Vulnerabilites related to abb - robotware
cve-2021-22279
Vulnerability from cvelistv5
Published
2021-12-13 15:48
Modified
2024-09-16 17:38
Severity ?
Summary
A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port.
Impacted products
Vendor Product Version
ABB RobotWare Version: unspecified   < 7.3.2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T18:37:18.507Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://search.abb.com/library/Download.aspx?DocumentID=SI20265&LanguageCode=en&DocumentPartId=&Action=Launch",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "RobotWare",
               vendor: "ABB",
               versions: [
                  {
                     lessThan: "7.3.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         datePublic: "2021-12-01T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-306",
                     description: "CWE-306 Missing Authentication for Critical Function",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-12-13T15:48:03",
            orgId: "2b718523-d88f-4f37-9bbd-300c20644bf9",
            shortName: "ABB",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://search.abb.com/library/Download.aspx?DocumentID=SI20265&LanguageCode=en&DocumentPartId=&Action=Launch",
            },
         ],
         solutions: [
            {
               lang: "en",
               value: "The problem is corrected in RobotWare version 7.3.2.\nABB recommends that customers apply the update at earliest convenience. The update is available for download from RobotStudio.",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "OmniCore RobotWare Missing Authentication Vulnerability",
         workarounds: [
            {
               lang: "en",
               value: "ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors:\n• Do not use Connected Services Ethernet port connection until the update has been applied, or\n• Protect Connected Services Gateway Ethernet port with a firewall, which prevents inbound connections.",
            },
         ],
         x_generator: {
            engine: "Vulnogram 0.0.9",
         },
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cybersecurity@ch.abb.com",
               DATE_PUBLIC: "2021-12-01T07:48:00.000Z",
               ID: "CVE-2021-22279",
               STATE: "PUBLIC",
               TITLE: "OmniCore RobotWare Missing Authentication Vulnerability",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "RobotWare",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "7.3.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "ABB",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port.",
                  },
               ],
            },
            generator: {
               engine: "Vulnogram 0.0.9",
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-306 Missing Authentication for Critical Function",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://search.abb.com/library/Download.aspx?DocumentID=SI20265&LanguageCode=en&DocumentPartId=&Action=Launch",
                     refsource: "MISC",
                     url: "https://search.abb.com/library/Download.aspx?DocumentID=SI20265&LanguageCode=en&DocumentPartId=&Action=Launch",
                  },
               ],
            },
            solution: [
               {
                  lang: "en",
                  value: "The problem is corrected in RobotWare version 7.3.2.\nABB recommends that customers apply the update at earliest convenience. The update is available for download from RobotStudio.",
               },
            ],
            source: {
               discovery: "UNKNOWN",
            },
            work_around: [
               {
                  lang: "en",
                  value: "ABB has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they can help block known attack vectors:\n• Do not use Connected Services Ethernet port connection until the update has been applied, or\n• Protect Connected Services Gateway Ethernet port with a firewall, which prevents inbound connections.",
               },
            ],
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "2b718523-d88f-4f37-9bbd-300c20644bf9",
      assignerShortName: "ABB",
      cveId: "CVE-2021-22279",
      datePublished: "2021-12-13T15:48:03.846890Z",
      dateReserved: "2021-01-05T00:00:00",
      dateUpdated: "2024-09-16T17:38:50.816Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-10288
Vulnerability from cvelistv5
Published
2020-07-15 22:15
Modified
2024-09-16 19:51
Severity ?
Summary
IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted.
