Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by geovap
VAR-201810-0491
Vulnerability from variot - Updated: 2023-12-18 13:43Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code. Reliance 4 SCADA/HMI Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Geovap Reliance 4 SCADA/HMI is a set of industrial process and building automation monitoring system of GEOVAP company in the Czech Republic. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0491",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "reliance 4",
"scope": "eq",
"trust": 1.0,
"vendor": "geovap",
"version": "4.7.3"
},
{
"model": "reliance 4",
"scope": "lte",
"trust": 1.0,
"vendor": "geovap",
"version": "4.7.3"
},
{
"model": "reliance scada",
"scope": "eq",
"trust": 0.8,
"vendor": "geovap spol s r o",
"version": "4.7.3 update 3 and less"
},
{
"model": "reliance update",
"scope": "eq",
"trust": 0.6,
"vendor": "geovap",
"version": "4\u003c=4.7.33"
},
{
"model": "reliance scada update",
"scope": "eq",
"trust": 0.3,
"vendor": "geovap",
"version": "4.7.33"
},
{
"model": "reliance scada update",
"scope": "eq",
"trust": 0.3,
"vendor": "geovap",
"version": "4.7.32"
},
{
"model": "reliance scada update",
"scope": "eq",
"trust": 0.3,
"vendor": "geovap",
"version": "4.7.31"
},
{
"model": "reliance scada",
"scope": "eq",
"trust": 0.3,
"vendor": "geovap",
"version": "4.7.3"
},
{
"model": "reliance scada",
"scope": "eq",
"trust": 0.3,
"vendor": "geovap",
"version": "4.6"
},
{
"model": "reliance scada",
"scope": "eq",
"trust": 0.3,
"vendor": "geovap",
"version": "4.5"
},
{
"model": "reliance scada",
"scope": "ne",
"trust": 0.3,
"vendor": "geovap",
"version": "4.8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49321"
},
{
"db": "BID",
"id": "105738"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013872"
},
{
"db": "NVD",
"id": "CVE-2018-17904"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:geovap:reliance_4:4.7.3:update_1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:geovap:reliance_4:4.7.3:update_2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:geovap:reliance_4:4.7.3:update_3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:geovap:reliance_4:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.7.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17904"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ismail Mert AY AK",
"sources": [
{
"db": "BID",
"id": "105738"
}
],
"trust": 0.3
},
"cve": "CVE-2018-17904",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-17904",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-49321",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-17904",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-17904",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2020-49321",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-1267",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-17904",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49321"
},
{
"db": "VULMON",
"id": "CVE-2018-17904"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013872"
},
{
"db": "NVD",
"id": "CVE-2018-17904"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1267"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code. Reliance 4 SCADA/HMI Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Geovap Reliance 4 SCADA/HMI is a set of industrial process and building automation monitoring system of GEOVAP company in the Czech Republic. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17904"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013872"
},
{
"db": "CNVD",
"id": "CNVD-2020-49321"
},
{
"db": "BID",
"id": "105738"
},
{
"db": "VULMON",
"id": "CVE-2018-17904"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-17904",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-18-298-01",
"trust": 3.4
},
{
"db": "BID",
"id": "105738",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013872",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-49321",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1267",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-17904",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49321"
},
{
"db": "VULMON",
"id": "CVE-2018-17904"
},
{
"db": "BID",
"id": "105738"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013872"
},
{
"db": "NVD",
"id": "CVE-2018-17904"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1267"
}
]
},
"id": "VAR-201810-0491",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49321"
}
],
"trust": 1.3083333499999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49321"
}
]
},
"last_update_date": "2023-12-18T13:43:33.079000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Reliance SCADA/HMI system for download",
"trust": 0.8,
"url": "https://www.reliance-scada.com/en/download"
},
{
"title": "Patch for Geovap Reliance 4 SCADA/HMI cross-site scripting vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/232264"
},
{
"title": "GEOVAP Reliance 4 SCADA/HMI Security hole Repair measures",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86342"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49321"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013872"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1267"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013872"
},
{
"db": "NVD",
"id": "CVE-2018-17904"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-298-01"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/105738"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17904"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17904"
},
{
"trust": 0.3,
"url": "https://www.reliance-scada.com/en/main"
},
{
"trust": 0.3,
"url": "https://www.reliance-scada.com/en/support/articles/technical/what-is-new-in-reliance480#securitylevel"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49321"
},
{
"db": "VULMON",
"id": "CVE-2018-17904"
},
{
"db": "BID",
"id": "105738"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013872"
},
{
"db": "NVD",
"id": "CVE-2018-17904"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1267"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-49321"
},
{
"db": "VULMON",
"id": "CVE-2018-17904"
},
{
"db": "BID",
"id": "105738"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013872"
},
{
"db": "NVD",
"id": "CVE-2018-17904"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1267"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-49321"
},
{
"date": "2018-10-25T00:00:00",
"db": "VULMON",
"id": "CVE-2018-17904"
},
{
"date": "2018-10-25T00:00:00",
