Search criteria
14 vulnerabilities found for WebCTRL by Automated Logic
CVE-2024-5540 (GCVE-0-2024-5540)
Vulnerability from cvelistv5 – Published: 2025-11-27 01:02 – Updated: 2025-11-28 19:34
VLAI?
Summary
The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in versions older than 8.0 affects login panels allowing a
malicious actor to compromise the client browser
.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Automated Logic | WebCTRL |
Affected:
0 , < 8.0
(custom)
|
||
Credits
Steve Knabe from Praetorian
Inacio Santos
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5540",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T14:41:21.441387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T19:34:17.123Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "WebCTRL",
"vendor": "Automated Logic",
"versions": [
{
"lessThan": "8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "i-Vu",
"vendor": "Carrier",
"versions": [
{
"lessThan": "8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Steve Knabe from Praetorian"
},
{
"lang": "en",
"type": "reporter",
"value": "Inacio Santos"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in versions older than 8.0 affects login panels allowing a \n\nmalicious actor to compromise the client browser\n\n.\u0026nbsp;\u0026nbsp;\u003cbr\u003e"
}
],
"value": "The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in versions older than 8.0 affects login panels allowing a \n\nmalicious actor to compromise the client browser\n\n."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-27T01:02:48.953Z",
"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"shortName": "Carrier"
},
"references": [
{
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to the latest version of ALC WebCTRL or Carrier i-Vu.\u0026nbsp;\u0026nbsp;"
}
],
"value": "Upgrade to the latest version of ALC WebCTRL or Carrier i-Vu."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ALC WebCTRL Carrier i-Vu Reflected Cross-Site Scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"assignerShortName": "Carrier",
"cveId": "CVE-2024-5540",
"datePublished": "2025-11-27T01:02:48.953Z",
"dateReserved": "2024-05-30T17:38:50.120Z",
"dateUpdated": "2025-11-28T19:34:17.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-5539 (GCVE-0-2024-5539)
Vulnerability from cvelistv5 – Published: 2025-11-27 01:02 – Updated: 2025-11-28 19:34
VLAI?
Summary
The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious actor to bypass intended access restrictions and expose sensitive information via the
web based building automation server.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Automated Logic | WebCTRL |
Affected:
0 , ≤ 8.5
(custom)
|
||
Credits
Steve Knabe from Praetorian
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5539",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T14:41:22.845542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T19:34:22.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "WebCTRL",
"vendor": "Automated Logic",
"versions": [
{
"lessThanOrEqual": "8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "i-Vu",
"vendor": "Carrier",
"versions": [
{
"lessThanOrEqual": "8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Steve Knabe from Praetorian"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious actor to bypass intended access restrictions and expose sensitive information via the \n\n\u003ci\u003eweb based building automation server.\u003c/i\u003e\u003cbr\u003e"
}
],
"value": "The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious actor to bypass intended access restrictions and expose sensitive information via the \n\nweb based building automation server."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-27T01:02:30.525Z",
"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"shortName": "Carrier"
},
"references": [
{
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to the latest version of ALC WebCTRL or Carrier i-Vu. \u0026nbsp;\n\n\u003cbr\u003e"
}
],
"value": "Upgrade to the latest version of ALC WebCTRL or Carrier i-Vu."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ALC WebCTRL Carrier i-Vu Access Control Bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"assignerShortName": "Carrier",
"cveId": "CVE-2024-5539",
"datePublished": "2025-11-27T01:02:30.525Z",
"dateReserved": "2024-05-30T17:38:43.955Z",
"dateUpdated": "2025-11-28T19:34:22.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-0657 (GCVE-0-2025-0657)
Vulnerability from cvelistv5 – Published: 2025-11-27 01:00 – Updated: 2025-11-28 19:34
VLAI?
Summary
A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver
version drv_gen5_106-01-2380, allows
malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to
return the device to network visibility.
Severity ?
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Automated Logic | WebCtrl |
Affected:
0 , ≤ 8.5
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Christopher Morales Gonzalez
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0657",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T14:41:24.308783Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T19:34:27.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "WebCtrl",
"vendor": "Automated Logic",
"versions": [
{
"lessThanOrEqual": "8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Gen5 Controllers",
"vendor": "Automated Logic",
"versions": [
{
"lessThanOrEqual": "drv_gen5_108-04-20120",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "i-Vu",
"vendor": "Carrier",
"versions": [
{
"lessThanOrEqual": "8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Christopher Morales Gonzalez"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cbr\u003e\u003ctable\u003e\n \n \u003ctbody\u003e\u003ctr\u003e\n\n \u003ctd\u003eA weakness in Automated Logic and Carrier i-Vu Gen5 router on driver\n version drv_gen5_106-01-2380, allows\n malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to\n return the device to network visibility.\u003c/td\u003e\n\n \u003c/tr\u003e\n\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver\n version drv_gen5_106-01-2380, allows\n malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to\n return the device to network visibility."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-27T01:00:59.653Z",
"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"shortName": "Carrier"
},
"references": [
{
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThese vulnerabilities have\nbeen remediated in cumulative releases for versions 8.5, 9.0, and Gen5 driver\nversion drv_gen5_108-04-20120\nor later.\u0026nbsp;\u003c/p\u003e\n\n\n\nSupport for versions 8.0,\n7.0,6.5, 6.1, 6.0 has expired.\n\n\n\n\u003cbr\u003e"
}
],
"value": "These vulnerabilities have\nbeen remediated in cumulative releases for versions 8.5, 9.0, and Gen5 driver\nversion drv_gen5_108-04-20120\nor later.\u00a0\n\n\n\n\n\nSupport for versions 8.0,\n7.0,6.5, 6.1, 6.0 has expired."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ALC WebCTRL Carrier i-Vu and Gen5 Controllers Array Index out-of-range",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"assignerShortName": "Carrier",
"cveId": "CVE-2025-0657",
"datePublished": "2025-11-27T01:00:59.653Z",
"dateReserved": "2025-01-22T20:22:14.084Z",
"dateUpdated": "2025-11-28T19:34:27.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-8528 (GCVE-0-2024-8528)
Vulnerability from cvelistv5 – Published: 2025-11-19 13:18 – Updated: 2025-11-19 15:15
VLAI?
Summary
Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Automated Logic | WebCtrl |
Affected:
6.0 , ≤ 9.0
(semver)
|
||
Credits
Jaryl Low
Thuy D. Nguyen
Cynthia E. Irvine
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8528",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T15:13:38.562324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T15:15:57.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "WebCtrl",
"vendor": "Automated Logic",
"versions": [
{
"lessThanOrEqual": "9.0",
"status": "affected",
"version": "6.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "i-Vu",
"vendor": "Carrier",
"versions": [
{
"lessThanOrEqual": "9.0",
"status": "affected",
"version": "6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jaryl Low"
},
{
"lang": "en",
"type": "finder",
"value": "Thuy D. Nguyen"
},
{
"lang": "en",
"type": "finder",
"value": "Cynthia E. Irvine"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized."
}
],
"value": "Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T13:18:35.293Z",
"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"shortName": "Carrier"
},
"references": [
{
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "These\nvulnerabilities have been remediated in cumulative releases for versions 8.0,\n8.5, and 9.0. Please be aware that WebCTRL and i-Vu versions 7.0, 6.5, and 6.1 are no longer supported. To\nsafeguard against these vulnerabilities, upgrading to the latest WebCTRL and i-Vu software is strongly recommended.\u0026nbsp;\n\n\n\n\u003cbr\u003e"
}
],
"value": "These\nvulnerabilities have been remediated in cumulative releases for versions 8.0,\n8.5, and 9.0. Please be aware that WebCTRL and i-Vu versions 7.0, 6.5, and 6.1 are no longer supported. To\nsafeguard against these vulnerabilities, upgrading to the latest WebCTRL and i-Vu software is strongly recommended."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ALC WebCTRL Carrier i-Vu Reflected XSS due to unsanitized parameter",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"assignerShortName": "Carrier",
"cveId": "CVE-2024-8528",
"datePublished": "2025-11-19T13:18:35.293Z",
"dateReserved": "2024-09-06T16:01:34.807Z",
"dateUpdated": "2025-11-19T15:15:57.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-8527 (GCVE-0-2024-8527)
Vulnerability from cvelistv5 – Published: 2025-11-19 13:17 – Updated: 2025-11-19 16:05
VLAI?