References
https://github.com/aliasrobotics/RVD/issues/3327x_refsource_CONFIRM
Impacted products
Vendor Product Version
ABB IRB140 Version: unspecified
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T10:58:39.980Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/aliasrobotics/RVD/issues/3327",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "IRB140",
               vendor: "ABB",
               versions: [
                  {
                     status: "affected",
                     version: "unspecified",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "Alfonso Glera, Victor Mayoral Vilches (Alias Robotics)",
            },
         ],
         datePublic: "2020-07-15T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-284",
                     description: "CWE-284",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-07-15T22:15:13",
            orgId: "dc524f69-879d-41dc-ab8f-724e78658a1a",
            shortName: "Alias",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/aliasrobotics/RVD/issues/3327",
            },
         ],
         source: {
            defect: [
               "RVD#3327",
            ],
            discovery: "EXTERNAL",
         },
         title: "RVD#3327: No authentication required for accesing ABB IRC5 FTP server",
         x_generator: {
            engine: "Robot Vulnerability Database (RVD)",
         },
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@aliasrobotics.com",
               DATE_PUBLIC: "2020-07-15T22:11:11 +00:00",
               ID: "CVE-2020-10288",
               STATE: "PUBLIC",
               TITLE: "RVD#3327: No authentication required for accesing ABB IRC5 FTP server",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "IRB140",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "ABB",
                     },
                  ],
               },
            },
            credit: [
               {
                  lang: "eng",
                  value: "Alfonso Glera, Victor Mayoral Vilches (Alias Robotics)",
               },
            ],
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted.",
                  },
               ],
            },
            generator: {
               engine: "Robot Vulnerability Database (RVD)",
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "critical",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-284",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/aliasrobotics/RVD/issues/3327",
                     refsource: "CONFIRM",
                     url: "https://github.com/aliasrobotics/RVD/issues/3327",
                  },
               ],
            },
            source: {
               defect: [
                  "RVD#3327",
               ],
               discovery: "EXTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "dc524f69-879d-41dc-ab8f-724e78658a1a",
      assignerShortName: "Alias",
      cveId: "CVE-2020-10288",
      datePublished: "2020-07-15T22:15:13.640890Z",
      dateReserved: "2020-03-10T00:00:00",
      dateUpdated: "2024-09-16T19:51:41.495Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2020-07-15 23:15
Modified
2024-11-21 04:55
Severity ?
Summary
IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted.
Impacted products
Vendor Product Version
abb robotware 5.09
abb irb140 -
abb irc5 -
windriver vxworks 5.5.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:abb:robotware:5.09:*:*:*:*:*:*:*",
                     matchCriteriaId: "C9C363AC-475E-42E1-937B-D34A45AE9E32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:abb:irb140:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A6784E9-6C10-4DC4-8CDB-091EFF88BD2F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:abb:irc5:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB3C36DB-C7BB-4EB2-AE54-CE72067D1592",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:windriver:vxworks:5.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2490A606-8525-4D45-B0A5-975E125257A8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted.",
      },
      {
         lang: "es",
         value: "IRC5 expone un servidor ftp (puerto 21). Al intentar conseguir acceso, se le solicita una petición de nombre de usuario y contraseña, sin embargo, puede ingresar lo que desee. Mientras el campo no esté vacío, será aceptado",
      },
   ],
   id: "CVE-2020-10288",
   lastModified: "2024-11-21T04:55:08.807",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "cve@aliasrobotics.com",
            type: "Secondary",
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-07-15T23:15:11.393",
   references: [
      {
         source: "cve@aliasrobotics.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/aliasrobotics/RVD/issues/3327",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/aliasrobotics/RVD/issues/3327",
      },
   ],
   sourceIdentifier: "cve@aliasrobotics.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-284",
            },
         ],
         source: "cve@aliasrobotics.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

var-202007-0170
Vulnerability from variot

IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted. IRC5 There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB IRC5 is a robot control system.

