Search criteria
25 vulnerabilities found for promotic by microsys
VAR-201204-0098
Vulnerability from variot - Updated: 2023-12-18 13:44Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file. PROMOTIC is a Windows-based SCADA software. PROMOTIC is prone to a remote code-execution vulnerability due to a use-after-free error. This may allow lead to corruption of valid data. Versions prior to PROMOTIC 8.1.7 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201204-0098",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.5"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.1"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.2"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.6"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.7"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.0"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.1.0"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.1.2"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.4"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.3"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.9"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.1.4"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.11"
},
{
"model": "promotic",
"scope": "lte",
"trust": 1.0,
"vendor": "microsys",
"version": "8.1.6"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.1.3"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.10"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.1.5"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.12"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.13"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.1.1"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.8"
},
{
"model": "promotic",
"scope": "lt",
"trust": 0.8,
"vendor": "microsys",
"version": "8.1.7"
},
{
"model": "spol. s r.o. microsys",
"scope": "eq",
"trust": 0.6,
"vendor": "microsys",
"version": "8.1.3"
},
{
"model": "spol. s r.o. microsys",
"scope": "eq",
"trust": 0.6,
"vendor": "microsys",
"version": "8.1.4"
},
{
"model": "spol. s r.o. microsys",
"scope": "eq",
"trust": 0.6,
"vendor": "microsys",
"version": "8.1.5"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.3,
"vendor": "promotic",
"version": "8.1.5"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.3,
"vendor": "promotic",
"version": "8.1.4"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.3,
"vendor": "promotic",
"version": "8.1.3"
},
{
"model": "promotic",
"scope": "ne",
"trust": 0.3,
"vendor": "promotic",
"version": "8.1.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.1.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.1.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.1.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.1.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "f287df9c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1895"
},
{
"db": "BID",
"id": "52988"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002065"
},
{
"db": "NVD",
"id": "CVE-2011-4874"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-288"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4874"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "52988"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4874",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.5,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-4874",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.5,
"id": "f287df9c-2353-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4874",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201204-288",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "f287df9c-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f287df9c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002065"
},
{
"db": "NVD",
"id": "CVE-2011-4874"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-288"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file. PROMOTIC is a Windows-based SCADA software. PROMOTIC is prone to a remote code-execution vulnerability due to a use-after-free error. This may allow lead to corruption of valid data. \nVersions prior to PROMOTIC 8.1.7 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4874"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002065"
},
{
"db": "CNVD",
"id": "CNVD-2012-1895"
},
{
"db": "BID",
"id": "52988"
},
{
"db": "IVD",
"id": "f287df9c-2353-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4874",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-102-03",
"trust": 3.3
},
{
"db": "BID",
"id": "52988",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2012-1895",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201204-288",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002065",
"trust": 0.8
},
{
"db": "IVD",
"id": "F287DF9C-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "f287df9c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1895"
},
{
"db": "BID",
"id": "52988"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002065"
},
{
"db": "NVD",
"id": "CVE-2011-4874"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-288"
}
]
},
"id": "VAR-201204-0098",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f287df9c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1895"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "f287df9c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1895"
}
]
},
"last_update_date": "2023-12-18T13:44:39.687000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Version 8.1.7 (from 2.2.2012) - stable version",
"trust": 0.8,
"url": "http://www.promotic.eu/en/pmdoc/news.htm#ver80107"
},
{
"title": "PROMOTIC",
"trust": 0.8,
"url": "http://www.promotic.eu/en/promotic/scada-pm.htm"
},
{
"title": "PROMOTIC memory error reference patch for remote code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/15799"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-1895"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002065"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002065"
},
{
"db": "NVD",
"id": "CVE-2011-4874"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-102-03.pdf"
},
{
"trust": 1.6,
"url": "http://www.promotic.eu/en/pmdoc/news.htm#ver80107"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/52988"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74846"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4874"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4874"
},
{
"trust": 0.3,
"url": "http://www.promotic.eu/en/promotic/scada-pm.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-1895"
},
{
"db": "BID",
"id": "52988"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002065"
},
{
"db": "NVD",
"id": "CVE-2011-4874"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-288"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f287df9c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1895"
},
{
"db": "BID",
"id": "52988"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002065"
},
{
"db": "NVD",
"id": "CVE-2011-4874"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-288"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-04-16T00:00:00",
"db": "IVD",
"id": "f287df9c-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-04-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-1895"
},
{
"date": "2012-04-11T00:00:00",
"db": "BID",
"id": "52988"
},
{
"date": "2012-04-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002065"
},
{
"date": "2012-04-13T10:41:49.697000",
"db": "NVD",
"id": "CVE-2011-4874"
},
{
"date": "2012-04-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-288"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-04-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-1895"
},
{
"date": "2012-04-11T00:00:00",
"db": "BID",
"id": "52988"
},
{
"date": "2012-04-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002065"
},
{
"date": "2017-08-29T01:30:37.053000",
"db": "NVD",
"id": "CVE-2011-4874"
},
{
"date": "2012-04-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-288"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201204-288"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MICROSYS PROMOTIC Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002065"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "f287df9c-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-288"
}
],
"trust": 0.8
}
}
VAR-202002-0773
Vulnerability from variot - Updated: 2023-12-18 13:43Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Overflow vulnerability which can lead to denial of service. Microsys PROMOTIC Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be put into a state. MICROSYS PROMOTIC is a SCADA software. The MICROSYS PROMOTIC PmTrends.dll ActiveX control start function fails to properly filter user input, allowing an attacker to exploit a vulnerability to build a malicious WEB page, enticing the user to resolve and crashing the application. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0773",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "promotic",
"version": "8.2.13"
},
{
"model": "spol. s r.o. microsys",
"scope": "eq",
"trust": 0.8,
"vendor": "microsys",
"version": "8.2.13"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.8,
"vendor": "microsys",
"version": "8.2.13"
}
],
"sources": [
{
"db": "IVD",
"id": "47c6315e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00933"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008918"
},
{
"db": "NVD",
"id": "CVE-2014-1617"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:promotic:promotic:8.2.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1617"
}
]
},
"cve": "CVE-2014-1617",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2014-008918",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2014-00933",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "47c6315e-2352-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2014-008918",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-1617",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2014-008918",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-00933",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-777",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "47c6315e-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "47c6315e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00933"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008918"
},
{
"db": "NVD",
"id": "CVE-2014-1617"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-777"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Overflow vulnerability which can lead to denial of service. Microsys PROMOTIC Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be put into a state. MICROSYS PROMOTIC is a SCADA software. The MICROSYS PROMOTIC PmTrends.dll ActiveX control start function fails to properly filter user input, allowing an attacker to exploit a vulnerability to build a malicious WEB page, enticing the user to resolve and crashing the application. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1617"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008918"
},
{
"db": "CNVD",
"id": "CNVD-2014-00933"
},
{
"db": "IVD",
"id": "47c6315e-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1617",
"trust": 3.2
},
{
"db": "CNVD",
"id": "CNVD-2014-00933",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202002-777",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008918",
"trust": 0.8
},
{
"db": "IVD",
"id": "47C6315E-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "47c6315e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00933"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008918"
},
{
"db": "NVD",
