Search criteria
4 vulnerabilities found for cmnview by cimon
VAR-201503-0334
Vulnerability from variot - Updated: 2023-12-18 14:06Untrusted search path vulnerability in CmnView.exe in CIMON CmnView 2.14.0.1 and 3.x before UltimateAccess 3.02 allows local users to gain privileges via a Trojan horse DLL in the current working directory. CIMON CmnView and UltimateAccess of CmnView.exe Contains a vulnerability that allows it to get permission due to a flaw in search path processing. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. CmnView is a WEB-based SCADA application. The CmnView application contains a DLL that fails to specify an absolute path, allowing an attacker to exploit a vulnerability to build a malicious application, placed in a specific path, allowing the application to maliciously load the DLL and execute it. Cimon CmnView is prone to a vulnerability that lets attackers execute arbitrary code. Successful exploits will allow the attackers to execute arbitrary code in the context of the user running the affected application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201503-0334",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cmnview",
"scope": "eq",
"trust": 2.3,
"vendor": "cimon",
"version": "2.14.0.1"
},
{
"model": "ultimateaccess",
"scope": "eq",
"trust": 2.2,
"vendor": "cimon",
"version": "3.00"
},
{
"model": "ultimateaccess",
"scope": "lte",
"trust": 1.0,
"vendor": "cimon",
"version": "3.01"
},
{
"model": "cmnview",
"scope": "lte",
"trust": 1.0,
"vendor": "cimon",
"version": "2.14.0.1"
},
{
"model": "cmnview",
"scope": "eq",
"trust": 0.8,
"vendor": "cimon",
"version": "3.x"
},
{
"model": "ultimateaccess",
"scope": "lt",
"trust": 0.8,
"vendor": "cimon",
"version": "3.02"
},
{
"model": "ultimateaccess",
"scope": "lte",
"trust": 0.6,
"vendor": "cimon",
"version": "\u003c=3.01"
},
{
"model": "ultimateaccess",
"scope": "eq",
"trust": 0.6,
"vendor": "cimon",
"version": "3.01"
},
{
"model": "cmnview",
"scope": "eq",
"trust": 0.3,
"vendor": "cimon",
"version": "3.0"
},
{
"model": "cmnview",
"scope": "ne",
"trust": 0.3,
"vendor": "cimon",
"version": "3.02"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cmnview",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ultimateaccess",
"version": "3.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ultimateaccess",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "9cac41e6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01826"
},
{
"db": "BID",
"id": "73027"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007978"
},
{
"db": "NVD",
"id": "CVE-2014-9207"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-326"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cimon:ultimateaccess:3.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cimon:ultimateaccess:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.01",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cimon:cmnview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.14.0.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9207"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan Sanchez of Wise Security",
"sources": [
{
"db": "BID",
"id": "73027"
}
],
"trust": 0.3
},
"cve": "CVE-2014-9207",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-9207",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CNVD-2015-01826",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "9cac41e6-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-9207",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-01826",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201503-326",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "9cac41e6-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9cac41e6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01826"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007978"
},
{
"db": "NVD",
"id": "CVE-2014-9207"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-326"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Untrusted search path vulnerability in CmnView.exe in CIMON CmnView 2.14.0.1 and 3.x before UltimateAccess 3.02 allows local users to gain privileges via a Trojan horse DLL in the current working directory. CIMON CmnView and UltimateAccess of CmnView.exe Contains a vulnerability that allows it to get permission due to a flaw in search path processing. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. CmnView is a WEB-based SCADA application. The CmnView application contains a DLL that fails to specify an absolute path, allowing an attacker to exploit a vulnerability to build a malicious application, placed in a specific path, allowing the application to maliciously load the DLL and execute it. Cimon CmnView is prone to a vulnerability that lets attackers execute arbitrary code. \nSuccessful exploits will allow the attackers to execute arbitrary code in the context of the user running the affected application",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9207"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007978"
},
{
"db": "CNVD",
"id": "CNVD-2015-01826"
},
{
"db": "BID",
"id": "73027"
},
{
"db": "IVD",
"id": "9cac41e6-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9207",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-15-069-01",
"trust": 3.3
},
{
"db": "BID",
"id": "73027",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-01826",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201503-326",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007978",
"trust": 0.8
},
{
"db": "IVD",
"id": "9CAC41E6-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9cac41e6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01826"
},
{
"db": "BID",
"id": "73027"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007978"
},
{
"db": "NVD",
"id": "CVE-2014-9207"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-326"
}
]
},
"id": "VAR-201503-0334",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9cac41e6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01826"
}
],
"trust": 1.4125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "9cac41e6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01826"
}
]
},
"last_update_date": "2023-12-18T14:06:04.464000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.cimon.com/eng/"
},
{
"title": "Cimon CmnView DLL hijacking vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/56374"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01826"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007978"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007978"