The ABB IRC5 FTP server has an access control error vulnerability. Remote attackers can use this vulnerability to submit special requests and gain unauthorized access to the system

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202007-0170",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "robotware",
            scope: "eq",
            trust: 1,
            vendor: "abb",
            version: "5.09",
         },
         {
            model: "robotware",
            scope: null,
            trust: 0.8,
            vendor: "abb",
            version: null,
         },
         {
            model: "irc5",
            scope: null,
            trust: 0.6,
            vendor: "abb",
            version: null,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-41211",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-008555",
         },
         {
            db: "NVD",
            id: "CVE-2020-10288",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:a:abb:robotware:5.09:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:abb:irb140:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:h:abb:irc5:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:windriver:vxworks:5.5.1:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-10288",
         },
      ],
   },
   cve: "CVE-2020-10288",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "HIGH",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 7.5,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-008555",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "High",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "CNVD-2020-41211",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  severity: "HIGH",
                  trust: 0.6,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "cve@aliasrobotics.com",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 9.8,
                  baseSeverity: "Critical",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-008555",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2020-10288",
                  trust: 1,
                  value: "CRITICAL",
               },
               {
                  author: "cve@aliasrobotics.com",
                  id: "CVE-2020-10288",
                  trust: 1,
                  value: "CRITICAL",
               },
               {
                  author: "NVD",
                  id: "JVNDB-2020-008555",
                  trust: 0.8,
                  value: "Critical",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2020-41211",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202007-1169",
                  trust: 0.6,
                  value: "CRITICAL",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-41211",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-008555",
         },
         {
            db: "NVD",
            id: "CVE-2020-10288",
         },
         {
            db: "NVD",
            id: "CVE-2020-10288",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202007-1169",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted. IRC5 There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. ABB IRC5 is a robot control system. \n\r\n\r\nThe ABB IRC5 FTP server has an access control error vulnerability. Remote attackers can use this vulnerability to submit special requests and gain unauthorized access to the system",
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-10288",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-008555",
         },
         {
            db: "CNVD",
            id: "CNVD-2020-41211",
         },
      ],
      trust: 2.16,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2020-10288",
            trust: 3,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-008555",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2020-41211",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202007-1169",
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-41211",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-008555",
         },
         {
            db: "NVD",
            id: "CVE-2020-10288",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202007-1169",
         },
      ],
   },
   id: "VAR-202007-0170",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-41211",
         },
      ],
      trust: 1.4068182,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "ICS",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-41211",
         },
      ],
   },
   last_update_date: "2023-12-18T11:58:13.511000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "Top Page",
            trust: 0.8,
            url: "https://global.abb/group/en",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-008555",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-287",
            trust: 1.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-008555",
         },
         {
            db: "NVD",
            id: "CVE-2020-10288",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 3,
            url: "https://github.com/aliasrobotics/rvd/issues/3327",
         },
         {
            trust: 1.4,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-10288",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10288",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-41211",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-008555",
         },
         {
            db: "NVD",
            id: "CVE-2020-10288",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202007-1169",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2020-41211",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-008555",
         },
         {
            db: "NVD",
            id: "CVE-2020-10288",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202007-1169",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-07-21T00:00:00",
            db: "CNVD",
            id: "CNVD-2020-41211",
         },
         {
            date: "2020-09-16T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-008555",
         },
         {