"id": "CVE-2014-1617"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-777"
}
]
},
"id": "VAR-202002-0773",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "47c6315e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00933"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "47c6315e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00933"
}
]
},
"last_update_date": "2023-12-18T13:43:03.116000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.promotic.eu/"
},
{
"title": "Microsys PROMOTIC ActiveX (PmTrends.dll) Start Function Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/43570"
},
{
"title": "Microsys PROMOTIC Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110215"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00933"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008918"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-777"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008918"
},
{
"db": "NVD",
"id": "CVE-2014-1617"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://fortiguardcenter.com/encyclopedia/ips/38068"
},
{
"trust": 1.6,
"url": "https://packetstormsecurity.com/files/cve/cve-2014-1617"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1617"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1617"
},
{
"trust": 0.6,
"url": "http://osvdb.org/ref/102/microsys_promotic_8.2.13_start_activex_control_dos.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00933"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008918"
},
{
"db": "NVD",
"id": "CVE-2014-1617"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-777"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "47c6315e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00933"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008918"
},
{
"db": "NVD",
"id": "CVE-2014-1617"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-777"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-13T00:00:00",
"db": "IVD",
"id": "47c6315e-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-02-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00933"
},
{
"date": "2020-03-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008918"
},
{
"date": "2020-02-13T22:15:11.127000",
"db": "NVD",
"id": "CVE-2014-1617"
},
{
"date": "2020-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-777"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00933"
},
{
"date": "2020-03-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008918"
},
{
"date": "2020-02-20T19:30:14.327000",
"db": "NVD",
"id": "CVE-2014-1617"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-777"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-777"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsys PROMOTIC ActiveX (PmTrends.dll) Start Function Denial of Service Vulnerability",
"sources": [
{
"db": "IVD",
"id": "47c6315e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00933"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "47c6315e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-777"
}
],
"trust": 0.8
}
}
VAR-201601-0028
Vulnerability from variot - Updated: 2023-12-18 12:45Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document. MICROSYS PROMOTIC is a Windows-based monitoring and data acquisition human-machine interface software programming suite for industrial applications. MICROSYS PROMOTIC is prone to a local heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to cause denial-of-service condition. Due to the nature of this issue, code-execution may be possible; however this has not been confirmed
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201601-0028",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "promotic",
"scope": "lt",
"trust": 1.4,
"vendor": "microsys",
"version": "8.3.11"
},
{
"model": "promotic",
"scope": "lte",
"trust": 1.0,
"vendor": "microsys",
"version": "8.3.10"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.6,
"vendor": "microsys",
"version": "8.3.10"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.3,
"vendor": "microsys",
"version": "8.3.2"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.3,
"vendor": "microsys",
"version": "8.2.19"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.3,
"vendor": "microsys",
"version": "8.3"
},
{
"model": "promotic",
"scope": "ne",
"trust": 0.3,
"vendor": "microsys",
"version": "8.3.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "632dcf5c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-00720"
},
{
"db": "BID",
"id": "81989"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001332"
},
{
"db": "NVD",
"id": "CVE-2016-0869"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-634"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.3.10",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0869"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Praveen Darshanam of Versa Networks",
"sources": [
{
"db": "BID",
"id": "81989"
}
],
"trust": 0.3
},
"cve": "CVE-2016-0869",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-0869",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-00720",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "632dcf5c-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.3,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-0869",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-0869",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-00720",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201601-634",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "632dcf5c-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "632dcf5c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-00720"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001332"
},
{
"db": "NVD",
"id": "CVE-2016-0869"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-634"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document. MICROSYS PROMOTIC is a Windows-based monitoring and data acquisition human-machine interface software programming suite for industrial applications. MICROSYS PROMOTIC is prone to a local heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nAn attacker can exploit this issue to cause denial-of-service condition. Due to the nature of this issue, code-execution may be possible; however this has not been confirmed",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0869"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001332"
},
{
"db": "CNVD",
"id": "CNVD-2016-00720"
},
{
"db": "BID",
"id": "81989"
},
{
"db": "IVD",
"id": "632dcf5c-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0869",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-026-01",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2016-00720",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201601-634",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001332",
"trust": 0.8
},
{
"db": "ZDI",
"id": "ZDI-15-091",
"trust": 0.3
},
{
"db": "ICS CERT",
"id": "ICSA-15-062-01",
"trust": 0.3
},
{
"db": "BID",
"id": "81989",
"trust": 0.3
},
{
"db": "IVD",
"id": "632DCF5C-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "632dcf5c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-00720"
},
{
"db": "BID",
"id": "81989"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001332"
},
{
"db": "NVD",
"id": "CVE-2016-0869"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-634"
}
]
},
"id": "VAR-201601-0028",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "632dcf5c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-00720"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "632dcf5c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-00720"
}
]
},
"last_update_date": "2023-12-18T12:45:06.041000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Version 8.3.11 (from 19.1.2016) - stable version",
"trust": 0.8,
"url": "http://www.promotic.eu/en/pmdoc/newspm803.htm#ver80311"
},
{
"title": "Patch for MICROSYS PROMOTIC heap buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/70952"
},
{
"title": "MICROSYS PROMOTIC Fixes for heap-based buffer overflow vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=59949"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00720"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001332"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-634"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001332"
},
{
"db": "NVD",
"id": "CVE-2016-0869"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-026-01"
},
{
"trust": 1.6,
"url": "http://www.promotic.eu/en/pmdoc/newspm803.htm#ver80311"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0869"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0869"
},
{
"trust": 0.3,
"url": "http://www.promotic.eu/en/index.htm"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-062-01"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-091/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00720"
},
{
"db": "BID",
"id": "81989"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001332"
},
{
"db": "NVD",
"id": "CVE-2016-0869"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-634"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "632dcf5c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-00720"
},
{
"db": "BID",
"id": "81989"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001332"
},
{
"db": "NVD",
"id": "CVE-2016-0869"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-634"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-01T00:00:00",
"db": "IVD",
"id": "632dcf5c-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-02-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00720"
},
{
"date": "2016-01-26T00:00:00",
"db": "BID",
"id": "81989"
},
{
"date": "2016-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001332"
},
{
"date": "2016-01-26T19:59:02.373000",
"db": "NVD",
"id": "CVE-2016-0869"
},
{
"date": "2016-01-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-634"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00720"
},
{
"date": "2016-01-26T00:00:00",
"db": "BID",
"id": "81989"
},
{
"date": "2016-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001332"
},
{
"date": "2016-02-23T16:26:09.593000",
"db": "NVD",
"id": "CVE-2016-0869"
},
{
"date": "2016-01-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-634"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-634"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MICROSYS PROMOTIC Heap-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001332"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-634"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "632dcf5c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-634"
}
],
"trust": 0.8
}
}
VAR-201503-0332
Vulnerability from variot - Updated: 2023-12-18 12:45Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data. Authentication is not required to exploit this vulnerability.The program blindly copies attacker-supplied data into a fixed-sized buffer without validating the length of this data resulting in a stack buffer overflow. The specific flaw exists within the PmBase64Decode function which ignores the passed-in length of the destination buffer. An attacker can exploit this condition to achieve code execution under the context of the process. MICROSYS PROMOTIC is a SCADA software. Failed exploit attempts will result in a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201503-0332",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "promotic",
"scope": "lte",
"trust": 1.0,
"vendor": "microsys",
"version": "8.2.18"
},
{
"model": "promotic",
"scope": "lte",
"trust": 1.0,
"vendor": "microsys",
"version": "8.3.1"
},
{
"model": "promotic",
"scope": "lt",
