11e6-abef-000c29c66e3d",
"impactScore": 0.0,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:S/C:N/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "21fe9db6-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-5972",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2012-3475",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201206-553",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "45954f4e-1f62-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "IVD",
"id": "21fe9db6-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "45954f4e-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "21fe9db6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3475"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001207"
},
{
"db": "NVD",
"id": "CVE-2012-5972"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-553"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI. SpecView is a SCADA software. SPECVIEW is a SCADA/HMI product. The WEB server included in SPECVIEW does not properly filter the specially requested requests submitted by users. SpecView is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. \nExploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-5972"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001207"
},
{
"db": "CNVD",
"id": "CNVD-2012-3475"
},
{
"db": "CNVD",
"id": "CNVD-2013-00456"
},
{
"db": "BID",
"id": "54243"
},
{
"db": "IVD",
"id": "45954f4e-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "21fe9db6-2353-11e6-abef-000c29c66e3d"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-5972",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-13-011-02",
"trust": 2.4
},
{
"db": "BID",
"id": "54243",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2012-3475",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-00456",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201206-553",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001207",
"trust": 0.8
},
{
"db": "IVD",
"id": "45954F4E-1F62-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "21FE9DB6-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "45954f4e-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "21fe9db6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3475"
},
{
"db": "CNVD",
"id": "CNVD-2013-00456"
},
{
"db": "BID",
"id": "54243"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001207"
},
{
"db": "NVD",
"id": "CVE-2012-5972"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-553"
}
]
},
"id": "VAR-201301-0096",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "45954f4e-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "21fe9db6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3475"
},
{
"db": "CNVD",
"id": "CNVD-2013-00456"
}
],
"trust": 2.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "45954f4e-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "21fe9db6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3475"
},
{
"db": "CNVD",
"id": "CNVD-2013-00456"
}
]
},
"last_update_date": "2023-12-18T14:02:06.385000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.specview.com"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001207"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001207"
},
{
"db": "NVD",
"id": "CVE-2012-5972"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-13-011-02.pdf"
},
{
"trust": 1.6,
"url": "http://aluigi.altervista.org/adv/specview_1-adv.txt"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5972"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5972"
},
{
"trust": 0.6,
"url": "http://aluigi.org/adv/specview_1-adv.txt"
},
{
"trust": 0.6,
"url": "http://aluigi.altervista.org/adv/specview_1-adv.txthttp"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/54243"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3475"
},
{
"db": "CNVD",
"id": "CNVD-2013-00456"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001207"
},
{
"db": "NVD",
"id": "CVE-2012-5972"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-553"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "45954f4e-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "21fe9db6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3475"
},
{
"db": "CNVD",
"id": "CNVD-2013-00456"
},
{
"db": "BID",
"id": "54243"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001207"
},
{
"db": "NVD",
"id": "CVE-2012-5972"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-553"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-07-03T00:00:00",
"db": "IVD",
"id": "45954f4e-1f62-11e6-abef-000c29c66e3d"
},
{
"date": "2013-01-23T00:00:00",
"db": "IVD",
"id": "21fe9db6-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3475"
},
{
"date": "2013-01-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00456"
},
{
"date": "2012-06-29T00:00:00",
"db": "BID",
"id": "54243"
},
{
"date": "2013-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001207"
},
{
"date": "2013-01-17T16:55:02.237000",
"db": "NVD",
"id": "CVE-2012-5972"
},
{
"date": "2012-06-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-553"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3475"
},
{
"date": "2013-05-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00456"
},
{
"date": "2013-01-14T04:10:00",
"db": "BID",
"id": "54243"
},
{
"date": "2013-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001207"
},
{
"date": "2013-01-18T05:00:00",
"db": "NVD",
"id": "CVE-2012-5972"
},
{
"date": "2013-01-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-553"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201206-553"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SpecView Web Server Directory Traversal Vulnerability",
"sources": [
{
"db": "IVD",
"id": "45954f4e-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3475"
},
{
"db": "BID",
"id": "54243"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-553"
}
],
"trust": 1.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "45954f4e-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "21fe9db6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-553"
}
],
"trust": 1.0
}
}
VAR-201208-0748
Vulnerability from variot - Updated: 2022-05-17 02:10SPECVIEW is a SCADA/HMI product. The WEB server included in SPECVIEW fails to properly filter the specially requested requests submitted by the user. The attacker can exploit the vulnerability for directory traversal attacks and view the contents of the system files with WEB permissions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201208-0748",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "specview",
"scope": null,
"trust": 0.6,
"vendor": "specview",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "specview",
"version": "*"
},
{
"model": "null",
"scope": "eq",
"trust": 0.2,
"vendor": "specview",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "4c335ba2-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4098"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "4c335ba2-1f5d-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
