Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by Accuenergy
VAR-201604-0066
Vulnerability from variot - Updated: 2023-12-18 13:24The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL. AccuenergyAcuvim II and IIR are Accuenergy's multi-function network power meters, which provide power parameter measurement, four-quadrant energy metering and over-limit alarms. AXN-NET is one of the Ethernet module accessories. Accuenergy Acuvim II\IIR series are prone to multiple authentication-bypass vulnerabilities and an information-disclosure vulnerability. Attackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0066",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "acuvim iir net",
"scope": "lte",
"trust": 1.0,
"vendor": "accuenergy",
"version": "3.08"
},
{
"model": "acuvim ii net",
"scope": "lte",
"trust": 1.0,
"vendor": "accuenergy",
"version": "3.08"
},
{
"model": "acuvim ii",
"scope": null,
"trust": 0.8,
"vendor": "accuenergy",
"version": null
},
{
"model": "acuvim ii net",
"scope": "eq",
"trust": 0.8,
"vendor": "accuenergy",
"version": "3.08"
},
{
"model": "acuvim iir",
"scope": null,
"trust": 0.8,
"vendor": "accuenergy",
"version": null
},
{
"model": "acuvim iir net",
"scope": "eq",
"trust": 0.8,
"vendor": "accuenergy",
"version": "3.08"
},
{
"model": "acuvim ii",
"scope": "eq",
"trust": 0.6,
"vendor": "accuenergy",
"version": "3.08"
},
{
"model": "iir axn-net",
"scope": "eq",
"trust": 0.6,
"vendor": "accuenergy",
"version": "3.08"
},
{
"model": "acuvim iir",
"scope": "eq",
"trust": 0.6,
"vendor": "accuenergy",
"version": null
},
{
"model": "acuvim ii",
"scope": "eq",
"trust": 0.6,
"vendor": "accuenergy",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02339"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002359"
},
{
"db": "NVD",
"id": "CVE-2016-2293"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-323"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:accuenergy:acuvim_iir:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:accuenergy:acuvim_iir_net_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.08",
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:accuenergy:acuvim_ii:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:accuenergy:acuvim_ii_net_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.08",
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2293"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Rupp",
"sources": [
{
"db": "BID",
"id": "86082"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-323"
}
],
"trust": 0.9
},
"cve": "CVE-2016-2293",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-2293",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02339",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-91112",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-2293",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-2293",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-02339",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-323",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-91112",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-2293",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02339"
},
{
"db": "VULHUB",
"id": "VHN-91112"
},
{
"db": "VULMON",
"id": "CVE-2016-2293"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002359"
},
{
"db": "NVD",
"id": "CVE-2016-2293"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-323"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL. AccuenergyAcuvim II and IIR are Accuenergy\u0027s multi-function network power meters, which provide power parameter measurement, four-quadrant energy metering and over-limit alarms. AXN-NET is one of the Ethernet module accessories. Accuenergy Acuvim II\\IIR series are prone to multiple authentication-bypass vulnerabilities and an information-disclosure vulnerability. \nAttackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2293"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002359"
},
{
"db": "CNVD",
"id": "CNVD-2016-02339"
},
{
"db": "BID",
"id": "86082"
},
{
"db": "VULHUB",
"id": "VHN-91112"
},
{
"db": "VULMON",
"id": "CVE-2016-2293"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2293",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-105-02",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002359",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-323",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-02339",
"trust": 0.6
},
{
"db": "BID",
"id": "86082",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-91112",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-2293",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02339"
},
{
"db": "VULHUB",
"id": "VHN-91112"
},
{
"db": "VULMON",
"id": "CVE-2016-2293"
},
{
"db": "BID",
"id": "86082"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002359"
},
{
"db": "NVD",
"id": "CVE-2016-2293"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-323"
}
]
},
"id": "VAR-201604-0066",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02339"
},
{
"db": "VULHUB",
"id": "VHN-91112"
}
],
"trust": 1.3527777749999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02339"
}
]
},
"last_update_date": "2023-12-18T13:24:39.237000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.accuenergy.com/"
},
{
"title": "Patch for modifying the vulnerability of AccuenergyAcuvimII and IIRAXN-NET modules",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/74345"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02339"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002359"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91112"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002359"