            date: "2020-07-15T23:15:11.393000",
            db: "NVD",
            id: "CVE-2020-10288",
         },
         {
            date: "2020-07-15T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202007-1169",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-07-21T00:00:00",
            db: "CNVD",
            id: "CNVD-2020-41211",
         },
         {
            date: "2020-09-16T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-008555",
         },
         {
            date: "2020-07-23T17:22:18.030000",
            db: "NVD",
            id: "CVE-2020-10288",
         },
         {
            date: "2022-03-08T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202007-1169",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202007-1169",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "IRC5 Authentication vulnerabilities in",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-008555",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "authorization issue",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202007-1169",
         },
      ],
      trust: 0.6,
   },
}

var-201611-0391
Vulnerability from variot

ABB is a leader in power and automation technology among the world's top 500 companies. ABB RobotWare has multiple buffer overflow vulnerabilities that allow an attacker to exploit this vulnerability to execute arbitrary code in the context of an affected application. ABB is prone to following security vulnerabilities: 1. Multiple buffer-overflow vulnerabilities 2. A remote code-execution vulnerability 3. The following versions are affected: RobotWare 5.x versions prior to 5.15.13 RobotWare 5.6x versions prior t o 5.61.07 RobotWare 6.x versions prior to 6.0 4 .0 0

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201611-0391",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "robotware",
            scope: "eq",
            trust: 2.4,
            vendor: "abb",
            version: "5.x<5.15.13",
         },
         {
            model: "robotware",
            scope: "eq",
            trust: 2.4,
            vendor: "abb",
            version: "5.6x<5.61.07",
         },
         {
            model: "robotware",
            scope: "eq",
            trust: 2.4,
            vendor: "abb",
            version: "6.x<6.04.00",
         },
         {
            model: "robotware",
            scope: "eq",
            trust: 0.3,
            vendor: "abb",
            version: "6.0",
         },
         {
            model: "robotware",
            scope: "eq",
            trust: 0.3,
            vendor: "abb",
            version: "5.60",
         },
         {
            model: "robotware",
            scope: "eq",
            trust: 0.3,
            vendor: "abb",
            version: "5.0",
         },
         {
            model: "robotware",
            scope: "ne",
            trust: 0.3,
            vendor: "abb",
            version: "6.04.00",
         },
         {
            model: "robotware",
            scope: "ne",
            trust: 0.3,
            vendor: "abb",
            version: "5.61.07",
         },
         {
            model: "robotware",
            scope: "ne",
            trust: 0.3,
            vendor: "abb",
            version: "5.15.13",
         },
      ],
      sources: [
         {
            db: "IVD",
            id: "14baa0db-8f92-4dce-a76c-1b9498a20b49",
         },
         {
            db: "IVD",
            id: "300c7966-afa9-497e-b43b-beeb7f4abcf7",
         },
         {
            db: "IVD",
            id: "8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad",
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10593",
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10592",
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10591",
         },
         {
            db: "BID",
            id: "94034",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Davide Quarta, Marcello Pogliani, Mario Polino and Stefano Zanero from Politecnico di Milano.",
      sources: [
         {
            db: "BID",
            id: "94034",
         },
      ],
      trust: 0.3,
   },
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 9.3,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 8.6,
                  id: "CNVD-2016-10593",
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  severity: "HIGH",
                  trust: 0.6,
                  vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "SINGLE",
                  author: "CNVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 8.5,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 6.8,
                  id: "CNVD-2016-10592",
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  severity: "HIGH",
                  trust: 0.6,
                  vectorString: "AV:N/AC:M/Au:S/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "LOCAL",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 6.9,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 3.4,
                  id: "CNVD-2016-10591",
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  severity: "MEDIUM",
                  trust: 0.6,
                  vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "IVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 9.3,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 8.6,
                  id: "14baa0db-8f92-4dce-a76c-1b9498a20b49",
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  severity: "HIGH",
                  trust: 0.2,
                  vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                  version: "2.9 [IVD]",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "LOCAL",
                  authentication: "NONE",
                  author: "IVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 6.9,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 3.4,
                  id: "300c7966-afa9-497e-b43b-beeb7f4abcf7",
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  severity: "MEDIUM",
                  trust: 0.2,