Summary
Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions.
Severity ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Automated Logic | WebCtrl |
Affected:
6.0 , ≤ 9.0
(semver)
|
||
Credits
Jaryl Low
Thuy D. Nguyen
Cynthia E. Irvine
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8527",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T16:04:40.466031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T16:05:46.478Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "WebCtrl",
"vendor": "Automated Logic",
"versions": [
{
"lessThanOrEqual": "9.0",
"status": "affected",
"version": "6.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "i-Vu",
"vendor": "Carrier",
"versions": [
{
"lessThanOrEqual": "9.0",
"status": "affected",
"version": "6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jaryl Low"
},
{
"lang": "en",
"type": "finder",
"value": "Thuy D. Nguyen"
},
{
"lang": "en",
"type": "finder",
"value": "Cynthia E. Irvine"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions."
}
],
"value": "Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T13:17:01.911Z",
"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"shortName": "Carrier"
},
"references": [
{
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to the latest version of ALC WebCTRL or Carrier i-Vu. \u0026nbsp;\n\n\u003cbr\u003e"
}
],
"value": "Upgrade to the latest version of ALC WebCTRL or Carrier i-Vu."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ALC WebCTRL Carrier i-Vu Open Redirect via URL parameter",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"assignerShortName": "Carrier",
"cveId": "CVE-2024-8527",
"datePublished": "2025-11-19T13:17:01.911Z",
"dateReserved": "2024-09-06T16:01:32.884Z",
"dateUpdated": "2025-11-19T16:05:46.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-5540 (GCVE-0-2024-5540)
Vulnerability from nvd – Published: 2025-11-27 01:02 – Updated: 2025-11-28 19:34
VLAI?
Summary
The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in versions older than 8.0 affects login panels allowing a
malicious actor to compromise the client browser
.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Automated Logic | WebCTRL |
Affected:
0 , < 8.0
(custom)
|
||
Credits
Steve Knabe from Praetorian
Inacio Santos
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5540",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T14:41:21.441387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T19:34:17.123Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "WebCTRL",
"vendor": "Automated Logic",
"versions": [
{
"lessThan": "8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "i-Vu",
"vendor": "Carrier",
"versions": [
{
"lessThan": "8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Steve Knabe from Praetorian"
},
{
"lang": "en",
"type": "reporter",
"value": "Inacio Santos"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in versions older than 8.0 affects login panels allowing a \n\nmalicious actor to compromise the client browser\n\n.\u0026nbsp;\u0026nbsp;\u003cbr\u003e"
}
],
"value": "The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in versions older than 8.0 affects login panels allowing a \n\nmalicious actor to compromise the client browser\n\n."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-27T01:02:48.953Z",
"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"shortName": "Carrier"
},
"references": [
{
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to the latest version of ALC WebCTRL or Carrier i-Vu.\u0026nbsp;\u0026nbsp;"
}
],
"value": "Upgrade to the latest version of ALC WebCTRL or Carrier i-Vu."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ALC WebCTRL Carrier i-Vu Reflected Cross-Site Scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"assignerShortName": "Carrier",
"cveId": "CVE-2024-5540",
"datePublished": "2025-11-27T01:02:48.953Z",
"dateReserved": "2024-05-30T17:38:50.120Z",
"dateUpdated": "2025-11-28T19:34:17.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-5539 (GCVE-0-2024-5539)
Vulnerability from nvd – Published: 2025-11-27 01:02 – Updated: 2025-11-28 19:34
VLAI?
Summary
The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious actor to bypass intended access restrictions and expose sensitive information via the
web based building automation server.
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Automated Logic | WebCTRL |
Affected:
0 , ≤ 8.5
(custom)
|
||
Credits
Steve Knabe from Praetorian
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5539",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T14:41:22.845542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T19:34:22.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "WebCTRL",
"vendor": "Automated Logic",
"versions": [
{
"lessThanOrEqual": "8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "i-Vu",
"vendor": "Carrier",
"versions": [
{
"lessThanOrEqual": "8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Steve Knabe from Praetorian"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious actor to bypass intended access restrictions and expose sensitive information via the \n\n\u003ci\u003eweb based building automation server.\u003c/i\u003e\u003cbr\u003e"
}
],
"value": "The Access Control Bypass vulnerability found in ALC WebCTRL and Carrier i-Vu in versions up to and including 8.5 allows a malicious actor to bypass intended access restrictions and expose sensitive information via the \n\nweb based building automation server."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-27T01:02:30.525Z",
"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"shortName": "Carrier"
},
"references": [
{
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to the latest version of ALC WebCTRL or Carrier i-Vu. \u0026nbsp;\n\n\u003cbr\u003e"
}
],
"value": "Upgrade to the latest version of ALC WebCTRL or Carrier i-Vu."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ALC WebCTRL Carrier i-Vu Access Control Bypass",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"assignerShortName": "Carrier",
"cveId": "CVE-2024-5539",
"datePublished": "2025-11-27T01:02:30.525Z",
"dateReserved": "2024-05-30T17:38:43.955Z",
"dateUpdated": "2025-11-28T19:34:22.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-0657 (GCVE-0-2025-0657)
Vulnerability from nvd – Published: 2025-11-27 01:00 – Updated: 2025-11-28 19:34
VLAI?
Summary
A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver
version drv_gen5_106-01-2380, allows
malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to
return the device to network visibility.
Severity ?
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Automated Logic | WebCtrl |
Affected:
0 , ≤ 8.5
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Christopher Morales Gonzalez
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0657",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T14:41:24.308783Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T19:34:27.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "WebCtrl",
"vendor": "Automated Logic",
"versions": [
{
"lessThanOrEqual": "8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Gen5 Controllers",
"vendor": "Automated Logic",
"versions": [
{
"lessThanOrEqual": "drv_gen5_108-04-20120",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "i-Vu",
"vendor": "Carrier",
"versions": [
{
"lessThanOrEqual": "8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Christopher Morales Gonzalez"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cbr\u003e\u003ctable\u003e\n \n \u003ctbody\u003e\u003ctr\u003e\n\n \u003ctd\u003eA weakness in Automated Logic and Carrier i-Vu Gen5 router on driver\n version drv_gen5_106-01-2380, allows\n malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to\n return the device to network visibility.\u003c/td\u003e\n\n \u003c/tr\u003e\n\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver\n version drv_gen5_106-01-2380, allows\n malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to\n return the device to network visibility."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-27T01:00:59.653Z",
"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"shortName": "Carrier"
},
"references": [
{
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThese vulnerabilities have\nbeen remediated in cumulative releases for versions 8.5, 9.0, and Gen5 driver\nversion drv_gen5_108-04-20120\nor later.\u0026nbsp;\u003c/p\u003e\n\n\n\nSupport for versions 8.0,\n7.0,6.5, 6.1, 6.0 has expired.\n\n\n\n\u003cbr\u003e"
}
],
"value": "These vulnerabilities have\nbeen remediated in cumulative releases for versions 8.5, 9.0, and Gen5 driver\nversion drv_gen5_108-04-20120\nor later.\u00a0\n\n\n\n\n\nSupport for versions 8.0,\n7.0,6.5, 6.1, 6.0 has expired."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ALC WebCTRL Carrier i-Vu and Gen5 Controllers Array Index out-of-range",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"assignerShortName": "Carrier",
"cveId": "CVE-2025-0657",
"datePublished": "2025-11-27T01:00:59.653Z",
"dateReserved": "2025-01-22T20:22:14.084Z",
"dateUpdated": "2025-11-28T19:34:27.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-8528 (GCVE-0-2024-8528)
Vulnerability from nvd – Published: 2025-11-19 13:18 – Updated: 2025-11-19 15:15
VLAI?