"trust": 0.8,
"vendor": "microsys",
"version": "8.2.19 (stable)"
},
{
"model": "promotic",
"scope": "lt",
"trust": 0.8,
"vendor": "microsys",
"version": "8.3.2 (development)"
},
{
"model": "promotic",
"scope": null,
"trust": 0.7,
"vendor": "microsys",
"version": null
},
{
"model": "spol. s r.o. promotic",
"scope": null,
"trust": 0.6,
"vendor": "microsys",
"version": null
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.6,
"vendor": "microsys",
"version": "8.2.18"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.6,
"vendor": "microsys",
"version": "8.3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "*"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.3,
"vendor": "microsys",
"version": "0"
},
{
"model": "promotic",
"scope": "ne",
"trust": 0.3,
"vendor": "microsys",
"version": "8.3.2"
},
{
"model": "promotic",
"scope": "ne",
"trust": 0.3,
"vendor": "microsys",
"version": "8.2.19"
}
],
"sources": [
{
"db": "IVD",
"id": "9a45265c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-091"
},
{
"db": "CNVD",
"id": "CNVD-2015-01544"
},
{
"db": "BID",
"id": "72874"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007997"
},
{
"db": "NVD",
"id": "CVE-2014-9205"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-211"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:*:*:*:*:development:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.3.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:*:*:*:*:stable:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.18",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9205"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-091"
}
],
"trust": 0.7
},
"cve": "CVE-2014-9205",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-9205",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-01544",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "9a45265c-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-9205",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2014-9205",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-01544",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201503-211",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "9a45265c-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9a45265c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-091"
},
{
"db": "CNVD",
"id": "CNVD-2015-01544"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007997"
},
{
"db": "NVD",
"id": "CVE-2014-9205"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-211"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data. Authentication is not required to exploit this vulnerability.The program blindly copies attacker-supplied data into a fixed-sized buffer without validating the length of this data resulting in a stack buffer overflow. The specific flaw exists within the PmBase64Decode function which ignores the passed-in length of the destination buffer. An attacker can exploit this condition to achieve code execution under the context of the process. MICROSYS PROMOTIC is a SCADA software. Failed exploit attempts will result in a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9205"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007997"
},
{
"db": "ZDI",
"id": "ZDI-15-091"
},
{
"db": "CNVD",
"id": "CNVD-2015-01544"
},
{
"db": "BID",
"id": "72874"
},
{
"db": "IVD",
"id": "9a45265c-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9205",
"trust": 4.2
},
{
"db": "ZDI",
"id": "ZDI-15-091",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-15-062-01",
"trust": 2.7
},
{
"db": "BID",
"id": "72874",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2015-01544",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201503-211",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007997",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2543",
"trust": 0.7
},
{
"db": "IVD",
"id": "9A45265C-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9a45265c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-091"
},
{
"db": "CNVD",
"id": "CNVD-2015-01544"
},
{
"db": "BID",
"id": "72874"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007997"
},
{
"db": "NVD",
"id": "CVE-2014-9205"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-211"
}
]
},
"id": "VAR-201503-0332",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9a45265c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01544"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "9a45265c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01544"
}
]
},
"last_update_date": "2023-12-18T12:45:06.004000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "PROMOTIC 8 system news",
"trust": 0.8,
"url": "http://www.promotic.eu/en/pmdoc/news.htm"
},
{
"title": "MICROSYS has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-062-01"
},
{
"title": "Patch for MICROSYS PROMOTIC Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/56082"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-091"
},
{
"db": "CNVD",
"id": "CNVD-2015-01544"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007997"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007997"
},
{
"db": "NVD",
"id": "CVE-2014-9205"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-062-01"
},
{
"trust": 2.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-091/"
},
{
"trust": 1.6,
"url": "http://www.promotic.eu/en/pmdoc/news.htm"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/72874"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9205"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9205"
},
{
"trust": 0.3,
"url": "http://www.promotic.eu/en/index.htm"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-091"
},
{
"db": "CNVD",
"id": "CNVD-2015-01544"
},
{
"db": "BID",
"id": "72874"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007997"
},
{
"db": "NVD",
"id": "CVE-2014-9205"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-211"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9a45265c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-15-091"
},
{
"db": "CNVD",
"id": "CNVD-2015-01544"
},
{
"db": "BID",
"id": "72874"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007997"
},
{
"db": "NVD",
"id": "CVE-2014-9205"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-211"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-11T00:00:00",
"db": "IVD",
"id": "9a45265c-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-03-12T00:00:00",
"db": "ZDI",
"id": "ZDI-15-091"
},
{
"date": "2015-03-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01544"
},
{
"date": "2015-03-03T00:00:00",
"db": "BID",
"id": "72874"
},
{
"date": "2015-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007997"
},
{
"date": "2015-03-29T10:59:02.727000",
"db": "NVD",
"id": "CVE-2014-9205"
},
{
"date": "2015-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-211"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-12T00:00:00",
"db": "ZDI",
"id": "ZDI-15-091"
},
{
"date": "2015-03-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01544"
},
{
"date": "2015-03-03T00:00:00",
"db": "BID",
"id": "72874"
},
{
"date": "2015-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007997"
},
{
"date": "2015-03-30T18:46:19.227000",
"db": "NVD",
"id": "CVE-2014-9205"
},
{
"date": "2015-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-211"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-211"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MICROSYS PROMOTIC Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "9a45265c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01544"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "9a45265c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-211"
}
],
"trust": 0.8
}
}
VAR-201305-0007
Vulnerability from variot - Updated: 2023-12-18 12:09Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page. MICROSYS PROMOTIC is a SCADA software. PROMOTIC is prone to multiple security vulnerabilities. Exploiting these issues may allow remote attackers to execute arbitrary code within the context of the affected application or disclose sensitive information. PROMOTIC 8.1.3 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201305-0007",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.1"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.11"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.0"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.1.0"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.1.3"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.1.2"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.10"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.12"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.1.1"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.5"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.9"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.2"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.6"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.7"
},
{
"model": "promotic",
"scope": "lte",
"trust": 1.0,
"vendor": "microsys",
"version": "8.1.4"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.4"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.13"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.3"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.8"
},
{
"model": "promotic",
"scope": "lt",
"trust": 0.8,
"vendor": "microsys",
"version": "8.1.5"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.6,
"vendor": "promotic",
"version": "8.x"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.6,
"vendor": "microsys",
"version": "8.1.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.1.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.1.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "*"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.3,
"vendor": "promotic",
"version": "8.1.3"
}
],
"sources": [
{
"db": "IVD",
"id": "7d790d41-463f-11e9-9cea-000c29342cb1"
},
{
"db": "IVD",
"id": "ef3378f2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8766"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005231"
},
{
"db": "NVD",
"id": "CVE-2011-4519"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-483"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4519"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "50133"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-483"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4519",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-4519",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2012-8766",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "7d790d41-463f-11e9-9cea-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "ef3378f2-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4519",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2012-8766",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201205-483",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d790d41-463f-11e9-9cea-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "ef3378f2-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d790d41-463f-11e9-9cea-000c29342cb1"
},
{
"db": "IVD",
"id": "ef3378f2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8766"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005231"
},
{
"db": "NVD",
"id": "CVE-2011-4519"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-483"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page. MICROSYS PROMOTIC is a SCADA software. PROMOTIC is prone to multiple security vulnerabilities. \nExploiting these issues may allow remote attackers to execute arbitrary code within the context of the affected application or disclose sensitive information. \nPROMOTIC 8.1.3 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4519"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005231"