                  vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C",
                  version: "2.9 [IVD]",
               },
               {
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "SINGLE",
                  author: "IVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 8.5,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 6.8,
                  id: "8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad",
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  severity: "HIGH",
                  trust: 0.2,
                  vectorString: "AV:N/AC:M/Au:S/C:C/I:C/A:C",
                  version: "2.9 [IVD]",
               },
            ],
            cvssV3: [],
            severity: [
               {
                  author: "CNVD",
                  id: "CNVD-2016-10593",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2016-10592",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2016-10591",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "IVD",
                  id: "14baa0db-8f92-4dce-a76c-1b9498a20b49",
                  trust: 0.2,
                  value: "HIGH",
               },
               {
                  author: "IVD",
                  id: "300c7966-afa9-497e-b43b-beeb7f4abcf7",
                  trust: 0.2,
                  value: "MEDIUM",
               },
               {
                  author: "IVD",
                  id: "8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad",
                  trust: 0.2,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "IVD",
            id: "14baa0db-8f92-4dce-a76c-1b9498a20b49",
         },
         {
            db: "IVD",
            id: "300c7966-afa9-497e-b43b-beeb7f4abcf7",
         },
         {
            db: "IVD",
            id: "8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad",
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10593",
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10592",
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10591",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "ABB is a leader in power and automation technology among the world's top 500 companies. ABB RobotWare has multiple buffer overflow vulnerabilities that allow an attacker to exploit this vulnerability to execute arbitrary code in the context of an affected application. ABB is prone to following security vulnerabilities:\n1. Multiple buffer-overflow vulnerabilities\n2. A remote code-execution vulnerability\n3. \nThe following versions are affected:\nRobotWare 5.x versions prior to 5.15.13\nRobotWare 5.6x  versions prior t o 5.61.07\nRobotWare 6.x  versions prior to 6.0 4 .0 0",
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2016-10593",
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10592",
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10591",
         },
         {
            db: "BID",
            id: "94034",
         },
         {
            db: "IVD",
            id: "14baa0db-8f92-4dce-a76c-1b9498a20b49",
         },
         {
            db: "IVD",
            id: "300c7966-afa9-497e-b43b-beeb7f4abcf7",
         },
         {
            db: "IVD",
            id: "8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad",
         },
      ],
      trust: 2.43,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "BID",
            id: "94034",
            trust: 2.1,
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10593",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10591",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10592",
            trust: 0.8,
         },
         {
            db: "IVD",
            id: "14BAA0DB-8F92-4DCE-A76C-1B9498A20B49",
            trust: 0.2,
         },
         {
            db: "IVD",
            id: "300C7966-AFA9-497E-B43B-BEEB7F4ABCF7",
            trust: 0.2,
         },
         {
            db: "IVD",
            id: "8E4EF4C6-6BD1-40E1-A98F-7A82E8E3BBAD",
            trust: 0.2,
         },
      ],
      sources: [
         {
            db: "IVD",
            id: "14baa0db-8f92-4dce-a76c-1b9498a20b49",
         },
         {
            db: "IVD",
            id: "300c7966-afa9-497e-b43b-beeb7f4abcf7",
         },
         {
            db: "IVD",
            id: "8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad",
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10593",
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10592",
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10591",
         },
         {
            db: "BID",
            id: "94034",
         },
      ],
   },
   id: "VAR-201611-0391",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "IVD",
            id: "14baa0db-8f92-4dce-a76c-1b9498a20b49",
         },
         {
            db: "IVD",
            id: "300c7966-afa9-497e-b43b-beeb7f4abcf7",
         },
         {
            db: "IVD",
            id: "8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad",
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10593",
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10592",
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10591",
         },
      ],
      trust: 3.2636363999999998,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "ICS",
            ],
            sub_category: null,
            trust: 2.4,
         },
      ],
      sources: [
         {
            db: "IVD",
            id: "14baa0db-8f92-4dce-a76c-1b9498a20b49",
         },
         {
            db: "IVD",
            id: "300c7966-afa9-497e-b43b-beeb7f4abcf7",
         },
         {
            db: "IVD",
            id: "8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad",
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10593",
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10592",
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10591",
         },
      ],
   },
   last_update_date: "2022-05-17T01:41:08.878000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "Patch for ABB RobotWare Authentication Vulnerability",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/83511",