Summary
Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Automated Logic | WebCtrl |
Affected:
6.0 , ≤ 9.0
(semver)
|
||
Credits
Jaryl Low
Thuy D. Nguyen
Cynthia E. Irvine
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8528",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T15:13:38.562324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T15:15:57.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "WebCtrl",
"vendor": "Automated Logic",
"versions": [
{
"lessThanOrEqual": "9.0",
"status": "affected",
"version": "6.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "i-Vu",
"vendor": "Carrier",
"versions": [
{
"lessThanOrEqual": "9.0",
"status": "affected",
"version": "6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jaryl Low"
},
{
"lang": "en",
"type": "finder",
"value": "Thuy D. Nguyen"
},
{
"lang": "en",
"type": "finder",
"value": "Cynthia E. Irvine"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized."
}
],
"value": "Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T13:18:35.293Z",
"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"shortName": "Carrier"
},
"references": [
{
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "These\nvulnerabilities have been remediated in cumulative releases for versions 8.0,\n8.5, and 9.0. Please be aware that WebCTRL and i-Vu versions 7.0, 6.5, and 6.1 are no longer supported. To\nsafeguard against these vulnerabilities, upgrading to the latest WebCTRL and i-Vu software is strongly recommended.\u0026nbsp;\n\n\n\n\u003cbr\u003e"
}
],
"value": "These\nvulnerabilities have been remediated in cumulative releases for versions 8.0,\n8.5, and 9.0. Please be aware that WebCTRL and i-Vu versions 7.0, 6.5, and 6.1 are no longer supported. To\nsafeguard against these vulnerabilities, upgrading to the latest WebCTRL and i-Vu software is strongly recommended."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ALC WebCTRL Carrier i-Vu Reflected XSS due to unsanitized parameter",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"assignerShortName": "Carrier",
"cveId": "CVE-2024-8528",
"datePublished": "2025-11-19T13:18:35.293Z",
"dateReserved": "2024-09-06T16:01:34.807Z",
"dateUpdated": "2025-11-19T15:15:57.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-8527 (GCVE-0-2024-8527)
Vulnerability from nvd – Published: 2025-11-19 13:17 – Updated: 2025-11-19 16:05
VLAI?
Summary
Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions.
Severity ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Automated Logic | WebCtrl |
Affected:
6.0 , ≤ 9.0
(semver)
|
||
Credits
Jaryl Low
Thuy D. Nguyen
Cynthia E. Irvine
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8527",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T16:04:40.466031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T16:05:46.478Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "WebCtrl",
"vendor": "Automated Logic",
"versions": [
{
"lessThanOrEqual": "9.0",
"status": "affected",
"version": "6.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "i-Vu",
"vendor": "Carrier",
"versions": [
{
"lessThanOrEqual": "9.0",
"status": "affected",
"version": "6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jaryl Low"
},
{
"lang": "en",
"type": "finder",
"value": "Thuy D. Nguyen"
},
{
"lang": "en",
"type": "finder",
"value": "Cynthia E. Irvine"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions."
}
],
"value": "Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T13:17:01.911Z",
"orgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"shortName": "Carrier"
},
"references": [
{
"url": "https://www.corporate.carrier.com/product-security/advisories-resources/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to the latest version of ALC WebCTRL or Carrier i-Vu. \u0026nbsp;\n\n\u003cbr\u003e"
}
],
"value": "Upgrade to the latest version of ALC WebCTRL or Carrier i-Vu."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ALC WebCTRL Carrier i-Vu Open Redirect via URL parameter",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e24e6442-3ae1-4538-a7b8-7ac95586db8f",
"assignerShortName": "Carrier",
"cveId": "CVE-2024-8527",
"datePublished": "2025-11-19T13:17:01.911Z",
"dateReserved": "2024-09-06T16:01:32.884Z",
"dateUpdated": "2025-11-19T16:05:46.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
VAR-201708-0163
Vulnerability from variot - Updated: 2023-12-18 13:29An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network. ALC WebCTRL , i-Vu ,and SiteScan Web Is XML An external entity vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AutomatedLogic provides a complete set of building electrical and mechanical control systems for the majority of users, including central air conditioning automatic control, power distribution monitoring, water supply and drainage monitoring, lighting monitoring and elevator monitoring. The system has been widely used in the United States, China and other regions. There are XML external entity vulnerabilities in multiple devices of AutomatedLogicCorporation. Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0163",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "automatedlogic webctrl",
"scope": "lte",
"trust": 1.0,
"vendor": "carrier",
"version": "6.5"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "6.5"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "6.5"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "carrier i-vu",
"scope": "lte",
"trust": 0.6,
"vendor": "automated logic",
"version": "\u003c=6.5"
},
{
"model": "alc webctrl",
"scope": "lte",
"trust": 0.6,
"vendor": "automated logic",
"version": "\u003c=6.5"
},
{
"model": "liebert sitescan web",
"scope": "lte",
"trust": 0.6,
"vendor": "automated logic",
"version": "\u003c=6.5"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "6.5"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "6.5"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "6.5"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.1"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.0"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.1"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.1"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.0"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "i vu",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sitescan web",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webctrl",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "52ef8bd8-d974-45fb-aa99-07306c190de3"
},
{
"db": "CNVD",
"id": "CNVD-2017-24364"
},
{
"db": "BID",
"id": "100558"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008818"
},
{
"db": "NVD",
"id": "CVE-2016-5795"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1409"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5795"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Evgeny Ermakov from Kaspersky Lab.",
"sources": [
{
"db": "BID",
"id": "100558"
}
],
"trust": 0.3
},
"cve": "CVE-2016-5795",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-5795",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-24364",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "52ef8bd8-d974-45fb-aa99-07306c190de3",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-5795",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-5795",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-24364",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1409",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "52ef8bd8-d974-45fb-aa99-07306c190de3",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "52ef8bd8-d974-45fb-aa99-07306c190de3"
},
{
"db": "CNVD",
"id": "CNVD-2017-24364"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008818"
},
{
"db": "NVD",
"id": "CVE-2016-5795"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1409"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network. ALC WebCTRL , i-Vu ,and SiteScan Web Is XML An external entity vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AutomatedLogic provides a complete set of building electrical and mechanical control systems for the majority of users, including central air conditioning automatic control, power distribution monitoring, water supply and drainage monitoring, lighting monitoring and elevator monitoring. The system has been widely used in the United States, China and other regions. There are XML external entity vulnerabilities in multiple devices of AutomatedLogicCorporation. \nAttackers can exploit this issue to gain access to sensitive information or cause denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5795"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008818"
},
{
"db": "CNVD",
"id": "CNVD-2017-24364"
},
{
"db": "BID",
"id": "100558"
},
{
"db": "IVD",
"id": "52ef8bd8-d974-45fb-aa99-07306c190de3"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5795",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-150-01",
"trust": 3.3
},
{
"db": "BID",
"id": "100558",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-24364",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1409",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008818",
"trust": 0.8
},
{
"db": "IVD",
"id": "52EF8BD8-D974-45FB-AA99-07306C190DE3",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "52ef8bd8-d974-45fb-aa99-07306c190de3"
},
{
"db": "CNVD",
"id": "CNVD-2017-24364"
},
{
"db": "BID",
"id": "100558"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008818"
},
{
"db": "NVD",
"id": "CVE-2016-5795"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1409"
}
]
},
"id": "VAR-201708-0163",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "52ef8bd8-d974-45fb-aa99-07306c190de3"
},
{
"db": "CNVD",
"id": "CNVD-2017-24364"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "52ef8bd8-d974-45fb-aa99-07306c190de3"
},
{
"db": "CNVD",
"id": "CNVD-2017-24364"
}
]
},
"last_update_date": "2023-12-18T13:29:14.908000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.automatedlogic.com/"
},
{
"title": "AutomatedLogicCorporation Patch for Multiple Device XML External Entity Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/101402"
},
{
"title": "ALC Liebert SiteScan Web , ALC WebCTRL and Carrier i-Vu Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74504"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24364"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008818"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1409"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-611",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008818"
},
{
"db": "NVD",
"id": "CVE-2016-5795"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-150-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100558"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5795"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5795"
},
{
"trust": 0.3,
"url": "http://www.automatedlogic.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24364"
},
{
"db": "BID",
"id": "100558"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008818"
},
{
"db": "NVD",
"id": "CVE-2016-5795"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1409"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "52ef8bd8-d974-45fb-aa99-07306c190de3"
},
{
"db": "CNVD",
"id": "CNVD-2017-24364"
},
{
"db": "BID",