},
{
"db": "NVD",
"id": "CVE-2016-2293"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2293"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2293"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/86082"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02339"
},
{
"db": "VULHUB",
"id": "VHN-91112"
},
{
"db": "VULMON",
"id": "CVE-2016-2293"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002359"
},
{
"db": "NVD",
"id": "CVE-2016-2293"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-323"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-02339"
},
{
"db": "VULHUB",
"id": "VHN-91112"
},
{
"db": "VULMON",
"id": "CVE-2016-2293"
},
{
"db": "BID",
"id": "86082"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002359"
},
{
"db": "NVD",
"id": "CVE-2016-2293"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-323"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02339"
},
{
"date": "2016-04-21T00:00:00",
"db": "VULHUB",
"id": "VHN-91112"
},
{
"date": "2016-04-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-2293"
},
{
"date": "2016-04-14T00:00:00",
"db": "BID",
"id": "86082"
},
{
"date": "2016-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002359"
},
{
"date": "2016-04-21T11:00:10.103000",
"db": "NVD",
"id": "CVE-2016-2293"
},
{
"date": "2016-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-323"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02339"
},
{
"date": "2016-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-91112"
},
{
"date": "2016-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2016-2293"
},
{
"date": "2016-04-14T00:00:00",
"db": "BID",
"id": "86082"
},
{
"date": "2016-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002359"
},
{
"date": "2016-04-28T18:06:02.143000",
"db": "NVD",
"id": "CVE-2016-2293"
},
{
"date": "2016-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-323"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-323"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Accuenergy Acuvim II and Acuvim IIR of NET Firmware AXM-NET Vulnerabilities whose settings are acquired in modules",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002359"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-323"
}
],
"trust": 0.6
}
}
VAR-201604-0067
Vulnerability from variot - Updated: 2023-12-18 13:24The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover a cleartext mail-server password via unspecified vectors. Accuenergy Acuvim II\IIR series are prone to multiple authentication-bypass vulnerabilities and an information-disclosure vulnerability. Attackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks. Both Accuenergy Acuvim II and IIR are multi-functional network power meters of Accuenergy Company in the United States, which provide functions such as power parameter measurement, four-quadrant electric energy measurement and limit alarm. AXN-NET is one of the Ethernet module accessories
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0067",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "acuvim iir net",
"scope": "lte",
"trust": 1.0,
"vendor": "accuenergy",
"version": "3.08"
},
{
"model": "acuvim ii net",
"scope": "lte",
"trust": 1.0,
"vendor": "accuenergy",
"version": "3.08"
},
{
"model": "acuvim ii",
"scope": null,
"trust": 0.8,
"vendor": "accuenergy",
"version": null
},
{
"model": "acuvim ii net",
"scope": "eq",
"trust": 0.8,
"vendor": "accuenergy",
"version": "3.08"
},
{
"model": "acuvim iir",
"scope": null,
"trust": 0.8,
"vendor": "accuenergy",
"version": null
},
{
"model": "acuvim iir net",
"scope": "eq",
"trust": 0.8,
"vendor": "accuenergy",
"version": "3.08"
},
{
"model": "acuvim iir",
"scope": "eq",
"trust": 0.6,
"vendor": "accuenergy",
"version": null
},
{
"model": "acuvim ii",
"scope": "eq",
"trust": 0.6,
"vendor": "accuenergy",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002360"
},
{
"db": "NVD",
"id": "CVE-2016-2294"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-324"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:accuenergy:acuvim_ii:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:accuenergy:acuvim_ii_net_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.08",
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:accuenergy:acuvim_iir:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:accuenergy:acuvim_iir_net_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.08",
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2294"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Rupp",
"sources": [
{
"db": "BID",
"id": "86082"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-324"
}
],
"trust": 0.9
},
"cve": "CVE-2016-2294",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-2294",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-91113",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-2294",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-2294",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-324",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-91113",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91113"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002360"
},
{
"db": "NVD",
