Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for specview by specview
VAR-201301-0096
Vulnerability from variot - Updated: 2023-12-18 14:02Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI. SpecView is a SCADA software. SPECVIEW is a SCADA/HMI product. The WEB server included in SPECVIEW does not properly filter the specially requested requests submitted by users. SpecView is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201301-0096",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "build",
"scope": "lte",
"trust": 1.4,
"vendor": "specview",
"version": "\u003c=2.5853"
},
{
"model": "specview",
"scope": "lte",
"trust": 1.0,
"vendor": "specview",
"version": "2.5"
},
{
"model": "specview",
"scope": "lte",
"trust": 0.8,
"vendor": "specview",
"version": "2.5 build 853"
},
{
"model": "specview",
"scope": "eq",
"trust": 0.6,
"vendor": "specview",
"version": "2.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "specview",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "45954f4e-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "21fe9db6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3475"
},
{
"db": "CNVD",
"id": "CNVD-2013-00456"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001207"
},
{
"db": "NVD",
"id": "CVE-2012-5972"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-553"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:specview:specview:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-5972"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "54243"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-553"
}
],
"trust": 0.9
},
"cve": "CVE-2012-5972",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-5972",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.7,
"id": "CNVD-2012-3475",
"impactScore": 0.0,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:S/C:N/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.7,
"id": "45954f4e-1f62-11e6-abef-000c29c66e3d",
"impactScore": 0.0,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:S/C:N/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "21fe9db6-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-5972",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2012-3475",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201206-553",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "45954f4e-1f62-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "IVD",
"id": "21fe9db6-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "45954f4e-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "21fe9db6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3475"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001207"
},
{
"db": "NVD",
"id": "CVE-2012-5972"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-553"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI. SpecView is a SCADA software. SPECVIEW is a SCADA/HMI product. The WEB server included in SPECVIEW does not properly filter the specially requested requests submitted by users. SpecView is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. \nExploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-5972"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001207"
},
{
"db": "CNVD",
"id": "CNVD-2012-3475"
},
{
"db": "CNVD",
"id": "CNVD-2013-00456"
},
{
"db": "BID",
"id": "54243"
},
{
"db": "IVD",
"id": "45954f4e-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "21fe9db6-2353-11e6-abef-000c29c66e3d"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-5972",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-13-011-02",
"trust": 2.4
},
{
"db": "BID",
"id": "54243",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2012-3475",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-00456",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201206-553",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001207",
"trust": 0.8
},
{
"db": "IVD",
"id": "45954F4E-1F62-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "21FE9DB6-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "45954f4e-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "21fe9db6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3475"
},
{
"db": "CNVD",
"id": "CNVD-2013-00456"
},
{
"db": "BID",
"id": "54243"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001207"
},
{
"db": "NVD",
"id": "CVE-2012-5972"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-553"
}
]
},
"id": "VAR-201301-0096",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "45954f4e-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "21fe9db6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3475"
},
{
"db": "CNVD",
"id": "CNVD-2013-00456"
}
],
"trust": 2.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "45954f4e-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "21fe9db6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3475"
},
{
"db": "CNVD",
"id": "CNVD-2013-00456"
}
]
},
"last_update_date": "2023-12-18T14:02:06.385000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.specview.com"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001207"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001207"
},
{
"db": "NVD",
"id": "CVE-2012-5972"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-13-011-02.pdf"
},
{
"trust": 1.6,
"url": "http://aluigi.altervista.org/adv/specview_1-adv.txt"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5972"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5972"
},
{
"trust": 0.6,
"url": "http://aluigi.org/adv/specview_1-adv.txt"
},
{
"trust": 0.6,
"url": "http://aluigi.altervista.org/adv/specview_1-adv.txthttp"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/54243"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3475"
},
{
"db": "CNVD",
"id": "CNVD-2013-00456"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001207"
},
{
"db": "NVD",
"id": "CVE-2012-5972"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-553"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "45954f4e-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "21fe9db6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3475"
},
{
"db": "CNVD",
"id": "CNVD-2013-00456"
},
{
"db": "BID",
"id": "54243"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001207"
},
{
"db": "NVD",
"id": "CVE-2012-5972"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-553"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-07-03T00:00:00",
"db": "IVD",
"id": "45954f4e-1f62-11e6-abef-000c29c66e3d"
},
{
"date": "2013-01-23T00:00:00",
"db": "IVD",
"id": "21fe9db6-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3475"
},
{
"date": "2013-01-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00456"
},
{
"date": "2012-06-29T00:00:00",
"db": "BID",
"id": "54243"
},
{
"date": "2013-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001207"
},
{
"date": "2013-01-17T16:55:02.237000",
"db": "NVD",
"id": "CVE-2012-5972"
},
{
"date": "2012-06-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-553"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3475"
},
{
"date": "2013-05-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00456"
},
{
"date": "2013-01-14T04:10:00",
"db": "BID",
"id": "54243"
},
{
"date": "2013-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001207"
},
{
"date": "2013-01-18T05:00:00",
"db": "NVD",
"id": "CVE-2012-5972"
},
{
"date": "2013-01-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-553"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201206-553"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SpecView Web Server Directory Traversal Vulnerability",
"sources": [
{
"db": "IVD",
"id": "45954f4e-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3475"
},
{
"db": "BID",
"id": "54243"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-553"
