Search criteria
4 vulnerabilities found for netcadops by abb
VAR-201802-0936
Vulnerability from variot - Updated: 2023-12-18 13:02An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and prior, and netCADOPS Web Application Version 8.1 and prior. A vulnerability exists in the password entry section of netCADOPS Web Application that may expose critical database information. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-0936",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netcadops",
"scope": "eq",
"trust": 1.6,
"vendor": "abb",
"version": "8.1"
},
{
"model": "netcadops",
"scope": "eq",
"trust": 1.6,
"vendor": "abb",
"version": "7.1"
},
{
"model": "netcadops",
"scope": "eq",
"trust": 1.6,
"vendor": "abb",
"version": "8.0"
},
{
"model": "netcadops",
"scope": "lt",
"trust": 1.0,
"vendor": "abb",
"version": "7.2.10"
},
{
"model": "netcadops",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "7.2.0"
},
{
"model": "netcadops",
"scope": "gte",
"trust": 1.0,
"vendor": "abb",
"version": "3.0"
},
{
"model": "netcadops",
"scope": "lte",
"trust": 1.0,
"vendor": "abb",
"version": "3.4"
},
{
"model": "netcadops web application",
"scope": "eq",
"trust": 0.9,
"vendor": "abb",
"version": "8.1"
},
{
"model": "netcadops web application",
"scope": "eq",
"trust": 0.9,
"vendor": "abb",
"version": "8.0"
},
{
"model": "netcadops web application",
"scope": "eq",
"trust": 0.9,
"vendor": "abb",
"version": "7.20"
},
{
"model": "netcadops web application",
"scope": "eq",
"trust": 0.9,
"vendor": "abb",
"version": "7.1"
},
{
"model": "netcadops web application",
"scope": "eq",
"trust": 0.9,
"vendor": "abb",
"version": "3.4"
},
{
"model": "netcadops",
"scope": null,
"trust": 0.8,
"vendor": "abb",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "netcadops",
"version": "*"
},
{
"model": "netcadops web application",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "8.0.20"
},
{
"model": "netcadops web application",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "7.2.10"
},
{
"model": "netcadops web application",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "8.1.7.1"
},
{
"model": "netcadops web application",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "7.1.16.1"
},
{
"model": "netcadops web application",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "3.4.34.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "netcadops",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "netcadops",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "netcadops",
"version": "8.1"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e414de-39ab-11e9-9907-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-03477"
},
{
"db": "BID",
"id": "103089"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002422"
},
{
"db": "NVD",
"id": "CVE-2018-5477"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-781"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:abb:netcadops:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:netcadops:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:netcadops:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.4",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:netcadops:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.2.10",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:abb:netcadops:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5477"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ismail Erkek",
"sources": [
{
"db": "BID",
"id": "103089"
}
],
"trust": 0.3
},
"cve": "CVE-2018-5477",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-5477",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-03477",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2e414de-39ab-11e9-9907-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-135508",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-5477",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-5477",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-03477",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201802-781",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2e414de-39ab-11e9-9907-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-135508",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e414de-39ab-11e9-9907-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-03477"
},
{
"db": "VULHUB",
"id": "VHN-135508"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002422"
},
{
"db": "NVD",
"id": "CVE-2018-5477"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-781"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and prior, and netCADOPS Web Application Version 8.1 and prior. A vulnerability exists in the password entry section of netCADOPS Web Application that may expose critical database information. \nAttackers can exploit this issue to obtain sensitive information that may aid in launching further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5477"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002422"
},
{
"db": "CNVD",
"id": "CNVD-2018-03477"
},
{
"db": "BID",
"id": "103089"
},
{
"db": "IVD",
"id": "e2e414de-39ab-11e9-9907-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-135508"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-5477",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-051-01",
"trust": 3.4
},
{
"db": "BID",
"id": "103089",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201802-781",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-03477",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002422",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E414DE-39AB-11E9-9907-000C29342CB1",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-99008",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-135508",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e414de-39ab-11e9-9907-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-03477"
},
{
"db": "VULHUB",
"id": "VHN-135508"
},
{
"db": "BID",
"id": "103089"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002422"
},
{
"db": "NVD",
"id": "CVE-2018-5477"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-781"
}
]
},
"id": "VAR-201802-0936",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e414de-39ab-11e9-9907-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-03477"
},
{
"db": "VULHUB",
"id": "VHN-135508"
}
],
"trust": 1.65
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e414de-39ab-11e9-9907-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-03477"
}
]
},
"last_update_date": "2023-12-18T13:02:43.793000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://new.abb.com/"
},
{
"title": "ABB netCADOPS Web Application Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/117911"
},
{
"title": "ABB netCADOPS Web Application Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100254"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03477"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002422"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-781"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135508"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002422"
},
{
"db": "NVD",
"id": "CVE-2018-5477"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-051-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103089"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5477"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5477"
},
{
"trust": 0.3,
"url": "http://www.abb.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03477"
},
{
"db": "VULHUB",
"id": "VHN-135508"
},
{
"db": "BID",
"id": "103089"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002422"
},
{
"db": "NVD",
"id": "CVE-2018-5477"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-781"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e414de-39ab-11e9-9907-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-03477"
},
{
"db": "VULHUB",
"id": "VHN-135508"
},
{
"db": "BID",
"id": "103089"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002422"
},
{
"db": "NVD",
"id": "CVE-2018-5477"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-781"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-26T00:00:00",
"db": "IVD",
"id": "e2e414de-39ab-11e9-9907-000c29342cb1"
},
{
"date": "2018-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03477"
},
{
"date": "2018-02-20T00:00:00",
"db": "VULHUB",
"id": "VHN-135508"
},
{
"date": "2018-02-20T00:00:00",
"db": "BID",
"id": "103089"
},
{
"date": "2018-04-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002422"
},
{
"date": "2018-02-20T19:29:00.273000",
"db": "NVD",
"id": "CVE-2018-5477"
},
{
"date": "2018-02-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-781"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03477"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-135508"
},
{
"date": "2018-02-20T00:00:00",
"db": "BID",
"id": "103089"
},
{
"date": "2018-04-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002422"
},
{
"date": "2019-10-09T23:41:26.953000",
"db": "NVD",
"id": "CVE-2018-5477"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-781"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-781"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB netCADOPS Web Application Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2e414de-39ab-11e9-9907-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-03477"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-781"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-781"
}
],
"trust": 0.6
}
}
FKIE_CVE-2018-5477
Vulnerability from fkie_nvd - Published: 2018-02-20 19:29 - Updated: 2024-11-21 04:08
Severity ?