},
{
"db": "NVD",
"id": "CVE-2014-9207"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-069-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9207"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9207"
},
{
"trust": 0.3,
"url": "http://www.cimon.com/eng/"
},
{
"trust": 0.3,
"url": "http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html"
},
{
"trust": 0.3,
"url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01826"
},
{
"db": "BID",
"id": "73027"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007978"
},
{
"db": "NVD",
"id": "CVE-2014-9207"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-326"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9cac41e6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01826"
},
{
"db": "BID",
"id": "73027"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007978"
},
{
"db": "NVD",
"id": "CVE-2014-9207"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-326"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-19T00:00:00",
"db": "IVD",
"id": "9cac41e6-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-03-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01826"
},
{
"date": "2015-03-10T00:00:00",
"db": "BID",
"id": "73027"
},
{
"date": "2015-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007978"
},
{
"date": "2015-03-14T01:59:08.220000",
"db": "NVD",
"id": "CVE-2014-9207"
},
{
"date": "2015-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-326"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01826"
},
{
"date": "2015-03-10T00:00:00",
"db": "BID",
"id": "73027"
},
{
"date": "2015-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007978"
},
{
"date": "2015-08-06T16:46:08.910000",
"db": "NVD",
"id": "CVE-2014-9207"
},
{
"date": "2015-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-326"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-326"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cimon CmnView DLL Hijacking vulnerability",
"sources": [
{
"db": "IVD",
"id": "9cac41e6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01826"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "73027"
}
],
"trust": 0.3
}
}
FKIE_CVE-2014-9207
Vulnerability from fkie_nvd - Published: 2015-03-14 01:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Untrusted search path vulnerability in CmnView.exe in CIMON CmnView 2.14.0.1 and 3.x before UltimateAccess 3.02 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-15-069-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-15-069-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cimon | cmnview | * | |
| cimon | ultimateaccess | * | |
| cimon | ultimateaccess | 3.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cimon:cmnview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2458B4A1-2109-4C03-B19F-84FC4BC53903",
"versionEndIncluding": "2.14.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cimon:ultimateaccess:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46E7F03A-7D4B-46A8-9AAD-E4F0E4175935",
"versionEndIncluding": "3.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cimon:ultimateaccess:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD288EE-33F2-47B9-A1A5-BD5198865B13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in CmnView.exe in CIMON CmnView 2.14.0.1 and 3.x before UltimateAccess 3.02 allows local users to gain privileges via a Trojan horse DLL in the current working directory."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en CmnView.exe en CIMON CmnView 2.14.0.1 y 3.x anterior a UltimateAccess 3.02 permite a usuarios locales obtener privilegios a trav\u00e9s de caballo de troya DLL en el actual directorio de trabajo."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/426.html\"\u003eCWE-426: Untrusted Search Path\u003c/a\u003e",
"id": "CVE-2014-9207",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-03-14T01:59:08.220",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-069-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-069-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-9207 (GCVE-0-2014-9207)
Vulnerability from cvelistv5 – Published: 2015-03-14 01:00 – Updated: 2024-08-06 13:40
VLAI?
Summary
Untrusted search path vulnerability in CmnView.exe in CIMON CmnView 2.14.0.1 and 3.x before UltimateAccess 3.02 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-069-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in CmnView.exe in CIMON CmnView 2.14.0.1 and 3.x before UltimateAccess 3.02 allows local users to gain privileges via a Trojan horse DLL in the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-14T01:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-069-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-9207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in CmnView.exe in CIMON CmnView 2.14.0.1 and 3.x before UltimateAccess 3.02 allows local users to gain privileges via a Trojan horse DLL in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-069-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-069-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-9207",
"datePublished": "2015-03-14T01:00:00",
"dateReserved": "2014-12-02T00:00:00",
"dateUpdated": "2024-08-06T13:40:24.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9207 (GCVE-0-2014-9207)
Vulnerability from nvd – Published: 2015-03-14 01:00 – Updated: 2024-08-06 13:40
VLAI?
Summary
Untrusted search path vulnerability in CmnView.exe in CIMON CmnView 2.14.0.1 and 3.x before UltimateAccess 3.02 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-069-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in CmnView.exe in CIMON CmnView 2.14.0.1 and 3.x before UltimateAccess 3.02 allows local users to gain privileges via a Trojan horse DLL in the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-14T01:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-069-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-9207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in CmnView.exe in CIMON CmnView 2.14.0.1 and 3.x before UltimateAccess 3.02 allows local users to gain privileges via a Trojan horse DLL in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-069-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-069-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-9207",
"datePublished": "2015-03-14T01:00:00",
"dateReserved": "2014-12-02T00:00:00",
"dateUpdated": "2024-08-06T13:40:24.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}