}
],
"trust": 1.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "45954f4e-1f62-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "21fe9db6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-553"
}
],
"trust": 1.0
}
}
VAR-201208-0748
Vulnerability from variot - Updated: 2022-05-17 02:10SPECVIEW is a SCADA/HMI product. The WEB server included in SPECVIEW fails to properly filter the specially requested requests submitted by the user. The attacker can exploit the vulnerability for directory traversal attacks and view the contents of the system files with WEB permissions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201208-0748",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "specview",
"scope": null,
"trust": 0.6,
"vendor": "specview",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "specview",
"version": "*"
},
{
"model": "null",
"scope": "eq",
"trust": 0.2,
"vendor": "specview",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "4c335ba2-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4098"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": null,
"accessVector": null,
"authentication": null,
"author": "IVD",
"availabilityImpact": null,
"baseScore": null,
"confidentialityImpact": null,
"exploitabilityScore": null,
"id": "4c335ba2-1f5d-11e6-abef-000c29c66e3d",
"impactScore": null,
"integrityImpact": null,
"severity": null,
"trust": 0.2,
"vectorString": null,
"version": "unknown"
}
],
"cvssV3": [],
"severity": [
{
"author": "IVD",
"id": "4c335ba2-1f5d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4c335ba2-1f5d-11e6-abef-000c29c66e3d"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SPECVIEW is a SCADA/HMI product. The WEB server included in SPECVIEW fails to properly filter the specially requested requests submitted by the user. The attacker can exploit the vulnerability for directory traversal attacks and view the contents of the system files with WEB permissions",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4098"
},
{
"db": "IVD",
"id": "4c335ba2-1f5d-11e6-abef-000c29c66e3d"
}
],
"trust": 0.72
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-4098",
"trust": 0.8
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-12-214-01",
"trust": 0.6
},
{
"db": "IVD",
"id": "4C335BA2-1F5D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "4c335ba2-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4098"
}
]
},
"id": "VAR-201208-0748",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "4c335ba2-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4098"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "4c335ba2-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4098"
}
]
},
"last_update_date": "2022-05-17T02:10:42.163000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-12-214-01.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4098"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "4c335ba2-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4098"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-07T00:00:00",
"db": "IVD",
"id": "4c335ba2-1f5d-11e6-abef-000c29c66e3d"
},
{
"date": "2012-08-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4098"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4098"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SPECVIEW Directory Traversal Vulnerability",
"sources": [
{
"db": "IVD",
"id": "4c335ba2-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4098"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "4c335ba2-1f5d-11e6-abef-000c29c66e3d"
}
],
"trust": 0.2
}
}
CVE-2012-5972 (GCVE-0-2012-5972)
Vulnerability from nvd – Published: 2013-01-17 16:00 – Updated: 2025-07-07 19:55
VLAI
Title
SpecView Directory Traversal
Summary
Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://aluigi.altervista.org/adv/specview_1-adv.txt | x_refsource_MISC |
| https://www.cisa.gov/news-events/ics-advisories/i… | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-1… | x_refsource_MISCx_transferred |
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/specview_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-02.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SpecView",
"vendor": "SpecView",
"versions": [
{
"lessThanOrEqual": "2.5 Build 853",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luigi Auriemma identified a directory traversal vulnerability affecting SpecView"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDirectory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI.\u003c/p\u003e"
}
],
"value": "Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T19:55:10.421Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/specview_1-adv.txt"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SpecView recommends users download and install the update from their web site which mitigates the vulnerability.\n\n\u003cbr\u003e"
}
],
"value": "SpecView recommends users download and install the update from their web site which mitigates the vulnerability."
}
],
"source": {
"advisory": "ICSA-13-011-02",
"discovery": "EXTERNAL"
},
"title": "SpecView Directory Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-5972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/specview_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/specview_1-adv.txt"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-02.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-02.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-5972",
"datePublished": "2013-01-17T16:00:00.000Z",
"dateReserved": "2012-11-21T00:00:00.000Z",
"dateUpdated": "2025-07-07T19:55:10.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5972 (GCVE-0-2012-5972)
Vulnerability from cvelistv5 – Published: 2013-01-17 16:00 – Updated: 2025-07-07 19:55
VLAI
Title
SpecView Directory Traversal
Summary
Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://aluigi.altervista.org/adv/specview_1-adv.txt | x_refsource_MISC |
| https://www.cisa.gov/news-events/ics-advisories/i… | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-1… | x_refsource_MISCx_transferred |
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/specview_1-adv.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-02.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SpecView",
"vendor": "SpecView",
"versions": [
{
"lessThanOrEqual": "2.5 Build 853",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luigi Auriemma identified a directory traversal vulnerability affecting SpecView"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDirectory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI.\u003c/p\u003e"
}
],
"value": "Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T19:55:10.421Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/specview_1-adv.txt"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-13-011-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SpecView recommends users download and install the update from their web site which mitigates the vulnerability.\n\n\u003cbr\u003e"
}
],
"value": "SpecView recommends users download and install the update from their web site which mitigates the vulnerability."
}
],
"source": {
"advisory": "ICSA-13-011-02",
"discovery": "EXTERNAL"
},
"title": "SpecView Directory Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-5972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/specview_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/specview_1-adv.txt"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-02.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-02.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-5972",
"datePublished": "2013-01-17T16:00:00.000Z",
"dateReserved": "2012-11-21T00:00:00.000Z",
"dateUpdated": "2025-07-07T19:55:10.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}