"id": "100558"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008818"
},
{
"db": "NVD",
"id": "CVE-2016-5795"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1409"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-02T00:00:00",
"db": "IVD",
"id": "52ef8bd8-d974-45fb-aa99-07306c190de3"
},
{
"date": "2017-09-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-24364"
},
{
"date": "2017-08-31T00:00:00",
"db": "BID",
"id": "100558"
},
{
"date": "2017-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008818"
},
{
"date": "2017-08-31T21:29:00.187000",
"db": "NVD",
"id": "CVE-2016-5795"
},
{
"date": "2017-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1409"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-24364"
},
{
"date": "2017-08-31T00:00:00",
"db": "BID",
"id": "100558"
},
{
"date": "2017-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008818"
},
{
"date": "2021-07-27T19:25:34.713000",
"db": "NVD",
"id": "CVE-2016-5795"
},
{
"date": "2021-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1409"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1409"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ALC In product XML External entity vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008818"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1409"
}
],
"trust": 0.6
}
}
VAR-201708-1399
Vulnerability from variot - Updated: 2023-12-18 12:51An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges. ALC WebCTRL , i-Vu ,and SiteScan Web Contains vulnerabilities related to unquoted search paths or elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ALC WebCTRL is a building automation platform. Multiple Automated Logic Corporation (ALC) Products are prone to local privilege-escalation vulnerability. WebCTRL®, Automated Logic's web-based building automationsystem, is known for its intuitive user interface and powerful integrationcapabilities. It allows building operators to optimize and manageall of their building systems - including HVAC, lighting, fire, elevators,and security - all within a single HVAC controls platform. It's everythingthey need to keep occupants comfortable, manage energy conservation measures,identify key operational problems, and validate the results.WebCTRL suffers from an authenticated arbitrary code execution vulnerability. The issue is caused due to the improper verification when uploading Add-on (.addons or .war) files using the uploadwarfile servlet. This can be exploited to execute arbitrary code by uploading a malicious web archive file that will run automatically and can be accessed from within the webroot directory. Additionaly, an improper authorization access control occurs when using the 'anonymous' user. By specification, the anonymous user should not have permissions or authorization to upload or install add-ons. In this case, when using the anonymous user, an attacker is still able to upload a malicious file via insecure direct object reference and execute arbitrary code. The anonymous user was removed from version 6.5 of WebCTRL.Tested on: Microsoft Windows 7 Professional (6.1.7601 Service Pack 1 Build 7601)Apache-Coyote/1.1Apache Tomcat/7.0.42CJServer/1.1Java/1.7.0_25-b17Java HotSpot Server VM 23.25-b01Ant 1.7.0Axis 1.4Trove 2.0.2Xalan Java 2.4.1Xerces-J 2.6.1. The vulnerability exist due to the improper permissions,with the 'M' flag (Modify) or 'C' flag (Change) for 'Authenticated Users' group.The application suffers from an unquoted search path issue as well impacting the service'WebCTRL Service' for Windows deployed as part of WebCTRL server solution. A successful attempt would require thelocal user to be able to insert their code in the system root path undetected by theOS or other security applications where it could potentially be executed duringapplication startup or reboot
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1399",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "webctrl",
"version": "*"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "6.5"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "5.2"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "5.5"
},
{
"model": "automatedlogic webctrl",
"scope": "lte",
"trust": 1.0,
"vendor": "carrier",
"version": "6.0"
},
{
"model": "automatedlogic webctrl",
"scope": "lte",
"trust": 1.0,
"vendor": "carrier",
"version": "5.5"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "6.1"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "5.5"
},
{
"model": "automatedlogic webctrl",
"scope": "lte",
"trust": 1.0,
"vendor": "carrier",
"version": "6.5"
},
{
"model": "automatedlogic webctrl",
"scope": "lte",
"trust": 1.0,
"vendor": "carrier",
"version": "5.2"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "6.0"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "6.5"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "5.2"
},
{
"model": "automatedlogic webctrl",
"scope": "lte",
"trust": 1.0,
"vendor": "carrier",
"version": "6.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "i vu",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "sitescan web",
"version": "*"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.0"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.1"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.0"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.1"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 0.6,
"vendor": "ibm automated logic",
"version": "\u003c=6.5"
},
{
"model": "alc webctrl i-vu",
"scope": "lte",
"trust": 0.6,
"vendor": "automated logic",
"version": "\u003c=6.0"
},
{
"model": "alc webctrl sitescan web",
"scope": "lte",
"trust": 0.6,
"vendor": "automated logic",
"version": "\u003c=6.1"
},
{
"model": "sitescan web i-vu alc webctrl",
"scope": "lte",
"trust": 0.6,
"vendor": "automated logic",
"version": "\u003c=6.5"
},
{
"model": "sitescan web i-vu alc webctrl",
"scope": "lte",
"trust": 0.6,
"vendor": "automated logic",
"version": "\u003c=5.5"
},
{
"model": "sitescan web i-vu alc webctrl",
"scope": "lte",
"trust": 0.6,
"vendor": "automated logic",
"version": "\u003c=5.2"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "6.0"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "5.2"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "5.5"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "6.5"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "5.5"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "5.2"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "6.5"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "6.1"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "5.2"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "5.5"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.3,
"vendor": "automated logic",
"version": " sitescan web 6.1 and prior"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.3,
"vendor": "automated logic",
"version": " i-vu 6.0 and prior"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.3,
"vendor": "automated logic",
"version": " sitescan web 5.5 and prior"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.3,
"vendor": "automated logic",
"version": " sitescan web 5.2 and prior"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.1 and 6.0"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.1"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.0"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.1"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.0"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.2,
"vendor": "automated logic",
"version": " sitescan web 6.5 and prior"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"db": "IVD",
"id": "963de9f9-6e8a-4c63-8060-67b7ca4de5ce"
},
{
"db": "CNVD",
"id": "CNVD-2017-22828"
},
{
"db": "BID",
"id": "100454"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007644"
},
{
"db": "NVD",
"id": "CVE-2017-9644"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-859"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9644"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Gjoko Krstic",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9644",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-9644",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "CNVD-2017-22828",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "963de9f9-6e8a-4c63-8060-67b7ca4de5ce",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-9644",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9644",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-22828",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-859",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "963de9f9-6e8a-4c63-8060-67b7ca4de5ce",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "ZSL",
"id": "ZSL-2017-5431",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5430",
"trust": 0.1,
"value": "(3/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5429",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"db": "IVD",
"id": "963de9f9-6e8a-4c63-8060-67b7ca4de5ce"
},
{
"db": "CNVD",
"id": "CNVD-2017-22828"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007644"
},
{
"db": "NVD",
"id": "CVE-2017-9644"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-859"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges. ALC WebCTRL , i-Vu ,and SiteScan Web Contains vulnerabilities related to unquoted search paths or elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ALC WebCTRL is a building automation platform. Multiple Automated Logic Corporation (ALC) Products are prone to local privilege-escalation vulnerability. WebCTRL\u00ae, Automated Logic\u0027s web-based building automationsystem, is known for its intuitive user interface and powerful integrationcapabilities. It allows building operators to optimize and manageall of their building systems - including HVAC, lighting, fire, elevators,and security - all within a single HVAC controls platform. It\u0027s everythingthey need to keep occupants comfortable, manage energy conservation measures,identify key operational problems, and validate the results.WebCTRL suffers from an authenticated arbitrary code execution vulnerability. The issue is caused due to the improper verification when uploading Add-on (.addons or .war) files using the uploadwarfile servlet. This can be exploited to execute arbitrary code by uploading a malicious web archive file that will run automatically and can be accessed from within the webroot directory. Additionaly, an improper authorization access control occurs when using the \u0027anonymous\u0027 user. By specification, the anonymous user should not have permissions or authorization to upload or install add-ons. In this case, when using the anonymous user, an attacker is still able to upload a malicious file via insecure direct object reference and execute arbitrary code. The anonymous user was removed from version 6.5 of WebCTRL.Tested on: Microsoft Windows 7 Professional (6.1.7601 Service Pack 1 Build 7601)Apache-Coyote/1.1Apache Tomcat/7.0.42CJServer/1.1Java/1.7.0_25-b17Java HotSpot Server VM 23.25-b01Ant 1.7.0Axis 1.4Trove 2.0.2Xalan Java 2.4.1Xerces-J 2.6.1. The vulnerability exist due to the improper permissions,with the \u0027M\u0027 flag (Modify) or \u0027C\u0027 flag (Change) for \u0027Authenticated Users\u0027 group.The application suffers from an unquoted search path issue as well impacting the service\u0027WebCTRL Service\u0027 for Windows deployed as part of WebCTRL server solution. A successful attempt would require thelocal user to be able to insert their code in the system root path undetected by theOS or other security applications where it could potentially be executed duringapplication startup or reboot",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9644"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007644"