},
{
"db": "CNVD",
"id": "CNVD-2012-8766"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "IVD",
"id": "7d790d41-463f-11e9-9cea-000c29342cb1"
},
{
"db": "IVD",
"id": "ef3378f2-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4519",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-12-024-02",
"trust": 3.3
},
{
"db": "BID",
"id": "50133",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2012-8766",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201205-483",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005231",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D790D41-463F-11E9-9CEA-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "EF3378F2-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d790d41-463f-11e9-9cea-000c29342cb1"
},
{
"db": "IVD",
"id": "ef3378f2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8766"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005231"
},
{
"db": "NVD",
"id": "CVE-2011-4519"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-483"
}
]
},
"id": "VAR-201305-0007",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d790d41-463f-11e9-9cea-000c29342cb1"
},
{
"db": "IVD",
"id": "ef3378f2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8766"
}
],
"trust": 0.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d790d41-463f-11e9-9cea-000c29342cb1"
},
{
"db": "IVD",
"id": "ef3378f2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8766"
}
]
},
"last_update_date": "2023-12-18T12:09:22.249000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Version 8.1.5 (from 28.11.2011) - stable version",
"trust": 0.8,
"url": "http://www.promotic.eu/en/pmdoc/news.htm#ver80105"
},
{
"title": "MICROSYS PROMOTIC ActiveX Component Stack Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/34303"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-8766"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005231"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-005231"
},
{
"db": "NVD",
"id": "CVE-2011-4519"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-12-024-02"
},
{
"trust": 1.9,
"url": "http://www.promotic.eu/en/pmdoc/news.htm#ver80105"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4519"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4519"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/50133"
},
{
"trust": 0.3,
"url": "http://www.promotic.eu/en/promotic/scada-pm.htm"
},
{
"trust": 0.3,
"url": "http://aluigi.altervista.org/adv/promotic_1-adv.txt"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-024-02.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-8766"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005231"
},
{
"db": "NVD",
"id": "CVE-2011-4519"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-483"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d790d41-463f-11e9-9cea-000c29342cb1"
},
{
"db": "IVD",
"id": "ef3378f2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8766"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005231"
},
{
"db": "NVD",
"id": "CVE-2011-4519"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-483"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-28T00:00:00",
"db": "IVD",
"id": "7d790d41-463f-11e9-9cea-000c29342cb1"
},
{
"date": "2012-05-28T00:00:00",
"db": "IVD",
"id": "ef3378f2-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2012-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8766"
},
{
"date": "2011-10-14T00:00:00",
"db": "BID",
"id": "50133"
},
{
"date": "2013-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-005231"
},
{
"date": "2013-05-23T17:55:02.830000",
"db": "NVD",
"id": "CVE-2011-4519"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-483"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8766"
},
{
"date": "2011-10-14T00:00:00",
"db": "BID",
"id": "50133"
},
{
"date": "2013-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-005231"
},
{
"date": "2013-05-24T04:00:00",
"db": "NVD",
"id": "CVE-2011-4519"
},
{
"date": "2013-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-483"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201205-483"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MICROSYS PROMOTIC ActiveX Component Stack Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d790d41-463f-11e9-9cea-000c29342cb1"
},
{
"db": "IVD",
"id": "ef3378f2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8766"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "7d790d41-463f-11e9-9cea-000c29342cb1"
},
{
"db": "IVD",
"id": "ef3378f2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-483"
}
],
"trust": 1.0
}
}
VAR-201305-0005
Vulnerability from variot - Updated: 2023-12-18 12:09Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page. MICROSYS PROMOTIC is a SCADA software. PROMOTIC is prone to multiple security vulnerabilities. Exploiting these issues may allow remote attackers to execute arbitrary code within the context of the affected application or disclose sensitive information. PROMOTIC 8.1.3 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201305-0005",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.5"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.1"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.2"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.11"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.0"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.10"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.4"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.12"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.13"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.3"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.9"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.6"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.7"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.1.0"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.1.3"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.1.2"
},
{
"model": "promotic",
"scope": "lte",
"trust": 1.0,
"vendor": "microsys",
"version": "8.1.4"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.1.1"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.8"
},
{
"model": "promotic",
"scope": "lt",
"trust": 0.8,
"vendor": "microsys",
"version": "8.1.5"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.6,
"vendor": "promotic",
"version": "8.x"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.0.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.1.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "8.1.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "promotic",
"version": "*"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.3,
"vendor": "promotic",
"version": "8.1.3"
}
],
"sources": [
{
"db": "IVD",
"id": "7d78e62e-463f-11e9-baca-000c29342cb1"
},
{
"db": "IVD",
"id": "ef2d245c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8765"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005232"
},
{
"db": "NVD",
"id": "CVE-2011-4520"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-484"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4520"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "50133"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-484"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4520",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-4520",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2012-8765",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d78e62e-463f-11e9-baca-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ef2d245c-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4520",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2012-8765",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201205-484",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d78e62e-463f-11e9-baca-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "ef2d245c-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2011-4520",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d78e62e-463f-11e9-baca-000c29342cb1"
},
{
"db": "IVD",
"id": "ef2d245c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8765"
},
{
"db": "VULMON",
"id": "CVE-2011-4520"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005232"
},
{
"db": "NVD",
"id": "CVE-2011-4520"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-484"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page. MICROSYS PROMOTIC is a SCADA software. PROMOTIC is prone to multiple security vulnerabilities. \nExploiting these issues may allow remote attackers to execute arbitrary code within the context of the affected application or disclose sensitive information. \nPROMOTIC 8.1.3 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4520"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005232"
},
{
"db": "CNVD",
"id": "CNVD-2012-8765"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "IVD",
"id": "7d78e62e-463f-11e9-baca-000c29342cb1"
},
{
"db": "IVD",
"id": "ef2d245c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2011-4520"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=18049",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-4520"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4520",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-024-02",
"trust": 3.4
},
{
"db": "BID",
"id": "50133",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2012-8765",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201205-484",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005232",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D78E62E-463F-11E9-BACA-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "EF2D245C-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "18049",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2011-4520",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d78e62e-463f-11e9-baca-000c29342cb1"
},
{
"db": "IVD",
"id": "ef2d245c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8765"
},
{
"db": "VULMON",
"id": "CVE-2011-4520"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005232"
},
{
"db": "NVD",
"id": "CVE-2011-4520"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-484"
}
]
},
"id": "VAR-201305-0005",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d78e62e-463f-11e9-baca-000c29342cb1"
},
{
"db": "IVD",
"id": "ef2d245c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8765"
}
],
"trust": 0.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d78e62e-463f-11e9-baca-000c29342cb1"
},
{
"db": "IVD",
"id": "ef2d245c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8765"
}
]
},
"last_update_date": "2023-12-18T12:09:22.208000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Version 8.1.5 (from 28.11.2011) - stable version",
"trust": 0.8,
"url": "http://www.promotic.eu/en/pmdoc/news.htm#ver80105"
},
{
"title": "MICROSYS PROMOTIC ActiveX Component Heap Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/34304"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-8765"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005232"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-005232"
},
{
"db": "NVD",
"id": "CVE-2011-4520"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-12-024-02"
},
{
"trust": 2.0,
"url": "http://www.promotic.eu/en/pmdoc/news.htm#ver80105"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4520"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4520"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/50133"
},
{
"trust": 0.3,
"url": "http://www.promotic.eu/en/promotic/scada-pm.htm"