"id": "CVE-2016-2294"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-324"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover a cleartext mail-server password via unspecified vectors. Accuenergy Acuvim II\\IIR series are prone to multiple authentication-bypass vulnerabilities and an information-disclosure vulnerability. \nAttackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks. Both Accuenergy Acuvim II and IIR are multi-functional network power meters of Accuenergy Company in the United States, which provide functions such as power parameter measurement, four-quadrant electric energy measurement and limit alarm. AXN-NET is one of the Ethernet module accessories",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2294"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002360"
},
{
"db": "BID",
"id": "86082"
},
{
"db": "VULHUB",
"id": "VHN-91113"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2294",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSA-16-105-02",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002360",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-324",
"trust": 0.7
},
{
"db": "BID",
"id": "86082",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-91113",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91113"
},
{
"db": "BID",
"id": "86082"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002360"
},
{
"db": "NVD",
"id": "CVE-2016-2294"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-324"
}
]
},
"id": "VAR-201604-0067",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-91113"
}
],
"trust": 0.40555555
},
"last_update_date": "2023-12-18T13:24:39.208000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.accuenergy.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002360"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91113"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002360"
},
{
"db": "NVD",
"id": "CVE-2016-2294"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2294"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2294"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91113"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002360"
},
{
"db": "NVD",
"id": "CVE-2016-2294"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-324"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-91113"
},
{
"db": "BID",
"id": "86082"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002360"
},
{
"db": "NVD",
"id": "CVE-2016-2294"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-324"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-21T00:00:00",
"db": "VULHUB",
"id": "VHN-91113"
},
{
"date": "2016-04-14T00:00:00",
"db": "BID",
"id": "86082"
},
{
"date": "2016-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002360"
},
{
"date": "2016-04-21T11:00:11.073000",
"db": "NVD",
"id": "CVE-2016-2294"
},
{
"date": "2016-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-324"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-91113"
},
{
"date": "2016-04-14T00:00:00",
"db": "BID",
"id": "86082"
},
{
"date": "2016-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002360"
},
{
"date": "2016-04-28T18:04:02.430000",
"db": "NVD",
"id": "CVE-2016-2294"
},
{
"date": "2016-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-324"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-324"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Accuenergy Acuvim II and Acuvim IIR of NET Firmware AXM-NET Vulnerability in obtaining plaintext mail server password in module",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002360"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-324"
}
],
"trust": 0.6
}
}
VAR-201411-0076
Vulnerability from variot - Updated: 2023-12-18 12:45The web server on the AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to bypass authentication and modify settings via a direct request to an unspecified URL. Accuenergy Acuvim II is prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. AXN-NET Ethernet module 3.04 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0076",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "axm-net",
"scope": "eq",
"trust": 1.6,
"vendor": "accuenergy",
"version": "3.04"
},
{
"model": "acuvim ii",
"scope": "eq",
"trust": 1.0,
"vendor": "accuenergy",
"version": null
},
{
"model": "acuvim ii",
"scope": null,
"trust": 0.8,
"vendor": "accuenergy",
"version": null
},
{
"model": "axn-net",
"scope": "eq",
"trust": 0.8,
"vendor": "accuenergy",
"version": "3.04"
},
{
"model": "axn-net ethernet module",
"scope": "eq",
"trust": 0.3,
"vendor": "accuenergy",
"version": "3.04"
}
],
"sources": [
{
"db": "BID",
"id": "70852"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005229"
},
{
"db": "NVD",
"id": "CVE-2014-2373"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-006"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:accuenergy:axm-net:3.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:accuenergy:acuvim_ii:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2373"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Laisvis Lingvevicius",
"sources": [
{
"db": "BID",
"id": "70852"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-006"
}
],
"trust": 0.9
},
"cve": "CVE-2014-2373",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-2373",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2373",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201411-006",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005229"
},
{
"db": "NVD",
"id": "CVE-2014-2373"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-006"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web server on the AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to bypass authentication and modify settings via a direct request to an unspecified URL. Accuenergy Acuvim II is prone to a remote authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. \nAXN-NET Ethernet module 3.04 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2373"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005229"