},
{
"db": "CNVD",
"id": "CNVD-2017-22828"
},
{
"db": "BID",
"id": "100454"
},
{
"db": "IVD",
"id": "963de9f9-6e8a-4c63-8060-67b7ca4de5ce"
},
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "http://www.automatedlogic.com/pages/security.aspx",
"trust": 0.3,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9644",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-234-01",
"trust": 3.0
},
{
"db": "BID",
"id": "100454",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "42542",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2017-22828",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-859",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007644",
"trust": 0.8
},
{
"db": "BID",
"id": "100452",
"trust": 0.2
},
{
"db": "IVD",
"id": "963DE9F9-6E8A-4C63-8060-67B7CA4DE5CE",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143897",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42544",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2017-9650",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017080166",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5431",
"trust": 0.1
},
{
"db": "AUSCERT",
"id": "ESB-2017.2113",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42543",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143896",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2017-9640",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017080165",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5430",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017080167",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143895",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5429",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"db": "IVD",
"id": "963de9f9-6e8a-4c63-8060-67b7ca4de5ce"
},
{
"db": "CNVD",
"id": "CNVD-2017-22828"
},
{
"db": "BID",
"id": "100454"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007644"
},
{
"db": "NVD",
"id": "CVE-2017-9644"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-859"
}
]
},
"id": "VAR-201708-1399",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "963de9f9-6e8a-4c63-8060-67b7ca4de5ce"
},
{
"db": "CNVD",
"id": "CNVD-2017-22828"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "963de9f9-6e8a-4c63-8060-67b7ca4de5ce"
},
{
"db": "CNVD",
"id": "CNVD-2017-22828"
}
]
},
"last_update_date": "2023-12-18T12:51:05.380000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Best Practices Checklists for Building Automation Systems (BAS)",
"trust": 0.8,
"url": "http://www.automatedlogic.com/pages/security.aspx"
},
{
"title": "ALC WebCTRL i-Vu/SiteScan Web does not reference patches for search path vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/100837"
},
{
"title": "ALC WebCTRL , i-Vu and SiteScan Web Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99869"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22828"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007644"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-859"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-428",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007644"
},
{
"db": "NVD",
"id": "CVE-2017-9644"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-234-01"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/42542/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/100454"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9644"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9644"
},
{
"trust": 0.6,
"url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9644"
},
{
"trust": 0.3,
"url": "http://www.automatedlogic.com/pages/security_commitment.aspx"
},
{
"trust": 0.3,
"url": "http://www.automatedlogic.com/specsheets/security_best_practices_checklists_for_building_automation_systems_(bas)pdf.pdf"
},
{
"trust": 0.3,
"url": "http://www.securityweek.com/automated-logic-patches-flaws-building-automation-system"
},
{
"trust": 0.3,
"url": "http://www.automatedlogic.com"
},
{
"trust": 0.2,
"url": "http://www.securityfocus.com/bid/100452"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9650"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9650"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42544/"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143897"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017080166"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130767"
},
{
"trust": 0.1,
"url": "http://www.vfocus.net/art/20170824/13802.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9640"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9640"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42543/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017080165"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143896"
},
{
"trust": 0.1,
"url": "https://www.auscert.org.au/bulletins/51482"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130766"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143895"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017080167"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130760"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"db": "CNVD",
"id": "CNVD-2017-22828"
},
{
"db": "BID",
"id": "100454"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007644"
},
{
"db": "NVD",
"id": "CVE-2017-9644"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-859"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"db": "IVD",
"id": "963de9f9-6e8a-4c63-8060-67b7ca4de5ce"
},
{
"db": "CNVD",
"id": "CNVD-2017-22828"
},
{
"db": "BID",
"id": "100454"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007644"
},
{
"db": "NVD",
"id": "CVE-2017-9644"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-859"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-22T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"date": "2017-08-22T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"date": "2017-08-22T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "963de9f9-6e8a-4c63-8060-67b7ca4de5ce"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22828"
},
{
"date": "2017-08-23T00:00:00",
"db": "BID",
"id": "100454"
},
{
"date": "2017-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007644"
},
{
"date": "2017-08-25T19:29:00.457000",
"db": "NVD",
"id": "CVE-2017-9644"
},
{
"date": "2017-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-859"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-28T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"date": "2017-08-25T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"date": "2017-08-25T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22828"
},
{
"date": "2017-08-23T00:00:00",
"db": "BID",
"id": "100454"
},
{
"date": "2017-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007644"
},
{
"date": "2021-07-27T19:25:56.903000",
"db": "NVD",
"id": "CVE-2017-9644"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-859"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "100454"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-859"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ALC WebCTRL i-Vu/SiteScan Web Unreferenced Search Path Vulnerability",
"sources": [
{
"db": "IVD",
"id": "963de9f9-6e8a-4c63-8060-67b7ca4de5ce"
},
{
"db": "CNVD",
"id": "CNVD-2017-22828"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "963de9f9-6e8a-4c63-8060-67b7ca4de5ce"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-859"
}
],
"trust": 0.8
}
}
VAR-201708-1403
Vulnerability from variot - Updated: 2023-12-18 12:51An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code. ALC WebCTRL , i-Vu ,and SiteScan Web Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ALC WebCTRL is a building automation platform. Multiple Automated Logic Corporation Products are prone to a directory-traversal vulnerability and an arbitrary-file-upload vulnerability. WebCTRL®, Automated Logic's web-based building automationsystem, is known for its intuitive user interface and powerful integrationcapabilities. It allows building operators to optimize and manageall of their building systems - including HVAC, lighting, fire, elevators,and security - all within a single HVAC controls platform. It's everythingthey need to keep occupants comfortable, manage energy conservation measures,identify key operational problems, and validate the results.WebCTRL suffers from an authenticated arbitrary code execution vulnerability. The issue is caused due to the improper verification when uploading Add-on (.addons or .war) files using the uploadwarfile servlet. Additionaly, an improper authorization access control occurs when using the 'anonymous' user. By specification, the anonymous user should not have permissions or authorization to upload or install add-ons. The anonymous user was removed from version 6.5 of WebCTRL.Tested on: Microsoft Windows 7 Professional (6.1.7601 Service Pack 1 Build 7601)Apache-Coyote/1.1Apache Tomcat/7.0.42CJServer/1.1Java/1.7.0_25-b17Java HotSpot Server VM 23.25-b01Ant 1.7.0Axis 1.4Trove 2.0.2Xalan Java 2.4.1Xerces-J 2.6.1. The vulnerability exist due to the improper permissions,with the 'M' flag (Modify) or 'C' flag (Change) for 'Authenticated Users' group.The application suffers from an unquoted search path issue as well impacting the service'WebCTRL Service' for Windows deployed as part of WebCTRL server solution. This couldpotentially allow an authorized but non-privileged local user to execute arbitrarycode with elevated privileges on the system. A successful attempt would require thelocal user to be able to insert their code in the system root path undetected by theOS or other security applications where it could potentially be executed duringapplication startup or reboot. If successful, the local user’s code would executewith the elevated privileges of the application.Tested on: Microsoft Windows 7 Professional SP1 (EN)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1403",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "webctrl",
"version": "*"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "6.5"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "5.2"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "5.5"
},
{
"model": "automatedlogic webctrl",
"scope": "lte",
"trust": 1.0,
"vendor": "carrier",
"version": "6.0"
},
{
"model": "automatedlogic webctrl",
"scope": "lte",
"trust": 1.0,
"vendor": "carrier",
"version": "5.5"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "6.1"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "5.5"
},
{
"model": "automatedlogic webctrl",
"scope": "lte",
"trust": 1.0,
"vendor": "carrier",
"version": "6.5"
},
{
"model": "automatedlogic webctrl",
"scope": "lte",
"trust": 1.0,
"vendor": "carrier",
"version": "5.2"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "6.0"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "6.5"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "5.2"