},
{
"trust": 0.3,
"url": "http://aluigi.altervista.org/adv/promotic_1-adv.txt"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-024-02.pdf"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/18049/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-8765"
},
{
"db": "VULMON",
"id": "CVE-2011-4520"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005232"
},
{
"db": "NVD",
"id": "CVE-2011-4520"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-484"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d78e62e-463f-11e9-baca-000c29342cb1"
},
{
"db": "IVD",
"id": "ef2d245c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8765"
},
{
"db": "VULMON",
"id": "CVE-2011-4520"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005232"
},
{
"db": "NVD",
"id": "CVE-2011-4520"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-484"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-28T00:00:00",
"db": "IVD",
"id": "7d78e62e-463f-11e9-baca-000c29342cb1"
},
{
"date": "2012-05-28T00:00:00",
"db": "IVD",
"id": "ef2d245c-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2012-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8765"
},
{
"date": "2013-05-23T00:00:00",
"db": "VULMON",
"id": "CVE-2011-4520"
},
{
"date": "2011-10-14T00:00:00",
"db": "BID",
"id": "50133"
},
{
"date": "2013-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-005232"
},
{
"date": "2013-05-23T17:55:02.850000",
"db": "NVD",
"id": "CVE-2011-4520"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-484"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8765"
},
{
"date": "2013-05-24T00:00:00",
"db": "VULMON",
"id": "CVE-2011-4520"
},
{
"date": "2011-10-14T00:00:00",
"db": "BID",
"id": "50133"
},
{
"date": "2013-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-005232"
},
{
"date": "2013-05-24T04:00:00",
"db": "NVD",
"id": "CVE-2011-4520"
},
{
"date": "2013-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-484"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201205-484"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MICROSYS PROMOTIC ActiveX Component Heap Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d78e62e-463f-11e9-baca-000c29342cb1"
},
{
"db": "IVD",
"id": "ef2d245c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8765"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "7d78e62e-463f-11e9-baca-000c29342cb1"
},
{
"db": "IVD",
"id": "ef2d245c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-484"
}
],
"trust": 1.0
}
}
VAR-201305-0006
Vulnerability from variot - Updated: 2023-12-18 12:09Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors. PROMOTIC is a SCADA software. A directory traversal vulnerability exists in MICROSYS PROMOTIC. PROMOTIC is prone to multiple security vulnerabilities. Exploiting these issues may allow remote attackers to execute arbitrary code within the context of the affected application or disclose sensitive information. PROMOTIC 8.1.3 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201305-0006",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.5"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.9"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.6"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.7"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.1.0"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.1.3"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.1.2"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.1.1"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.6,
"vendor": "microsys",
"version": "8.0.8"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.1"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.2"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.11"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.0"
},
{
"model": "promotic",
"scope": "lte",
"trust": 1.0,
"vendor": "microsys",
"version": "8.1.4"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.10"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.4"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.12"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.13"
},
{
"model": "promotic",
"scope": "eq",
"trust": 1.0,
"vendor": "microsys",
"version": "8.0.3"
},
{
"model": "promotic",
"scope": "lt",
"trust": 0.8,
"vendor": "microsys",
"version": "8.1.5"
},
{
"model": "spol. s r.o. promotic",
"scope": "eq",
"trust": 0.6,
"vendor": "microsys",
"version": "8.1.4"
},
{
"model": "spol. s r.o. promotic",
"scope": "eq",
"trust": 0.6,
"vendor": "microsys",
"version": "8.1.3"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.6,
"vendor": "microsys",
"version": "8.1.4"
},
{
"model": "promotic",
"scope": "eq",
"trust": 0.3,
"vendor": "promotic",
"version": "8.1.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.0.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.1.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.1.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "8.1.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "promotic",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "ef3a1f72-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06169"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005230"
},
{
"db": "NVD",
"id": "CVE-2011-4518"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-482"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsys:promotic:8.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4518"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "50133"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-482"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4518",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-4518",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-06169",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ef3a1f72-2352-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4518",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-06169",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201205-482",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "ef3a1f72-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ef3a1f72-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06169"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005230"
},
{
"db": "NVD",
"id": "CVE-2011-4518"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-482"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors. PROMOTIC is a SCADA software. A directory traversal vulnerability exists in MICROSYS PROMOTIC. PROMOTIC is prone to multiple security vulnerabilities. \nExploiting these issues may allow remote attackers to execute arbitrary code within the context of the affected application or disclose sensitive information. \nPROMOTIC 8.1.3 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4518"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005230"
},
{
"db": "CNVD",
"id": "CNVD-2013-06169"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "IVD",
"id": "ef3a1f72-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4518",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-12-024-02",
"trust": 2.7
},
{
"db": "BID",
"id": "50133",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2013-06169",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201205-482",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005230",
"trust": 0.8
},
{
"db": "IVD",
"id": "EF3A1F72-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "ef3a1f72-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06169"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005230"
},
{
"db": "NVD",
"id": "CVE-2011-4518"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-482"
}
]
},
"id": "VAR-201305-0006",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ef3a1f72-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06169"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ef3a1f72-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06169"
}
]
},
"last_update_date": "2023-12-18T12:09:22.288000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Version 8.1.5 (from 28.11.2011) - stable version",
"trust": 0.8,
"url": "http://www.promotic.eu/en/pmdoc/news.htm#ver80105"
},
{
"title": "MICROSYS PROMOTIC directory traversal vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/34283"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-06169"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005230"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-005230"
},
{
"db": "NVD",
"id": "CVE-2011-4518"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.promotic.eu/en/pmdoc/news.htm#ver80105"
},
{
"trust": 2.4,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-12-024-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4518"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4518"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/50133"
},
{
"trust": 0.3,
"url": "http://www.promotic.eu/en/promotic/scada-pm.htm"
},
{
"trust": 0.3,
"url": "http://aluigi.altervista.org/adv/promotic_1-adv.txt"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-024-02.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-06169"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005230"
},
{
"db": "NVD",
"id": "CVE-2011-4518"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-482"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ef3a1f72-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06169"
},
{
"db": "BID",
"id": "50133"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005230"
},
{
"db": "NVD",
"id": "CVE-2011-4518"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-482"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-28T00:00:00",
"db": "IVD",
"id": "ef3a1f72-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-06169"
},
{
"date": "2011-10-14T00:00:00",
"db": "BID",
"id": "50133"
},
{
"date": "2013-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-005230"
},
{
"date": "2013-05-23T17:55:02.807000",
"db": "NVD",
"id": "CVE-2011-4518"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-482"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-06169"
},
{
"date": "2011-10-14T00:00:00",
"db": "BID",
"id": "50133"
},
{
"date": "2013-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-005230"
},
{
"date": "2013-06-03T04:00:00",
"db": "NVD",
"id": "CVE-2011-4518"
},
{
"date": "2013-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201205-482"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201205-482"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MICROSYS PROMOTIC Directory Traversal Vulnerability",
"sources": [
{
"db": "IVD",
"id": "ef3a1f72-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06169"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "ef3a1f72-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201205-482"
}
],
"trust": 0.8
}
}
FKIE_CVE-2016-0869
Vulnerability from fkie_nvd - Published: 2016-01-26 19:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.promotic.eu/en/pmdoc/NewsPm803.htm#ver80311 | Patch, Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-16-026-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.promotic.eu/en/pmdoc/NewsPm803.htm#ver80311 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-16-026-01 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsys:promotic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BB9D3DA-88D7-4D1C-8C9D-3151A55D9293",
"versionEndIncluding": "8.3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en memoria din\u00e1mica en MICROSYS PROMOTIC en versiones anteriores a 8.3.11 permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio a trav\u00e9s de un documento HTML mal formado."