Summary
An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and prior, and netCADOPS Web Application Version 8.1 and prior. A vulnerability exists in the password entry section of netCADOPS Web Application that may expose critical database information.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/103089 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-051-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103089 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-051-01 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:abb:netcadops:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D83104DB-E8F8-430C-8309-8B05FCB5F99C",
"versionEndIncluding": "3.4",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:netcadops:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F53EBD6-1C85-4B66-9F94-D5A8C8851C88",
"versionEndExcluding": "7.2.10",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:netcadops:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F85E44AA-BE94-4947-B364-75B9A7139F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:netcadops:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB5A946-5275-41B0-973B-6CC934BA9708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:abb:netcadops:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD6FE3D-E548-4AB3-B987-94523C0D3F70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and prior, and netCADOPS Web Application Version 8.1 and prior. A vulnerability exists in the password entry section of netCADOPS Web Application that may expose critical database information."
},
{
"lang": "es",
"value": "Se ha descubierto un problema de exposici\u00f3n de informaci\u00f3n en ABB netCADOPS Web Application en versiones 3.4 y anteriores, versiones 7.1 y anteriores, versiones 7.2x y anteriores, versiones 8.0 y anteriores y versiones 8.1 y anteriores. Existe una vulnerabilidad en la secci\u00f3n de introducci\u00f3n de contrase\u00f1as de netCADOPS Web Application que podr\u00eda exponer datos cr\u00edticos de la base de datos."
}
],
"id": "CVE-2018-5477",
"lastModified": "2024-11-21T04:08:52.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-20T19:29:00.273",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103089"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-051-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-051-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-5477 (GCVE-0-2018-5477)
Vulnerability from cvelistv5 – Published: 2018-02-20 19:00 – Updated: 2024-08-05 05:40
VLAI?
Summary
An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and prior, and netCADOPS Web Application Version 8.1 and prior. A vulnerability exists in the password entry section of netCADOPS Web Application that may expose critical database information.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ABB netCADOPS Web Application |
Affected:
ABB netCADOPS Web Application
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:49.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-051-01"
},
{
"name": "103089",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103089"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ABB netCADOPS Web Application",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ABB netCADOPS Web Application"
}
]
}
],
"datePublic": "2018-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and prior, and netCADOPS Web Application Version 8.1 and prior. A vulnerability exists in the password entry section of netCADOPS Web Application that may expose critical database information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-22T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-051-01"
},
{
"name": "103089",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103089"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-5477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ABB netCADOPS Web Application",
"version": {
"version_data": [
{
"version_value": "ABB netCADOPS Web Application"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and prior, and netCADOPS Web Application Version 8.1 and prior. A vulnerability exists in the password entry section of netCADOPS Web Application that may expose critical database information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-051-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-051-01"
},
{
"name": "103089",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103089"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-5477",
"datePublished": "2018-02-20T19:00:00",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-08-05T05:40:49.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5477 (GCVE-0-2018-5477)
Vulnerability from nvd – Published: 2018-02-20 19:00 – Updated: 2024-08-05 05:40
VLAI?
Summary
An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and prior, and netCADOPS Web Application Version 8.1 and prior. A vulnerability exists in the password entry section of netCADOPS Web Application that may expose critical database information.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ABB netCADOPS Web Application |
Affected:
ABB netCADOPS Web Application
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:49.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-051-01"
},
{
"name": "103089",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103089"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ABB netCADOPS Web Application",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ABB netCADOPS Web Application"
}
]
}
],
"datePublic": "2018-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and prior, and netCADOPS Web Application Version 8.1 and prior. A vulnerability exists in the password entry section of netCADOPS Web Application that may expose critical database information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-22T10:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-051-01"
},
{
"name": "103089",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103089"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-5477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ABB netCADOPS Web Application",
"version": {
"version_data": [
{
"version_value": "ABB netCADOPS Web Application"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Information Exposure issue was discovered in ABB netCADOPS Web Application Version 3.4 and prior, netCADOPS Web Application Version 7.1 and prior, netCADOPS Web Application Version 7.2x and prior, netCADOPS Web Application Version 8.0 and prior, and netCADOPS Web Application Version 8.1 and prior. A vulnerability exists in the password entry section of netCADOPS Web Application that may expose critical database information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-051-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-051-01"
},
{
"name": "103089",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103089"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-5477",
"datePublished": "2018-02-20T19:00:00",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-08-05T05:40:49.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}