         },
         {
            title: "Patch for ABB RobotWare Remote Code Execution Vulnerability",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/83509",
         },
         {
            title: "ABB RobotWare has multiple patches for buffer overflow vulnerabilities",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/83508",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2016-10593",
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10592",
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10591",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.2,
            url: "http://www.securityfocus.com/bid/94034",
         },
         {
            trust: 0.6,
            url: "http://www.securityfocus.com/bid/94034/",
         },
         {
            trust: 0.3,
            url: "http://www.abb.com/",
         },
         {
            trust: 0.3,
            url: "https://library.e.abb.com/public/09da4d2b396841f6911ba1b06178fcb9/si20107%20-%20advisory%20for%20multiple%20vulnerabilities%20in%20abb%20robotware.pdf",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2016-10593",
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10592",
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10591",
         },
         {
            db: "BID",
            id: "94034",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "IVD",
            id: "14baa0db-8f92-4dce-a76c-1b9498a20b49",
         },
         {
            db: "IVD",
            id: "300c7966-afa9-497e-b43b-beeb7f4abcf7",
         },
         {
            db: "IVD",
            id: "8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad",
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10593",
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10592",
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10591",
         },
         {
            db: "BID",
            id: "94034",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2016-11-04T00:00:00",
            db: "IVD",
            id: "14baa0db-8f92-4dce-a76c-1b9498a20b49",
         },
         {
            date: "2016-11-04T00:00:00",
            db: "IVD",
            id: "300c7966-afa9-497e-b43b-beeb7f4abcf7",
         },
         {
            date: "2016-11-04T00:00:00",
            db: "IVD",
            id: "8e4ef4c6-6bd1-40e1-a98f-7a82e8e3bbad",
         },
         {
            date: "2016-11-04T00:00:00",
            db: "CNVD",
            id: "CNVD-2016-10593",
         },
         {
            date: "2016-11-04T00:00:00",
            db: "CNVD",
            id: "CNVD-2016-10592",
         },
         {
            date: "2016-11-04T00:00:00",
            db: "CNVD",
            id: "CNVD-2016-10591",
         },
         {
            date: "2016-11-01T00:00:00",
            db: "BID",
            id: "94034",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2016-11-04T00:00:00",
            db: "CNVD",
            id: "CNVD-2016-10593",
         },
         {
            date: "2016-11-04T00:00:00",
            db: "CNVD",
            id: "CNVD-2016-10592",
         },
         {
            date: "2016-11-04T00:00:00",
            db: "CNVD",
            id: "CNVD-2016-10591",
         },
         {
            date: "2016-11-24T01:07:00",
            db: "BID",
            id: "94034",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "network",
      sources: [
         {
            db: "BID",
            id: "94034",
         },
      ],
      trust: 0.3,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "ABB RobotWare Authentication vulnerability",
      sources: [
         {
            db: "IVD",
            id: "14baa0db-8f92-4dce-a76c-1b9498a20b49",
         },
         {
            db: "CNVD",
            id: "CNVD-2016-10593",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Unknown",
      sources: [
         {
            db: "BID",
            id: "94034",
         },
      ],
      trust: 0.3,
   },
}

var-201311-0452
Vulnerability from variot

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB RobotStudio Tools. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the cw3dgrph.ocx ActiveX control. The ImportStyle method allows an attacker to load a specially crafted .cwx file from a remote network share. Following this call, the attacker can invoke the ExportStyle method to save the file to an arbitrary location through the use of a directory traversal vulnerability. A remote attacker can abuse this to execute arbitrary code under the context of the user. ABB is a leader in power and automation technology among the world's top 500 companies. The attacker constructs a malicious WEB page to induce the user to parse, and can write arbitrary files to any position of the system. ABB Test Signal Viewer is a software product of Swiss ABB company, which is mainly used to optimize and adjust the axis speed of ABB robots, and grasp the robot operating conditions. Failed exploit attempts will likely result in denial-of-service conditions

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201311-0452",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "test signal viewer",
            scope: "eq",
            trust: 0.8,
            vendor: "abb",
            version: "1.x",
         },
         {
            model: "robotware",
            scope: "eq",
            trust: 0.8,
            vendor: "abb",
            version: "5.x",
         },
         {
            model: "robotstudio",
            scope: null,
            trust: 0.7,
            vendor: "abb",
            version: null,
         },
         {
            model: "test signal viewer",
            scope: "eq",
            trust: 0.3,
            vendor: "abb",
            version: "1.4",
         },
         {
            model: "robotstudio",
            scope: "eq",
            trust: 0.3,
            vendor: "abb",
            version: "5.15.02",
         },
         {
            model: "test signal viewer",
            scope: "ne",