},
{
"model": "automatedlogic webctrl",
"scope": "lte",
"trust": 1.0,
"vendor": "carrier",
"version": "6.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "i vu",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "sitescan web",
"version": "*"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.0"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.1"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.0"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.1"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 0.6,
"vendor": "ibm automated logic",
"version": "\u003c=6.5"
},
{
"model": "alc webctrl i-vu",
"scope": "lte",
"trust": 0.6,
"vendor": "automated logic",
"version": "\u003c=6.0"
},
{
"model": "alc webctrl sitescan web",
"scope": "lte",
"trust": 0.6,
"vendor": "automated logic",
"version": "\u003c=6.1"
},
{
"model": "sitescan web i-vu alc webctrl",
"scope": "lte",
"trust": 0.6,
"vendor": "automated logic",
"version": "\u003c=6.5"
},
{
"model": "sitescan web i-vu alc webctrl",
"scope": "lte",
"trust": 0.6,
"vendor": "automated logic",
"version": "\u003c=5.5"
},
{
"model": "sitescan web i-vu alc webctrl",
"scope": "lte",
"trust": 0.6,
"vendor": "automated logic",
"version": "\u003c=5.2"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "6.0"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "5.5"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "5.2"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "6.5"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "6.1"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "6.5"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "6.1"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "5.2"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "5.5"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "6.0"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.3,
"vendor": "automated logic",
"version": " sitescan web 6.1 and prior"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.3,
"vendor": "automated logic",
"version": " i-vu 6.0 and prior"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.3,
"vendor": "automated logic",
"version": " sitescan web 5.5 and prior"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.3,
"vendor": "automated logic",
"version": " sitescan web 5.2 and prior"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.1 and 6.0"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.1"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.0"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.1"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.0"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.2,
"vendor": "automated logic",
"version": " sitescan web 6.5 and prior"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"db": "IVD",
"id": "76d5e604-c8b4-41c9-80ab-9973ddaca935"
},
{
"db": "CNVD",
"id": "CNVD-2017-22827"
},
{
"db": "BID",
"id": "100452"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007660"
},
{
"db": "NVD",
"id": "CVE-2017-9650"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-587"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9650"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Gjoko Krstic",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9650",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-9650",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-22827",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "76d5e604-c8b4-41c9-80ab-9973ddaca935",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-9650",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9650",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-22827",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-587",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "76d5e604-c8b4-41c9-80ab-9973ddaca935",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "ZSL",
"id": "ZSL-2017-5431",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5430",
"trust": 0.1,
"value": "(3/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5429",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"db": "IVD",
"id": "76d5e604-c8b4-41c9-80ab-9973ddaca935"
},
{
"db": "CNVD",
"id": "CNVD-2017-22827"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007660"
},
{
"db": "NVD",
"id": "CVE-2017-9650"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-587"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code. ALC WebCTRL , i-Vu ,and SiteScan Web Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ALC WebCTRL is a building automation platform. Multiple Automated Logic Corporation Products are prone to a directory-traversal vulnerability and an arbitrary-file-upload vulnerability. WebCTRL\u00ae, Automated Logic\u0027s web-based building automationsystem, is known for its intuitive user interface and powerful integrationcapabilities. It allows building operators to optimize and manageall of their building systems - including HVAC, lighting, fire, elevators,and security - all within a single HVAC controls platform. It\u0027s everythingthey need to keep occupants comfortable, manage energy conservation measures,identify key operational problems, and validate the results.WebCTRL suffers from an authenticated arbitrary code execution vulnerability. The issue is caused due to the improper verification when uploading Add-on (.addons or .war) files using the uploadwarfile servlet. Additionaly, an improper authorization access control occurs when using the \u0027anonymous\u0027 user. By specification, the anonymous user should not have permissions or authorization to upload or install add-ons. The anonymous user was removed from version 6.5 of WebCTRL.Tested on: Microsoft Windows 7 Professional (6.1.7601 Service Pack 1 Build 7601)Apache-Coyote/1.1Apache Tomcat/7.0.42CJServer/1.1Java/1.7.0_25-b17Java HotSpot Server VM 23.25-b01Ant 1.7.0Axis 1.4Trove 2.0.2Xalan Java 2.4.1Xerces-J 2.6.1. The vulnerability exist due to the improper permissions,with the \u0027M\u0027 flag (Modify) or \u0027C\u0027 flag (Change) for \u0027Authenticated Users\u0027 group.The application suffers from an unquoted search path issue as well impacting the service\u0027WebCTRL Service\u0027 for Windows deployed as part of WebCTRL server solution. This couldpotentially allow an authorized but non-privileged local user to execute arbitrarycode with elevated privileges on the system. A successful attempt would require thelocal user to be able to insert their code in the system root path undetected by theOS or other security applications where it could potentially be executed duringapplication startup or reboot. If successful, the local user\u2019s code would executewith the elevated privileges of the application.Tested on: Microsoft Windows 7 Professional SP1 (EN)",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9650"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007660"
},
{
"db": "CNVD",
"id": "CNVD-2017-22827"
},
{
"db": "BID",
"id": "100452"
},
{
"db": "IVD",
"id": "76d5e604-c8b4-41c9-80ab-9973ddaca935"
},
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "http://www.automatedlogic.com/pages/security.aspx",
"trust": 0.3,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-17-234-01",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2017-9650",
"trust": 3.6
},
{
"db": "BID",
"id": "100452",
"trust": 2.1
},
{
"db": "EXPLOIT-DB",
"id": "42544",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2017-22827",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-587",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007660",
"trust": 0.8
},
{
"db": "IVD",
"id": "76D5E604-C8B4-41C9-80AB-9973DDACA935",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143897",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017080166",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5431",
"trust": 0.1
},
{
"db": "AUSCERT",
"id": "ESB-2017.2113",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42543",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143896",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2017-9640",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017080165",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5430",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017080167",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2017-9644",
"trust": 0.1
},
{
"db": "BID",
"id": "100454",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42542",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143895",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5429",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"db": "IVD",
"id": "76d5e604-c8b4-41c9-80ab-9973ddaca935"
},
{
"db": "CNVD",
"id": "CNVD-2017-22827"
},
{
"db": "BID",
"id": "100452"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007660"
},
{
"db": "NVD",
"id": "CVE-2017-9650"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-587"
}
]
},
"id": "VAR-201708-1403",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "76d5e604-c8b4-41c9-80ab-9973ddaca935"
},
{
"db": "CNVD",
"id": "CNVD-2017-22827"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "76d5e604-c8b4-41c9-80ab-9973ddaca935"
},
{
"db": "CNVD",
"id": "CNVD-2017-22827"
}
]
},
"last_update_date": "2023-12-18T12:51:05.330000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Best Practices Checklists for Building Automation Systems (BAS)",
"trust": 0.8,
"url": "http://www.automatedlogic.com/pages/security.aspx"
},
{
"title": "ALC WebCTRL i-Vu/SiteScan Web File Unrestricted File Upload Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/100835"
},
{
"title": "ALC WebCTRL , i-Vu and SiteScan Web Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99851"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22827"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007660"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-587"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-434",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007660"
},
{
"db": "NVD",
"id": "CVE-2017-9650"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-234-01"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/100452"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/42544/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9650"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9650"
},
{
"trust": 0.6,
"url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9650"
},
{
"trust": 0.3,
"url": "http://www.automatedlogic.com/pages/security_commitment.aspx"
},
{
"trust": 0.3,
"url": "http://www.automatedlogic.com/specsheets/security_best_practices_checklists_for_building_automation_systems_(bas)pdf.pdf"
},
{
"trust": 0.3,
"url": "http://www.securityweek.com/automated-logic-patches-flaws-building-automation-system"
},
{
"trust": 0.3,
"url": "http://www.automatedlogic.com"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143897"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017080166"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130767"
},
{
"trust": 0.1,
"url": "http://www.vfocus.net/art/20170824/13802.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9640"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9640"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42543/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017080165"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143896"