},
{
"db": "BID",
"id": "70852"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-14-275-02",
"trust": 2.7
},
{
"db": "NVD",
"id": "CVE-2014-2373",
"trust": 2.7
},
{
"db": "BID",
"id": "70852",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005229",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201411-006",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "70852"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005229"
},
{
"db": "NVD",
"id": "CVE-2014-2373"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-006"
}
]
},
"id": "VAR-201411-0076",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.30555555
},
"last_update_date": "2023-12-18T12:45:13.905000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release Notes",
"trust": 0.8,
"url": "http://www.accuenergy.com/firmware-update-axm-net"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005229"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005229"
},
{
"db": "NVD",
"id": "CVE-2014-2373"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-275-02"
},
{
"trust": 1.6,
"url": "http://www.accuenergy.com/firmware-update-axm-net"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2373"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2373"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/70852"
},
{
"trust": 0.3,
"url": "http://www.accuenergy.com/acuvim-ii-series-multifunction-power-meter"
}
],
"sources": [
{
"db": "BID",
"id": "70852"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005229"
},
{
"db": "NVD",
"id": "CVE-2014-2373"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-006"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "70852"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005229"
},
{
"db": "NVD",
"id": "CVE-2014-2373"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-006"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-30T00:00:00",
"db": "BID",
"id": "70852"
},
{
"date": "2014-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005229"
},
{
"date": "2014-11-05T11:55:04.637000",
"db": "NVD",
"id": "CVE-2014-2373"
},
{
"date": "2014-10-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-006"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-30T00:00:00",
"db": "BID",
"id": "70852"
},
{
"date": "2014-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005229"
},
{
"date": "2014-11-05T22:44:47.710000",
"db": "NVD",
"id": "CVE-2014-2373"
},
{
"date": "2014-12-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-006"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-006"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Accuenergy Acuvim II for AXN-NET Ethernet Run on module accessories Web server Vulnerabilities that bypass authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005229"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-006"
}
],
"trust": 0.6
}
}
VAR-201411-0077
Vulnerability from variot - Updated: 2023-12-18 12:45The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript. Accuenergy Acuvim II is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and gain access to potentially sensitive information.This may lead to further attacks. AXN-NET Ethernet module 3.04 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0077",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "axm-net",
"scope": "eq",
"trust": 1.6,
"vendor": "accuenergy",
"version": "3.04"
},
{
"model": "acuvim ii",
"scope": "eq",
"trust": 1.0,
"vendor": "accuenergy",
"version": null
},
{
"model": "acuvim ii",
"scope": null,
"trust": 0.8,
"vendor": "accuenergy",
"version": null
},
{
"model": "axn-net",
"scope": "eq",
"trust": 0.8,
"vendor": "accuenergy",
"version": "3.04"
},
{
"model": "axn-net ethernet module",
"scope": "eq",
"trust": 0.3,
"vendor": "accuenergy",
"version": "3.04"
}
],
"sources": [
{
"db": "BID",
"id": "70853"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005230"
},
{
"db": "NVD",
"id": "CVE-2014-2374"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-007"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:accuenergy:axm-net:3.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:accuenergy:acuvim_ii:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2374"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Laisvis Lingvevicius",
"sources": [
{
"db": "BID",
"id": "70853"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-007"
}
],
"trust": 0.9
},
"cve": "CVE-2014-2374",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-2374",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2374",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201411-007",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005230"
},
{
"db": "NVD",
"id": "CVE-2014-2374"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-007"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript. Accuenergy Acuvim II is prone to a remote security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and gain access to potentially sensitive information.This may lead to further attacks. \nAXN-NET Ethernet module 3.04 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2374"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005230"
},
{
"db": "BID",
"id": "70853"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-14-275-02",
"trust": 2.7
},
{
"db": "NVD",
"id": "CVE-2014-2374",
"trust": 2.7
},
{
"db": "BID",