            trust: 0.3,
            vendor: "abb",
            version: "1.5",
         },
         {
            model: "robotstudio",
            scope: "ne",
            trust: 0.3,
            vendor: "abb",
            version: "5.15.03",
         },
      ],
      sources: [
         {
            db: "IVD",
            id: "555598f6-1efb-11e6-abef-000c29c66e3d",
         },
         {
            db: "IVD",
            id: "574f7f8c-1efb-11e6-abef-000c29c66e3d",
         },
         {
            db: "ZDI",
            id: "ZDI-13-253",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-14743",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-14744",
         },
         {
            db: "BID",
            id: "63904",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Andrea Micalizzi",
      sources: [
         {
            db: "BID",
            id: "63904",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201311-435",
         },
      ],
      trust: 0.9,
   },
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: null,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "ZDI",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "ZDI-13-253",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "HIGH",
                  trust: 0.7,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "CNVD-2013-14743",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  severity: "HIGH",
                  trust: 0.6,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "CNVD-2013-14744",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  severity: "HIGH",
                  trust: 0.6,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "IVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "555598f6-1efb-11e6-abef-000c29c66e3d",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  severity: "HIGH",
                  trust: 0.2,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.9 [IVD]",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "IVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 7.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "574f7f8c-1efb-11e6-abef-000c29c66e3d",
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  severity: "HIGH",
                  trust: 0.2,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.9 [IVD]",
               },
            ],
            cvssV3: [],
            severity: [
               {
                  author: "ZDI",
                  id: "ZDI-13-253",
                  trust: 0.7,
                  value: "HIGH",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2013-14743",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2013-14744",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "IVD",
                  id: "555598f6-1efb-11e6-abef-000c29c66e3d",
                  trust: 0.2,
                  value: "HIGH",
               },
               {
                  author: "IVD",
                  id: "574f7f8c-1efb-11e6-abef-000c29c66e3d",
                  trust: 0.2,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "IVD",
            id: "555598f6-1efb-11e6-abef-000c29c66e3d",
         },
         {
            db: "IVD",
            id: "574f7f8c-1efb-11e6-abef-000c29c66e3d",
         },
         {
            db: "ZDI",
            id: "ZDI-13-253",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-14743",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-14744",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB RobotStudio Tools. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the cw3dgrph.ocx ActiveX control. The ImportStyle method allows an attacker to load a specially crafted .cwx file from a remote network share.  Following this call, the attacker can invoke the ExportStyle method to save the file to an arbitrary location through the use of a directory traversal vulnerability.  A remote attacker can abuse this to execute arbitrary code under the context of the user. ABB is a leader in power and automation technology among the world's top 500 companies. The attacker constructs a malicious WEB page to induce the user to parse, and can write arbitrary files to any position of the system. ABB Test Signal Viewer is a software product of Swiss ABB company, which is mainly used to optimize and adjust the axis speed of ABB robots, and grasp the robot operating conditions. Failed exploit attempts will likely result in denial-of-service conditions",
      sources: [
         {
            db: "ZDI",
            id: "ZDI-13-253",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-14743",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-14744",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201311-435",
         },
         {
            db: "BID",
            id: "63904",
         },
         {
            db: "IVD",
            id: "555598f6-1efb-11e6-abef-000c29c66e3d",
         },
         {
            db: "IVD",
            id: "574f7f8c-1efb-11e6-abef-000c29c66e3d",
         },
      ],
      trust: 2.88,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "ZDI",
            id: "ZDI-13-253",
            trust: 1.6,
         },
         {
            db: "BID",
            id: "63904",
            trust: 1.5,
         },
         {
            db: "CNVD",
            id: "CNVD-2013-14743",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2013-14744",
            trust: 0.8,
         },
         {
            db: "ZDI_CAN",
            id: "ZDI-CAN-1834",
            trust: 0.7,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201311-435",
            trust: 0.6,
         },
         {
            db: "IVD",
            id: "555598F6-1EFB-11E6-ABEF-000C29C66E3D",
            trust: 0.2,
         },
         {
            db: "IVD",
            id: "574F7F8C-1EFB-11E6-ABEF-000C29C66E3D",
            trust: 0.2,
         },
      ],
      sources: [
         {
            db: "IVD",
            id: "555598f6-1efb-11e6-abef-000c29c66e3d",
         },
         {
            db: "IVD",
            id: "574f7f8c-1efb-11e6-abef-000c29c66e3d",