}
],
"id": "CVE-2016-0869",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-26T19:59:02.373",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.promotic.eu/en/pmdoc/NewsPm803.htm#ver80311"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-026-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.promotic.eu/en/pmdoc/NewsPm803.htm#ver80311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-026-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-9205
Vulnerability from fkie_nvd - Published: 2015-03-29 10:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.promotic.eu/en/pmdoc/News.htm | Vendor Advisory | |
| ics-cert@hq.dhs.gov | http://www.zerodayinitiative.com/advisories/ZDI-15-091/ | ||
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.promotic.eu/en/pmdoc/News.htm | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.zerodayinitiative.com/advisories/ZDI-15-091/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsys:promotic:*:*:*:*:stable:*:*:*",
"matchCriteriaId": "DFBDE7CA-2C10-41F0-B3CE-E91BF17E1675",
"versionEndIncluding": "8.2.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:*:*:*:*:development:*:*:*",
"matchCriteriaId": "E116CC94-63C1-4DD7-A8CA-282CA2A2EF29",
"versionEndIncluding": "8.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en pila en la funci\u00f3n PmBase64Decode en una aplicaci\u00f3n de demostraci\u00f3n no especificada en MICROSYS PROMOTIC stable anterior a 8.2.19 y PROMOTIC development anterior a 8.3.2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante la provisi\u00f3n de una cantidad grande dedatos."
}
],
"id": "CVE-2014-9205",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-03-29T10:59:02.727",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-091/"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-091/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-4519
Vulnerability from fkie_nvd - Published: 2013-05-23 17:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsys | promotic | * | |
| microsys | promotic | 8.0.0 | |
| microsys | promotic | 8.0.1 | |
| microsys | promotic | 8.0.2 | |
| microsys | promotic | 8.0.3 | |
| microsys | promotic | 8.0.4 | |
| microsys | promotic | 8.0.5 | |
| microsys | promotic | 8.0.6 | |
| microsys | promotic | 8.0.7 | |
| microsys | promotic | 8.0.8 | |
| microsys | promotic | 8.0.9 | |
| microsys | promotic | 8.0.10 | |
| microsys | promotic | 8.0.11 | |
| microsys | promotic | 8.0.12 | |
| microsys | promotic | 8.0.13 | |
| microsys | promotic | 8.1.0 | |
| microsys | promotic | 8.1.1 | |
| microsys | promotic | 8.1.2 | |
| microsys | promotic | 8.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsys:promotic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28A6D558-5C0D-45D9-86F9-51415FDAEBE0",
"versionEndIncluding": "8.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "02178943-2743-47D5-B9C4-AB949988DC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7357AA05-5785-4457-8419-07D50963B72E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C61222-F8FD-40DA-8BEB-214D84C9776A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D10CCACE-AFB3-48DC-8B4D-C7A612083C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "656C8269-02BC-446D-9DE8-9C05BCD73642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9BB1C0-980B-476E-9C4C-6CA5C0C935CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D0E060-A295-4FA8-8E83-3555376B1DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9A893332-E407-475C-A0A3-3D553BEAF7A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6C1E4F8D-61B9-463D-9642-800A0CF425EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "70455EAC-1F80-4B06-9524-2014A9245296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6C171B19-3889-4B4E-B7FE-0B7CEA3AED43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FEC60655-5D1C-40A6-877B-990618764E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "98EF64C6-DD93-40AE-A354-324657BD69C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9EAEA85A-34B2-4EE4-B431-124DFE690AF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B5CB21B-4E56-4145-9E42-EAA464A3E00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDDFCCF-7E92-47B3-BF14-C1A3AE7253F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86EFD69D-C3C6-497F-B651-FEE7C4992DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B33DB525-2F9D-477D-908E-C30B6F4F57B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en un componente ActiveX en MICROSYS Promotic antes de v8.1.5 permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de una p\u00e1gina web manipulada."