"id": "70853",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005230",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201411-007",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "70853"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005230"
},
{
"db": "NVD",
"id": "CVE-2014-2374"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-007"
}
]
},
"id": "VAR-201411-0077",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.30555555
},
"last_update_date": "2023-12-18T12:45:13.879000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release Notes",
"trust": 0.8,
"url": "http://www.accuenergy.com/firmware-update-axm-net"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005230"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005230"
},
{
"db": "NVD",
"id": "CVE-2014-2374"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-275-02"
},
{
"trust": 1.6,
"url": "http://www.accuenergy.com/firmware-update-axm-net"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2374"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2374"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/70853"
},
{
"trust": 0.3,
"url": "http://www.accuenergy.com/acuvim-ii-series-multifunction-power-meter"
}
],
"sources": [
{
"db": "BID",
"id": "70853"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005230"
},
{
"db": "NVD",
"id": "CVE-2014-2374"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-007"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "70853"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005230"
},
{
"db": "NVD",
"id": "CVE-2014-2374"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-007"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-30T00:00:00",
"db": "BID",
"id": "70853"
},
{
"date": "2014-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005230"
},
{
"date": "2014-11-05T11:55:04.683000",
"db": "NVD",
"id": "CVE-2014-2374"
},
{
"date": "2014-10-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-007"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-30T00:00:00",
"db": "BID",
"id": "70853"
},
{
"date": "2014-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005230"
},
{
"date": "2014-11-05T22:45:41.217000",
"db": "NVD",
"id": "CVE-2014-2374"
},
{
"date": "2014-11-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-007"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-007"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Accuenergy Acuvim II for AXN-NET Ethernet Module accessory vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005230"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-007"
}
],
"trust": 0.6
}
}
CVE-2016-2294 (GCVE-0-2016-2294)
Vulnerability from nvd – Published: 2016-04-21 10:00 – Updated: 2024-08-05 23:24
VLAI
Summary
The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover a cleartext mail-server password via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-16-105-02 | x_refsource_MISC |
Date Public
2016-04-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover a cleartext mail-server password via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-21T06:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover a cleartext mail-server password via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-2294",
"datePublished": "2016-04-21T10:00:00.000Z",
"dateReserved": "2016-02-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2293 (GCVE-0-2016-2293)
Vulnerability from nvd – Published: 2016-04-21 10:00 – Updated: 2024-08-05 23:24
VLAI
Summary
The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-16-105-02 | x_refsource_MISC |
Date Public
2016-04-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-21T06:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-2293",
"datePublished": "2016-04-21T10:00:00.000Z",
"dateReserved": "2016-02-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2374 (GCVE-0-2014-2374)
Vulnerability from nvd – Published: 2014-11-05 11:00 – Updated: 2025-10-13 22:40
VLAI
Title
Accuenergy Accuenergy Acuvim II Client-Side Enforcement of Server-Side Security
Summary
The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.accuenergy.com/firmware-update-axm-net | x_refsource_CONFIRM |
| https://www.cisa.gov/news-events/ics-advisories/i… | |
| https://ics-cert.us-cert.gov/advisories/ICSA-14-275-02 | x_refsource_MISCx_transferred |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Accuenergy | Accuenergy Acuvim II AXN-NET Ethernet module |
Affected:
v.3.04
|
Date Public
2014-10-30 06:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.accuenergy.com/firmware-update-axm-net"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-275-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Accuenergy Acuvim II AXN-NET Ethernet module",
"vendor": "Accuenergy",
"versions": [
{
"status": "affected",
"version": "v.3.04"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Laisvis Lingvevicius"
}
],
"datePublic": "2014-10-30T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nThe AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript.\n\n\u003c/p\u003e"
}
],
"value": "The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-13T22:40:16.562Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.accuenergy.com/firmware-update-axm-net"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-275-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAccuenergy has produced a patch to mitigate these vulnerabilities. The patch can be downloaded at the following location:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.accuenergy.com/firmware-update-axm-net\"\u003ehttp://www.accuenergy.com/firmware-update-axm-net\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Accuenergy has produced a patch to mitigate these vulnerabilities. The patch can be downloaded at the following location:\u00a0 http://www.accuenergy.com/firmware-update-axm-net"