}
],
"cvssV3": [],
"severity": [
{
"author": "IVD",
"id": "4c335ba2-1f5d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4c335ba2-1f5d-11e6-abef-000c29c66e3d"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SPECVIEW is a SCADA/HMI product. The WEB server included in SPECVIEW fails to properly filter the specially requested requests submitted by the user. The attacker can exploit the vulnerability for directory traversal attacks and view the contents of the system files with WEB permissions",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4098"
},
{
"db": "IVD",
"id": "4c335ba2-1f5d-11e6-abef-000c29c66e3d"
}
],
"trust": 0.72
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-4098",
"trust": 0.8
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-12-214-01",
"trust": 0.6
},
{
"db": "IVD",
"id": "4C335BA2-1F5D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "4c335ba2-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4098"
}
]
},
"id": "VAR-201208-0748",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "4c335ba2-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4098"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "4c335ba2-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4098"
}
]
},
"last_update_date": "2022-05-17T02:10:42.163000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-12-214-01.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4098"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "4c335ba2-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4098"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-07T00:00:00",
"db": "IVD",
"id": "4c335ba2-1f5d-11e6-abef-000c29c66e3d"
},
{
"date": "2012-08-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4098"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4098"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SPECVIEW Directory Traversal Vulnerability",
"sources": [
{
"db": "IVD",
"id": "4c335ba2-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4098"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "4c335ba2-1f5d-11e6-abef-000c29c66e3d"
}
],
"trust": 0.2
}
}
FKIE_CVE-2012-5972
Vulnerability from fkie_nvd - Published: 2013-01-17 16:55 - Updated: 2025-07-07 20:15
Severity ?
Summary
Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:specview:specview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F754255-4F18-4A86-A430-92EBB188835F",
"versionEndIncluding": "2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el servidor web en SpecView v2.5 build 853 y anteriores permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s de un ... (Dot dot dot) en una URI."
}
],
"id": "CVE-2012-5972",
"lastModified": "2025-07-07T20:15:26.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-17T16:55:02.237",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/specview_1-adv.txt"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://aluigi.altervista.org/adv/specview_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-02.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
CVE-2012-5972 (GCVE-0-2012-5972)
Vulnerability from cvelistv5 – Published: 2013-01-17 16:00 – Updated: 2025-07-07 19:55
VLAI?
Summary
Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Luigi Auriemma identified a directory traversal vulnerability affecting SpecView
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/specview_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-02.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SpecView",
"vendor": "SpecView",
"versions": [
{
"lessThanOrEqual": "2.5 Build 853",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luigi Auriemma identified a directory traversal vulnerability affecting SpecView"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDirectory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI.\u003c/p\u003e"
}
],
"value": "Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T19:55:10.421Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/specview_1-adv.txt"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SpecView recommends users download and install the update from their web site which mitigates the vulnerability.\n\n\u003cbr\u003e"
}
],
"value": "SpecView recommends users download and install the update from their web site which mitigates the vulnerability."
}
],
"source": {
"advisory": "ICSA-13-011-02",
"discovery": "EXTERNAL"
},
"title": "SpecView Directory Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-5972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/specview_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/specview_1-adv.txt"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-02.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-02.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-5972",
"datePublished": "2013-01-17T16:00:00Z",
"dateReserved": "2012-11-21T00:00:00Z",
"dateUpdated": "2025-07-07T19:55:10.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5972 (GCVE-0-2012-5972)
Vulnerability from nvd – Published: 2013-01-17 16:00 – Updated: 2025-07-07 19:55
VLAI?
Summary
Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Luigi Auriemma identified a directory traversal vulnerability affecting SpecView
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/specview_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-02.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SpecView",
"vendor": "SpecView",
"versions": [
{
"lessThanOrEqual": "2.5 Build 853",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luigi Auriemma identified a directory traversal vulnerability affecting SpecView"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDirectory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI.\u003c/p\u003e"
}
],
"value": "Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T19:55:10.421Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/specview_1-adv.txt"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SpecView recommends users download and install the update from their web site which mitigates the vulnerability.\n\n\u003cbr\u003e"
}
],
"value": "SpecView recommends users download and install the update from their web site which mitigates the vulnerability."
}
],
"source": {
"advisory": "ICSA-13-011-02",
"discovery": "EXTERNAL"
},
"title": "SpecView Directory Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-5972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/specview_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/specview_1-adv.txt"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-02.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-02.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-5972",
"datePublished": "2013-01-17T16:00:00Z",
"dateReserved": "2012-11-21T00:00:00Z",
"dateUpdated": "2025-07-07T19:55:10.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}