}
],
"id": "CVE-2011-4519",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-05-23T17:55:02.830",
"references": [
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
},
{
"source": "cret@cert.org",
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-4518
Vulnerability from fkie_nvd - Published: 2013-05-23 17:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsys | promotic | * | |
| microsys | promotic | 8.0.0 | |
| microsys | promotic | 8.0.1 | |
| microsys | promotic | 8.0.2 | |
| microsys | promotic | 8.0.3 | |
| microsys | promotic | 8.0.4 | |
| microsys | promotic | 8.0.5 | |
| microsys | promotic | 8.0.6 | |
| microsys | promotic | 8.0.7 | |
| microsys | promotic | 8.0.8 | |
| microsys | promotic | 8.0.9 | |
| microsys | promotic | 8.0.10 | |
| microsys | promotic | 8.0.11 | |
| microsys | promotic | 8.0.12 | |
| microsys | promotic | 8.0.13 | |
| microsys | promotic | 8.1.0 | |
| microsys | promotic | 8.1.1 | |
| microsys | promotic | 8.1.2 | |
| microsys | promotic | 8.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsys:promotic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28A6D558-5C0D-45D9-86F9-51415FDAEBE0",
"versionEndIncluding": "8.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "02178943-2743-47D5-B9C4-AB949988DC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7357AA05-5785-4457-8419-07D50963B72E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C61222-F8FD-40DA-8BEB-214D84C9776A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D10CCACE-AFB3-48DC-8B4D-C7A612083C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "656C8269-02BC-446D-9DE8-9C05BCD73642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9BB1C0-980B-476E-9C4C-6CA5C0C935CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D0E060-A295-4FA8-8E83-3555376B1DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9A893332-E407-475C-A0A3-3D553BEAF7A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6C1E4F8D-61B9-463D-9642-800A0CF425EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "70455EAC-1F80-4B06-9524-2014A9245296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6C171B19-3889-4B4E-B7FE-0B7CEA3AED43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FEC60655-5D1C-40A6-877B-990618764E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "98EF64C6-DD93-40AE-A354-324657BD69C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9EAEA85A-34B2-4EE4-B431-124DFE690AF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B5CB21B-4E56-4145-9E42-EAA464A3E00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDDFCCF-7E92-47B3-BF14-C1A3AE7253F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86EFD69D-C3C6-497F-B651-FEE7C4992DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B33DB525-2F9D-477D-908E-C30B6F4F57B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el objeto PmWebDir en el servidor web en MICROSYS Promotic antes de v8.1.5 permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-4518",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-05-23T17:55:02.807",
"references": [
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
},
{
"source": "cret@cert.org",
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-4520
Vulnerability from fkie_nvd - Published: 2013-05-23 17:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsys | promotic | * | |
| microsys | promotic | 8.0.0 | |
| microsys | promotic | 8.0.1 | |
| microsys | promotic | 8.0.2 | |
| microsys | promotic | 8.0.3 | |
| microsys | promotic | 8.0.4 | |
| microsys | promotic | 8.0.5 | |
| microsys | promotic | 8.0.6 | |
| microsys | promotic | 8.0.7 | |
| microsys | promotic | 8.0.8 | |
| microsys | promotic | 8.0.9 | |
| microsys | promotic | 8.0.10 | |
| microsys | promotic | 8.0.11 | |
| microsys | promotic | 8.0.12 | |
| microsys | promotic | 8.0.13 | |
| microsys | promotic | 8.1.0 | |
| microsys | promotic | 8.1.1 | |
| microsys | promotic | 8.1.2 | |
| microsys | promotic | 8.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsys:promotic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28A6D558-5C0D-45D9-86F9-51415FDAEBE0",
"versionEndIncluding": "8.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "02178943-2743-47D5-B9C4-AB949988DC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7357AA05-5785-4457-8419-07D50963B72E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C61222-F8FD-40DA-8BEB-214D84C9776A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D10CCACE-AFB3-48DC-8B4D-C7A612083C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "656C8269-02BC-446D-9DE8-9C05BCD73642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9BB1C0-980B-476E-9C4C-6CA5C0C935CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D0E060-A295-4FA8-8E83-3555376B1DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9A893332-E407-475C-A0A3-3D553BEAF7A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6C1E4F8D-61B9-463D-9642-800A0CF425EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "70455EAC-1F80-4B06-9524-2014A9245296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6C171B19-3889-4B4E-B7FE-0B7CEA3AED43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FEC60655-5D1C-40A6-877B-990618764E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "98EF64C6-DD93-40AE-A354-324657BD69C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9EAEA85A-34B2-4EE4-B431-124DFE690AF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B5CB21B-4E56-4145-9E42-EAA464A3E00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDDFCCF-7E92-47B3-BF14-C1A3AE7253F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86EFD69D-C3C6-497F-B651-FEE7C4992DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B33DB525-2F9D-477D-908E-C30B6F4F57B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en un componente ActiveX en MICROSYS Promotic antes de v8.1.5 permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de una p\u00e1gina web dise\u00f1ada."
}
],
"id": "CVE-2011-4520",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-05-23T17:55:02.850",
"references": [
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
},
{
"source": "cret@cert.org",
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-4874
Vulnerability from fkie_nvd - Published: 2012-04-13 10:41 - Updated: 2025-04-11 00:51
Severity ?
Summary
Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsys | promotic | * | |
| microsys | promotic | 8.0.0 | |
| microsys | promotic | 8.0.1 | |
| microsys | promotic | 8.0.2 | |
| microsys | promotic | 8.0.3 | |
| microsys | promotic | 8.0.4 | |
| microsys | promotic | 8.0.5 | |
| microsys | promotic | 8.0.6 | |
| microsys | promotic | 8.0.7 | |
| microsys | promotic | 8.0.8 | |
| microsys | promotic | 8.0.9 | |
| microsys | promotic | 8.0.10 | |
| microsys | promotic | 8.0.11 | |
| microsys | promotic | 8.0.12 | |
| microsys | promotic | 8.0.13 | |
| microsys | promotic | 8.1.0 | |
| microsys | promotic | 8.1.1 | |
| microsys | promotic | 8.1.2 | |
| microsys | promotic | 8.1.3 | |
| microsys | promotic | 8.1.4 | |
| microsys | promotic | 8.1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsys:promotic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C8458FB-FBCE-44A1-84FF-1DBEE08BE7EC",
"versionEndIncluding": "8.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "02178943-2743-47D5-B9C4-AB949988DC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7357AA05-5785-4457-8419-07D50963B72E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C61222-F8FD-40DA-8BEB-214D84C9776A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D10CCACE-AFB3-48DC-8B4D-C7A612083C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "656C8269-02BC-446D-9DE8-9C05BCD73642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9BB1C0-980B-476E-9C4C-6CA5C0C935CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D0E060-A295-4FA8-8E83-3555376B1DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9A893332-E407-475C-A0A3-3D553BEAF7A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6C1E4F8D-61B9-463D-9642-800A0CF425EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "70455EAC-1F80-4B06-9524-2014A9245296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6C171B19-3889-4B4E-B7FE-0B7CEA3AED43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FEC60655-5D1C-40A6-877B-990618764E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "98EF64C6-DD93-40AE-A354-324657BD69C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9EAEA85A-34B2-4EE4-B431-124DFE690AF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B5CB21B-4E56-4145-9E42-EAA464A3E00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDDFCCF-7E92-47B3-BF14-C1A3AE7253F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86EFD69D-C3C6-497F-B651-FEE7C4992DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B33DB525-2F9D-477D-908E-C30B6F4F57B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7379A35-8600-4AB2-BAF5-262934D75D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsys:promotic:8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "749C8027-73CD-4253-8233-2C2AA4E3D725",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file."
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de la liberaci\u00f3n en MICROSYS PROMOTIC anteriores a v8.1.7 permite a atacantes remotos asistidos por usuarios a ejecutar c\u00f3digo o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de datos y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un fichero de proyecto manipulado (tambi\u00e9n conocido como .pra).\r\n\r\n"
}
],
"id": "CVE-2011-4874",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-04-13T10:41:49.697",
"references": [
{
"source": "cret@cert.org",
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80107"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/52988"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdf"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74846"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2016-0869 (GCVE-0-2016-0869)
Vulnerability from cvelistv5 – Published: 2016-01-26 19:00 – Updated: 2024-08-05 22:30
VLAI?