}
],
"source": {
"advisory": "ICSA-14-275-02",
"discovery": "EXTERNAL"
},
"title": "Accuenergy Accuenergy Acuvim II Client-Side Enforcement of Server-Side Security",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web server on the AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to bypass authentication and modify settings via a direct request to an unspecified URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.accuenergy.com/firmware-update-axm-net",
"refsource": "CONFIRM",
"url": "http://www.accuenergy.com/firmware-update-axm-net"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-275-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-275-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2374",
"datePublished": "2014-11-05T11:00:00.000Z",
"dateReserved": "2014-03-13T00:00:00.000Z",
"dateUpdated": "2025-10-13T22:40:16.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2373 (GCVE-0-2014-2373)
Vulnerability from nvd – Published: 2014-11-05 11:00 – Updated: 2025-10-13 22:39
VLAI
Title
Accuenergy Accuenergy Acuvim II Client-Side Enforcement of Server-Side Security
Summary
The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.accuenergy.com/firmware-update-axm-net | x_refsource_CONFIRM |
| https://www.cisa.gov/news-events/ics-advisories/i… | |
| https://ics-cert.us-cert.gov/advisories/ICSA-14-275-02 | x_refsource_MISCx_transferred |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Accuenergy | Accuenergy Acuvim II AXN-NET Ethernet module |
Affected:
v.3.04
|
Date Public
2014-10-30 06:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.accuenergy.com/firmware-update-axm-net"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-275-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Accuenergy Acuvim II AXN-NET Ethernet module",
"vendor": "Accuenergy",
"versions": [
{
"status": "affected",
"version": "v.3.04"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Laisvis Lingvevicius"
}
],
"datePublic": "2014-10-30T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nThe AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript.\n\n\u003c/p\u003e"
}
],
"value": "The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-13T22:39:34.813Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.accuenergy.com/firmware-update-axm-net"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-275-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAccuenergy has produced a patch to mitigate these vulnerabilities. The patch can be downloaded at the following location:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.accuenergy.com/firmware-update-axm-net\"\u003ehttp://www.accuenergy.com/firmware-update-axm-net\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Accuenergy has produced a patch to mitigate these vulnerabilities. The patch can be downloaded at the following location:\u00a0 http://www.accuenergy.com/firmware-update-axm-net"
}
],
"source": {
"advisory": "ICSA-14-275-02",
"discovery": "EXTERNAL"
},
"title": "Accuenergy Accuenergy Acuvim II Client-Side Enforcement of Server-Side Security",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web server on the AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to bypass authentication and modify settings via a direct request to an unspecified URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.accuenergy.com/firmware-update-axm-net",
"refsource": "CONFIRM",
"url": "http://www.accuenergy.com/firmware-update-axm-net"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-275-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-275-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2373",
"datePublished": "2014-11-05T11:00:00.000Z",
"dateReserved": "2014-03-13T00:00:00.000Z",
"dateUpdated": "2025-10-13T22:39:34.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2293 (GCVE-0-2016-2293)
Vulnerability from cvelistv5 – Published: 2016-04-21 10:00 – Updated: 2024-08-05 23:24
VLAI
Summary
The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-16-105-02 | x_refsource_MISC |
Date Public
2016-04-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-21T06:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-2293",
"datePublished": "2016-04-21T10:00:00.000Z",
"dateReserved": "2016-02-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2294 (GCVE-0-2016-2294)
Vulnerability from cvelistv5 – Published: 2016-04-21 10:00 – Updated: 2024-08-05 23:24
VLAI
Summary
The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover a cleartext mail-server password via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-16-105-02 | x_refsource_MISC |
Date Public
2016-04-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover a cleartext mail-server password via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-21T06:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-2294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover a cleartext mail-server password via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-2294",
"datePublished": "2016-04-21T10:00:00.000Z",
"dateReserved": "2016-02-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2374 (GCVE-0-2014-2374)
Vulnerability from cvelistv5 – Published: 2014-11-05 11:00 – Updated: 2025-10-13 22:40
VLAI
Title
Accuenergy Accuenergy Acuvim II Client-Side Enforcement of Server-Side Security
Summary