         },
         {
            db: "ZDI",
            id: "ZDI-13-253",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-14743",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-14744",
         },
         {
            db: "BID",
            id: "63904",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201311-435",
         },
      ],
   },
   id: "VAR-201311-0452",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "IVD",
            id: "555598f6-1efb-11e6-abef-000c29c66e3d",
         },
         {
            db: "IVD",
            id: "574f7f8c-1efb-11e6-abef-000c29c66e3d",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-14743",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-14744",
         },
      ],
      trust: 2.296608943333333,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "ICS",
            ],
            sub_category: null,
            trust: 1.6,
         },
      ],
      sources: [
         {
            db: "IVD",
            id: "555598f6-1efb-11e6-abef-000c29c66e3d",
         },
         {
            db: "IVD",
            id: "574f7f8c-1efb-11e6-abef-000c29c66e3d",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-14743",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-14744",
         },
      ],
   },
   last_update_date: "2022-05-17T02:00:03.152000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "ABB has issued an update to correct this vulnerability.",
            trust: 0.7,
            url: "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/8e134e13bfa25a0cc1257c0600459b16/$file/si10253a2%20rev%200%20.pdf",
         },
         {
            title: "ABB Test Signal Viewer CWGraph3D ActiveX Control Remote Code Execution Vulnerability Patch",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/41340",
         },
         {
            title: "ABB RobotWare CWGraph3D ActiveX Control Remote Code Execution Vulnerability Patch",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/41341",
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-13-253",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-14743",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-14744",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.2,
            url: "http://www.securityfocus.com/bid/63904",
         },
         {
            trust: 1,
            url: "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/8e134e13bfa25a0cc1257c0600459b16/$file/si10253a2%20rev%200%20.pdf",
         },
         {
            trust: 0.9,
            url: "http://www.zerodayinitiative.com/advisories/zdi-13-253/",
         },
         {
            trust: 0.6,
            url: "http://www.abb.com/global/scot/scot348.nsf/veritydisplay/8e134e13bfa25a0cc1257c0600459b16/",
         },
         {
            trust: 0.3,
            url: "http://new.abb.com/products/robotics/robotstudio",
         },
      ],
      sources: [
         {
            db: "ZDI",
            id: "ZDI-13-253",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-14743",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-14744",
         },
         {
            db: "BID",
            id: "63904",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201311-435",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "IVD",
            id: "555598f6-1efb-11e6-abef-000c29c66e3d",
         },
         {
            db: "IVD",
            id: "574f7f8c-1efb-11e6-abef-000c29c66e3d",
         },
         {
            db: "ZDI",
            id: "ZDI-13-253",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-14743",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-14744",
         },
         {
            db: "BID",
            id: "63904",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201311-435",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2013-11-27T00:00:00",
            db: "IVD",
            id: "555598f6-1efb-11e6-abef-000c29c66e3d",
         },
         {
            date: "2013-11-27T00:00:00",
            db: "IVD",
            id: "574f7f8c-1efb-11e6-abef-000c29c66e3d",
         },
         {
            date: "2013-11-24T00:00:00",
            db: "ZDI",
            id: "ZDI-13-253",
         },
         {
            date: "2013-11-27T00:00:00",
            db: "CNVD",
            id: "CNVD-2013-14743",
         },
         {
            date: "2013-11-27T00:00:00",
            db: "CNVD",
            id: "CNVD-2013-14744",
         },
         {
            date: "2013-11-24T00:00:00",
            db: "BID",
            id: "63904",
         },
         {
            date: "2013-11-24T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201311-435",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2013-11-24T00:00:00",
            db: "ZDI",
            id: "ZDI-13-253",
         },
         {
            date: "2013-11-27T00:00:00",
            db: "CNVD",
            id: "CNVD-2013-14743",
         },
         {
            date: "2013-11-27T00:00:00",
            db: "CNVD",
            id: "CNVD-2013-14744",
         },
         {
            date: "2013-11-24T00:00:00",
            db: "BID",
            id: "63904",
         },
         {
            date: "2013-12-23T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201311-435",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201311-435",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "ABB Test Signal Viewer CWGraph3D ActiveX Control Remote Code Execution Vulnerability",
      sources: [
         {
            db: "IVD",
            id: "555598f6-1efb-11e6-abef-000c29c66e3d",
         },
         {
            db: "CNVD",
            id: "CNVD-2013-14743",
         },
         {
            db: "BID",
            id: "63904",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201311-435",
         },
      ],
      trust: 1.7,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "code injection",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201311-435",
         },
      ],
      trust: 0.6,
   },
}