Summary
Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:05.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.promotic.eu/en/pmdoc/NewsPm803.htm#ver80311"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-026-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-26T18:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.promotic.eu/en/pmdoc/NewsPm803.htm#ver80311"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-026-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-0869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.promotic.eu/en/pmdoc/NewsPm803.htm#ver80311",
"refsource": "CONFIRM",
"url": "http://www.promotic.eu/en/pmdoc/NewsPm803.htm#ver80311"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-026-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-026-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-0869",
"datePublished": "2016-01-26T19:00:00",
"dateReserved": "2015-12-17T00:00:00",
"dateUpdated": "2024-08-05T22:30:05.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9205 (GCVE-0-2014-9205)
Vulnerability from cvelistv5 – Published: 2015-03-29 10:00 – Updated: 2024-08-06 13:40
VLAI?
Summary
Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-091/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-29T02:57:00",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-091/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-9205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01"
},
{
"name": "http://www.promotic.eu/en/pmdoc/News.htm",
"refsource": "CONFIRM",
"url": "http://www.promotic.eu/en/pmdoc/News.htm"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-091/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-091/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-9205",
"datePublished": "2015-03-29T10:00:00",
"dateReserved": "2014-12-02T00:00:00",
"dateUpdated": "2024-08-06T13:40:24.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4520 (GCVE-0-2011-4520)
Vulnerability from cvelistv5 – Published: 2013-05-23 17:00 – Updated: 2024-09-16 18:49
VLAI?
Summary
Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-23T17:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105",
"refsource": "CONFIRM",
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4520",
"datePublished": "2013-05-23T17:00:00Z",
"dateReserved": "2011-11-22T00:00:00Z",
"dateUpdated": "2024-09-16T18:49:04.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4518 (GCVE-0-2011-4518)
Vulnerability from cvelistv5 – Published: 2013-05-23 17:00 – Updated: 2024-09-16 16:22
VLAI?
Summary
Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-23T17:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105",
"refsource": "CONFIRM",
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4518",
"datePublished": "2013-05-23T17:00:00Z",
"dateReserved": "2011-11-22T00:00:00Z",
"dateUpdated": "2024-09-16T16:22:34.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4519 (GCVE-0-2011-4519)
Vulnerability from cvelistv5 – Published: 2013-05-23 17:00 – Updated: 2024-09-16 17:34
VLAI?
Summary
Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-23T17:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105",
"refsource": "CONFIRM",
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4519",
"datePublished": "2013-05-23T17:00:00Z",
"dateReserved": "2011-11-22T00:00:00Z",
"dateUpdated": "2024-09-16T17:34:28.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4874 (GCVE-0-2011-4874)
Vulnerability from cvelistv5 – Published: 2012-04-13 10:00 – Updated: 2024-08-07 00:16
VLAI?
Summary
Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:35.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdf"
},
{
"name": "promotic-project-file-code-exec(74846)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74846"
},
{
"name": "52988",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52988"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdf"
},
{
"name": "promotic-project-file-code-exec(74846)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74846"
},
{
"name": "52988",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52988"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.promotic.eu/en/pmdoc/News.htm#ver80107",
"refsource": "CONFIRM",
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80107"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdf"
},
{
"name": "promotic-project-file-code-exec(74846)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74846"
},
{
"name": "52988",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52988"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4874",
"datePublished": "2012-04-13T10:00:00",
"dateReserved": "2011-12-21T00:00:00",
"dateUpdated": "2024-08-07T00:16:35.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0869 (GCVE-0-2016-0869)
Vulnerability from nvd – Published: 2016-01-26 19:00 – Updated: 2024-08-05 22:30
VLAI?
Summary
Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:05.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.promotic.eu/en/pmdoc/NewsPm803.htm#ver80311"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-026-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-26T18:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.promotic.eu/en/pmdoc/NewsPm803.htm#ver80311"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-026-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-0869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.promotic.eu/en/pmdoc/NewsPm803.htm#ver80311",
"refsource": "CONFIRM",
"url": "http://www.promotic.eu/en/pmdoc/NewsPm803.htm#ver80311"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-026-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-026-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-0869",
"datePublished": "2016-01-26T19:00:00",
"dateReserved": "2015-12-17T00:00:00",
"dateUpdated": "2024-08-05T22:30:05.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9205 (GCVE-0-2014-9205)
Vulnerability from nvd – Published: 2015-03-29 10:00 – Updated: 2024-08-06 13:40
VLAI?
Summary
Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-091/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-29T02:57:00",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-091/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-9205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01"
},
{
"name": "http://www.promotic.eu/en/pmdoc/News.htm",
"refsource": "CONFIRM",
"url": "http://www.promotic.eu/en/pmdoc/News.htm"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-091/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-091/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-9205",
"datePublished": "2015-03-29T10:00:00",
"dateReserved": "2014-12-02T00:00:00",
"dateUpdated": "2024-08-06T13:40:24.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4520 (GCVE-0-2011-4520)
Vulnerability from nvd – Published: 2013-05-23 17:00 – Updated: 2024-09-16 18:49
VLAI?
Summary
Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-23T17:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105",
"refsource": "CONFIRM",
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4520",
"datePublished": "2013-05-23T17:00:00Z",
"dateReserved": "2011-11-22T00:00:00Z",
"dateUpdated": "2024-09-16T18:49:04.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4518 (GCVE-0-2011-4518)
Vulnerability from nvd – Published: 2013-05-23 17:00 – Updated: 2024-09-16 16:22
VLAI?
Summary
Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-23T17:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105",
"refsource": "CONFIRM",
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4518",
"datePublished": "2013-05-23T17:00:00Z",
"dateReserved": "2011-11-22T00:00:00Z",
"dateUpdated": "2024-09-16T16:22:34.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4519 (GCVE-0-2011-4519)
Vulnerability from nvd – Published: 2013-05-23 17:00 – Updated: 2024-09-16 17:34
VLAI?
Summary
Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-05-23T17:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105",
"refsource": "CONFIRM",
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80105"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4519",
"datePublished": "2013-05-23T17:00:00Z",
"dateReserved": "2011-11-22T00:00:00Z",
"dateUpdated": "2024-09-16T17:34:28.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4874 (GCVE-0-2011-4874)
Vulnerability from nvd – Published: 2012-04-13 10:00 – Updated: 2024-08-07 00:16
VLAI?
Summary
Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:35.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdf"
},
{
"name": "promotic-project-file-code-exec(74846)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74846"
},
{
"name": "52988",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52988"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdf"
},
{
"name": "promotic-project-file-code-exec(74846)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74846"
},
{
"name": "52988",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52988"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.promotic.eu/en/pmdoc/News.htm#ver80107",
"refsource": "CONFIRM",
"url": "http://www.promotic.eu/en/pmdoc/News.htm#ver80107"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdf"
},
{
"name": "promotic-project-file-code-exec(74846)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74846"
},
{
"name": "52988",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52988"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4874",
"datePublished": "2012-04-13T10:00:00",
"dateReserved": "2011-12-21T00:00:00",
"dateUpdated": "2024-08-07T00:16:35.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}