The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.accuenergy.com/firmware-update-axm-net | x_refsource_CONFIRM |
| https://www.cisa.gov/news-events/ics-advisories/i… | |
| https://ics-cert.us-cert.gov/advisories/ICSA-14-275-02 | x_refsource_MISCx_transferred |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Accuenergy | Accuenergy Acuvim II AXN-NET Ethernet module |
Affected:
v.3.04
|
Date Public
2014-10-30 06:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.accuenergy.com/firmware-update-axm-net"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-275-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Accuenergy Acuvim II AXN-NET Ethernet module",
"vendor": "Accuenergy",
"versions": [
{
"status": "affected",
"version": "v.3.04"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Laisvis Lingvevicius"
}
],
"datePublic": "2014-10-30T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nThe AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript.\n\n\u003c/p\u003e"
}
],
"value": "The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-13T22:40:16.562Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.accuenergy.com/firmware-update-axm-net"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-275-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAccuenergy has produced a patch to mitigate these vulnerabilities. The patch can be downloaded at the following location:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.accuenergy.com/firmware-update-axm-net\"\u003ehttp://www.accuenergy.com/firmware-update-axm-net\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Accuenergy has produced a patch to mitigate these vulnerabilities. The patch can be downloaded at the following location:\u00a0 http://www.accuenergy.com/firmware-update-axm-net"
}
],
"source": {
"advisory": "ICSA-14-275-02",
"discovery": "EXTERNAL"
},
"title": "Accuenergy Accuenergy Acuvim II Client-Side Enforcement of Server-Side Security",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web server on the AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to bypass authentication and modify settings via a direct request to an unspecified URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.accuenergy.com/firmware-update-axm-net",
"refsource": "CONFIRM",
"url": "http://www.accuenergy.com/firmware-update-axm-net"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-275-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-275-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2374",
"datePublished": "2014-11-05T11:00:00.000Z",
"dateReserved": "2014-03-13T00:00:00.000Z",
"dateUpdated": "2025-10-13T22:40:16.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2373 (GCVE-0-2014-2373)
Vulnerability from cvelistv5 – Published: 2014-11-05 11:00 – Updated: 2025-10-13 22:39
VLAI
Title
Accuenergy Accuenergy Acuvim II Client-Side Enforcement of Server-Side Security
Summary
The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.accuenergy.com/firmware-update-axm-net | x_refsource_CONFIRM |
| https://www.cisa.gov/news-events/ics-advisories/i… | |
| https://ics-cert.us-cert.gov/advisories/ICSA-14-275-02 | x_refsource_MISCx_transferred |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Accuenergy | Accuenergy Acuvim II AXN-NET Ethernet module |
Affected:
v.3.04
|
Date Public
2014-10-30 06:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.accuenergy.com/firmware-update-axm-net"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-275-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Accuenergy Acuvim II AXN-NET Ethernet module",
"vendor": "Accuenergy",
"versions": [
{
"status": "affected",
"version": "v.3.04"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Laisvis Lingvevicius"
}
],
"datePublic": "2014-10-30T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nThe AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript.\n\n\u003c/p\u003e"
}
],
"value": "The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-13T22:39:34.813Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.accuenergy.com/firmware-update-axm-net"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-275-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAccuenergy has produced a patch to mitigate these vulnerabilities. The patch can be downloaded at the following location:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.accuenergy.com/firmware-update-axm-net\"\u003ehttp://www.accuenergy.com/firmware-update-axm-net\u003c/a\u003e\u003c/p\u003e"
}
],
"value": "Accuenergy has produced a patch to mitigate these vulnerabilities. The patch can be downloaded at the following location:\u00a0 http://www.accuenergy.com/firmware-update-axm-net"
}
],
"source": {
"advisory": "ICSA-14-275-02",
"discovery": "EXTERNAL"
},
"title": "Accuenergy Accuenergy Acuvim II Client-Side Enforcement of Server-Side Security",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web server on the AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to bypass authentication and modify settings via a direct request to an unspecified URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.accuenergy.com/firmware-update-axm-net",
"refsource": "CONFIRM",
"url": "http://www.accuenergy.com/firmware-update-axm-net"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-275-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-275-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2373",
"datePublished": "2014-11-05T11:00:00.000Z",
"dateReserved": "2014-03-13T00:00:00.000Z",
"dateUpdated": "2025-10-13T22:39:34.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}