},
{
"trust": 0.1,
"url": "https://www.auscert.org.au/bulletins/51482"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130766"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9644"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9644"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143895"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017080167"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42542/"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130760"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/bid/100454"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"db": "CNVD",
"id": "CNVD-2017-22827"
},
{
"db": "BID",
"id": "100452"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007660"
},
{
"db": "NVD",
"id": "CVE-2017-9650"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-587"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"db": "IVD",
"id": "76d5e604-c8b4-41c9-80ab-9973ddaca935"
},
{
"db": "CNVD",
"id": "CNVD-2017-22827"
},
{
"db": "BID",
"id": "100452"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007660"
},
{
"db": "NVD",
"id": "CVE-2017-9650"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-587"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-22T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"date": "2017-08-22T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"date": "2017-08-22T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "76d5e604-c8b4-41c9-80ab-9973ddaca935"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22827"
},
{
"date": "2017-08-22T00:00:00",
"db": "BID",
"id": "100452"
},
{
"date": "2017-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007660"
},
{
"date": "2017-08-25T19:29:00.487000",
"db": "NVD",
"id": "CVE-2017-9650"
},
{
"date": "2017-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-587"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-28T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"date": "2017-08-25T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"date": "2017-08-25T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22827"
},
{
"date": "2017-08-22T00:00:00",
"db": "BID",
"id": "100452"
},
{
"date": "2017-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007660"
},
{
"date": "2021-07-27T19:25:56.903000",
"db": "NVD",
"id": "CVE-2017-9650"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-587"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-587"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural ALC Product unrestricted upload vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007660"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "76d5e604-c8b4-41c9-80ab-9973ddaca935"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-587"
}
],
"trust": 0.8
}
}
VAR-201708-1398
Vulnerability from variot - Updated: 2023-12-18 12:51A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to overwrite files that are used to execute code. This vulnerability does not affect version 6.5 of the software. ALC WebCTRL , i-Vu ,and SiteScan Web Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ALC WebCTRL is a building automation platform. Multiple Automated Logic Corporation Products are prone to a directory-traversal vulnerability and an arbitrary-file-upload vulnerability. An attacker can exploit these issues to obtain sensitive information, to upload arbitrary code, and run it in the context of the webserver process. WebCTRL®, Automated Logic's web-based building automationsystem, is known for its intuitive user interface and powerful integrationcapabilities. It allows building operators to optimize and manageall of their building systems - including HVAC, lighting, fire, elevators,and security - all within a single HVAC controls platform. It's everythingthey need to keep occupants comfortable, manage energy conservation measures,identify key operational problems, and validate the results.WebCTRL suffers from an authenticated arbitrary code execution vulnerability. The issue is caused due to the improper verification when uploading Add-on (.addons or .war) files using the uploadwarfile servlet. This can be exploited to execute arbitrary code by uploading a malicious web archive file that will run automatically and can be accessed from within the webroot directory. Additionaly, an improper authorization access control occurs when using the 'anonymous' user. By specification, the anonymous user should not have permissions or authorization to upload or install add-ons. The anonymous user was removed from version 6.5 of WebCTRL.Tested on: Microsoft Windows 7 Professional (6.1.7601 Service Pack 1 Build 7601)Apache-Coyote/1.1Apache Tomcat/7.0.42CJServer/1.1Java/1.7.0_25-b17Java HotSpot Server VM 23.25-b01Ant 1.7.0Axis 1.4Trove 2.0.2Xalan Java 2.4.1Xerces-J 2.6.1. The vulnerability exist due to the improper permissions,with the 'M' flag (Modify) or 'C' flag (Change) for 'Authenticated Users' group.The application suffers from an unquoted search path issue as well impacting the service'WebCTRL Service' for Windows deployed as part of WebCTRL server solution. This couldpotentially allow an authorized but non-privileged local user to execute arbitrarycode with elevated privileges on the system. A successful attempt would require thelocal user to be able to insert their code in the system root path undetected by theOS or other security applications where it could potentially be executed duringapplication startup or reboot. If successful, the local user’s code would executewith the elevated privileges of the application.Tested on: Microsoft Windows 7 Professional SP1 (EN).
Desc: The vulnerability is triggered by an authenticated user that can use the manualcommand console in the management panel of the affected application. The ManualCommand() function in ManualCommand.js allows users to perform additional diagnostics and settings overview by using pre-defined set of commands. This can be exploited by using the echo command to write and/or overwrite arbitrary files on the system including directory traversal throughout the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1398",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "i-vu",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "5.2"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "5.5"
},
{
"model": "automatedlogic webctrl",
"scope": "lte",
"trust": 1.0,
"vendor": "carrier",
"version": "6.0"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "6.1"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "5.5"
},
{
"model": "automatedlogic webctrl",
"scope": "lte",
"trust": 1.0,
"vendor": "carrier",
"version": "5.2"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "6.0"
},
{
"model": "automatedlogic webctrl",
"scope": "lte",
"trust": 1.0,
"vendor": "carrier",
"version": "5.5"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "5.2"
},
{
"model": "automatedlogic webctrl",
"scope": "lte",
"trust": 1.0,
"vendor": "carrier",
"version": "6.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "webctrl",
"version": "*"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.0"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.1"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.0"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.1"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "i vu",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "sitescan web",
"version": "*"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 0.6,
"vendor": "ibm automated logic",
"version": "\u003c=6.5"
},
{
"model": "alc webctrl i-vu",
"scope": "lte",
"trust": 0.6,
"vendor": "automated logic",
"version": "\u003c=6.0"
},
{
"model": "alc webctrl sitescan web",
"scope": "lte",
"trust": 0.6,
"vendor": "automated logic",
"version": "\u003c=6.1"
},
{
"model": "sitescan web i-vu alc webctrl",
"scope": "lte",
"trust": 0.6,
"vendor": "automated logic",
"version": "\u003c=6.5"
},
{
"model": "sitescan web i-vu alc webctrl",
"scope": "lte",
"trust": 0.6,
"vendor": "automated logic",
"version": "\u003c=5.5"
},
{
"model": "sitescan web i-vu alc webctrl",
"scope": "lte",
"trust": 0.6,
"vendor": "automated logic",
"version": "\u003c=5.2"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "6.0"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "5.5"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "5.2"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "6.1"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "5.5"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "5.2"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "6.1"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "5.2"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "5.5"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "6.0"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.3,
"vendor": "automated logic",
"version": " sitescan web 6.1 and prior"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.3,
"vendor": "automated logic",
"version": " i-vu 6.0 and prior"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.3,
"vendor": "automated logic",
"version": " sitescan web 5.5 and prior"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.3,
"vendor": "automated logic",
"version": " sitescan web 5.2 and prior"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.1 and 6.0"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.1"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.0"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.1"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.0"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.2,
"vendor": "automated logic",
"version": " sitescan web 6.5 and prior"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"db": "IVD",
"id": "f06fbadd-bae1-46a3-8a6f-c5a536b9697e"
},
{
"db": "CNVD",
"id": "CNVD-2017-22829"
},
{
"db": "BID",
"id": "100452"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007643"
},
{
"db": "NVD",
"id": "CVE-2017-9640"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-863"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9640"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Gjoko Krstic",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9640",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-9640",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-22829",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "f06fbadd-bae1-46a3-8a6f-c5a536b9697e",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-9640",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9640",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-22829",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-863",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "f06fbadd-bae1-46a3-8a6f-c5a536b9697e",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "ZSL",
"id": "ZSL-2017-5431",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5430",
"trust": 0.1,
"value": "(3/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5429",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"db": "IVD",
"id": "f06fbadd-bae1-46a3-8a6f-c5a536b9697e"
},
{
"db": "CNVD",
"id": "CNVD-2017-22829"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007643"
},
{
"db": "NVD",
"id": "CVE-2017-9640"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-863"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to overwrite files that are used to execute code. This vulnerability does not affect version 6.5 of the software. ALC WebCTRL , i-Vu ,and SiteScan Web Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ALC WebCTRL is a building automation platform. Multiple Automated Logic Corporation Products are prone to a directory-traversal vulnerability and an arbitrary-file-upload vulnerability. \nAn attacker can exploit these issues to obtain sensitive information, to upload arbitrary code, and run it in the context of the webserver process. WebCTRL\u00ae, Automated Logic\u0027s web-based building automationsystem, is known for its intuitive user interface and powerful integrationcapabilities. It allows building operators to optimize and manageall of their building systems - including HVAC, lighting, fire, elevators,and security - all within a single HVAC controls platform. It\u0027s everythingthey need to keep occupants comfortable, manage energy conservation measures,identify key operational problems, and validate the results.WebCTRL suffers from an authenticated arbitrary code execution vulnerability. The issue is caused due to the improper verification when uploading Add-on (.addons or .war) files using the uploadwarfile servlet. This can be exploited to execute arbitrary code by uploading a malicious web archive file that will run automatically and can be accessed from within the webroot directory. Additionaly, an improper authorization access control occurs when using the \u0027anonymous\u0027 user. By specification, the anonymous user should not have permissions or authorization to upload or install add-ons. The anonymous user was removed from version 6.5 of WebCTRL.Tested on: Microsoft Windows 7 Professional (6.1.7601 Service Pack 1 Build 7601)Apache-Coyote/1.1Apache Tomcat/7.0.42CJServer/1.1Java/1.7.0_25-b17Java HotSpot Server VM 23.25-b01Ant 1.7.0Axis 1.4Trove 2.0.2Xalan Java 2.4.1Xerces-J 2.6.1. The vulnerability exist due to the improper permissions,with the \u0027M\u0027 flag (Modify) or \u0027C\u0027 flag (Change) for \u0027Authenticated Users\u0027 group.The application suffers from an unquoted search path issue as well impacting the service\u0027WebCTRL Service\u0027 for Windows deployed as part of WebCTRL server solution. This couldpotentially allow an authorized but non-privileged local user to execute arbitrarycode with elevated privileges on the system. A successful attempt would require thelocal user to be able to insert their code in the system root path undetected by theOS or other security applications where it could potentially be executed duringapplication startup or reboot. If successful, the local user\u2019s code would executewith the elevated privileges of the application.Tested on: Microsoft Windows 7 Professional SP1 (EN). \n\nDesc: The vulnerability is triggered by an authenticated user that can use\nthe manualcommand console in the management panel of the affected application. \nThe ManualCommand() function in ManualCommand.js allows users to perform additional\ndiagnostics and settings overview by using pre-defined set of commands. This\ncan be exploited by using the echo command to write and/or overwrite arbitrary\nfiles on the system including directory traversal throughout the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9640"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007643"
},
{
"db": "CNVD",
"id": "CNVD-2017-22829"
},
{
"db": "BID",
"id": "100452"
},
{
"db": "IVD",
"id": "f06fbadd-bae1-46a3-8a6f-c5a536b9697e"
},
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"db": "PACKETSTORM",
"id": "143896"
}
],
"trust": 2.97
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "http://www.automatedlogic.com/pages/security.aspx",
"trust": 0.3,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9640",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-234-01",
"trust": 3.0
},
{
"db": "BID",
"id": "100452",
"trust": 2.1
},
{
"db": "EXPLOIT-DB",
"id": "42543",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2017-22829",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-863",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007643",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "143896",
"trust": 0.2
},
{
"db": "ZSL",
"id": "ZSL-2017-5430",
"trust": 0.2
},
{
"db": "IVD",
"id": "F06FBADD-BAE1-46A3-8A6F-C5A536B9697E",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143897",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42544",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2017-9650",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017080166",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5431",
"trust": 0.1
},
{
"db": "AUSCERT",
"id": "ESB-2017.2113",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017080165",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017080167",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2017-9644",
"trust": 0.1
},
{
"db": "BID",
"id": "100454",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42542",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143895",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5429",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"db": "IVD",
"id": "f06fbadd-bae1-46a3-8a6f-c5a536b9697e"
},
{
"db": "CNVD",
"id": "CNVD-2017-22829"
},
{
"db": "BID",
"id": "100452"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007643"
},
{
"db": "PACKETSTORM",
"id": "143896"
},
{
"db": "NVD",
"id": "CVE-2017-9640"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-863"
}
]
},
"id": "VAR-201708-1398",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f06fbadd-bae1-46a3-8a6f-c5a536b9697e"
},
{
"db": "CNVD",
"id": "CNVD-2017-22829"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "f06fbadd-bae1-46a3-8a6f-c5a536b9697e"
},
{
"db": "CNVD",
"id": "CNVD-2017-22829"
}
]
},
"last_update_date": "2023-12-18T12:51:05.276000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Best Practices Checklists for Building Automation Systems (BAS)",
"trust": 0.8,
"url": "http://www.automatedlogic.com/pages/security.aspx"
},
{
"title": "ALC WebCTRL i-Vu/SiteScan Web Path Traversal Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/100836"
},
{
"title": "ALC WebCTRL , i-Vu and SiteScan Web Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99872"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22829"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007643"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-863"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007643"
},
{
"db": "NVD",
"id": "CVE-2017-9640"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-234-01"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/100452"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/42543/"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9640"
},
{
"trust": 1.0,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9640"
},
{
"trust": 0.6,
"url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9640"
},
{
"trust": 0.4,
"url": "http://www.automatedlogic.com"
},
{
"trust": 0.3,
"url": "http://www.automatedlogic.com/pages/security_commitment.aspx"
},
{
"trust": 0.3,
"url": "http://www.automatedlogic.com/specsheets/security_best_practices_checklists_for_building_automation_systems_(bas)pdf.pdf"
},
{
"trust": 0.3,
"url": "http://www.securityweek.com/automated-logic-patches-flaws-building-automation-system"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9650"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9650"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42544/"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143897"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017080166"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130767"
},
{
"trust": 0.1,
"url": "http://www.vfocus.net/art/20170824/13802.html"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017080165"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143896"
},
{
"trust": 0.1,
"url": "https://www.auscert.org.au/bulletins/51482"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130766"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9644"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9644"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143895"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017080167"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42542/"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130760"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/bid/100454"
},
{
"trust": 0.1,
"url": "http://target/touch.txt"
},
{
"trust": 0.1,
"url": "https://www.zeroscience.mk/en/vulnerabilities/zsl-2017-5430.php"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"db": "CNVD",
"id": "CNVD-2017-22829"
},
{
"db": "BID",
"id": "100452"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007643"
},
{
"db": "PACKETSTORM",
"id": "143896"
},
{
"db": "NVD",
"id": "CVE-2017-9640"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-863"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"db": "IVD",
"id": "f06fbadd-bae1-46a3-8a6f-c5a536b9697e"
},
{
"db": "CNVD",
"id": "CNVD-2017-22829"
},
{
"db": "BID",
"id": "100452"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007643"
},
{
"db": "PACKETSTORM",
"id": "143896"
},
{
"db": "NVD",
"id": "CVE-2017-9640"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-863"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-22T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"date": "2017-08-22T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"date": "2017-08-22T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "f06fbadd-bae1-46a3-8a6f-c5a536b9697e"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22829"
},
{
"date": "2017-08-22T00:00:00",
"db": "BID",
"id": "100452"
},
{
"date": "2017-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007643"
},
{
"date": "2017-08-23T07:06:24",
"db": "PACKETSTORM",
"id": "143896"
},
{
"date": "2017-08-25T19:29:00.410000",
"db": "NVD",
"id": "CVE-2017-9640"
},
{
"date": "2017-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-863"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-28T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"date": "2017-08-25T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"date": "2017-08-25T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22829"
},
{
"date": "2017-08-22T00:00:00",
"db": "BID",
"id": "100452"
},
{
"date": "2017-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007643"
},
{
"date": "2021-07-27T19:25:56.903000",
"db": "NVD",
"id": "CVE-2017-9640"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-863"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-863"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ALC WebCTRL i-Vu/SiteScan Web Path traversal vulnerability",
"sources": [
{
"db": "IVD",
"id": "f06fbadd-bae1-46a3-8a6f-c5a536b9697e"
},
{
"db": "CNVD",
"id": "CNVD-2017-22829"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "f06fbadd-bae1-46a3-8a6f-c5a536b9697e"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-863"
}
],
"trust": 0.8
}
}