"db": "BID",
"id": "105738"
},
{
"date": "2019-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013872"
},
{
"date": "2018-10-25T22:29:00.220000",
"db": "NVD",
"id": "CVE-2018-17904"
},
{
"date": "2018-10-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1267"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-49321"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-17904"
},
{
"date": "2018-10-25T00:00:00",
"db": "BID",
"id": "105738"
},
{
"date": "2019-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013872"
},
{
"date": "2019-10-09T23:37:01.817000",
"db": "NVD",
"id": "CVE-2018-17904"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1267"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1267"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geovap Reliance 4 SCADA/HMI cross-site scripting vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-49321"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1267"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1267"
}
],
"trust": 0.6
}
}
VAR-201712-0117
Vulnerability from variot - Updated: 2023-12-18 13:08A Cross-site Scripting issue was discovered in Geovap Reliance SCADA Version 4.7.3 Update 2 and prior. This vulnerability could allow an unauthenticated attacker to inject arbitrary code. Reliance is a professional SCADA/HMI system designed for visualization and control of industrial processes as well as building and home automation. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0117",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "reliance-scada",
"scope": "eq",
"trust": 1.6,
"vendor": "geovap",
"version": "4.7.3"
},
{
"model": "reliance-scada",
"scope": "eq",
"trust": 1.0,
"vendor": "geovap",
"version": "4.7.2"
},
{
"model": "reliance-scada",
"scope": "lte",
"trust": 1.0,
"vendor": "geovap",
"version": "4.7.1"
},
{
"model": "reliance scada",
"scope": "lte",
"trust": 0.8,
"vendor": "geovap spol s r o",
"version": "4.7.3 update 2"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "reliance scada",
"version": "4.7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "reliance scada",
"version": "4.7.3"
},
{
"model": "reliance scada update",
"scope": "lte",
"trust": 0.6,
"vendor": "geovap",
"version": "\u003c=v4.7.32"
},
{
"model": "reliance scada update",
"scope": "eq",
"trust": 0.3,
"vendor": "geovap",
"version": "4.7.32"
},
{
"model": "reliance scada update",
"scope": "eq",
"trust": 0.3,
"vendor": "geovap",
"version": "4.7.31"
},
{
"model": "reliance scada",
"scope": "eq",
"trust": 0.3,
"vendor": "geovap",
"version": "4.7.3"
},
{
"model": "reliance scada",
"scope": "eq",
"trust": 0.3,
"vendor": "geovap",
"version": "4.6"
},
{
"model": "reliance scada",
"scope": "eq",
"trust": 0.3,
"vendor": "geovap",
"version": "4.5"
},
{
"model": "reliance scada update",
"scope": "ne",
"trust": 0.3,
"vendor": "geovap",
"version": "4.7.33"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "reliance scada",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2dee4c0-39ab-11e9-8cbe-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-35814"
},
{
"db": "BID",
"id": "102031"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010953"
},
{
"db": "NVD",
"id": "CVE-2017-16721"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1262"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:geovap:reliance-scada:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.7.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:geovap:reliance-scada:4.7.3:update1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:geovap:reliance-scada:4.7.2:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:geovap:reliance-scada:4.7.2:update1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:geovap:reliance-scada:4.7.2:update2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:geovap:reliance-scada:4.7.3:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:geovap:reliance-scada:4.7.3:update2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16721"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Can Demirel",
"sources": [
{
"db": "BID",
"id": "102031"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1262"
}
],
"trust": 0.9
},
"cve": "CVE-2017-16721",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-16721",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-35814",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2dee4c0-39ab-11e9-8cbe-000c29342cb1",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-16721",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-16721",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-35814",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-1262",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2dee4c0-39ab-11e9-8cbe-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2dee4c0-39ab-11e9-8cbe-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-35814"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010953"
},
{
"db": "NVD",
"id": "CVE-2017-16721"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1262"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Cross-site Scripting issue was discovered in Geovap Reliance SCADA Version 4.7.3 Update 2 and prior. This vulnerability could allow an unauthenticated attacker to inject arbitrary code. Reliance is a professional SCADA/HMI system designed for visualization and control of industrial processes as well as building and home automation. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16721"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010953"
},
{
"db": "CNVD",
"id": "CNVD-2017-35814"
},
{
"db": "BID",
"id": "102031"
},
{
"db": "IVD",
"id": "e2dee4c0-39ab-11e9-8cbe-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-16721",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-334-02",
"trust": 3.3
},
{
"db": "BID",
"id": "102031",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-35814",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1262",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010953",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2DEE4C0-39AB-11E9-8CBE-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2dee4c0-39ab-11e9-8cbe-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-35814"
},
{
"db": "BID",
"id": "102031"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010953"
},
{
"db": "NVD",
"id": "CVE-2017-16721"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1262"
}
]
},
"id": "VAR-201712-0117",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2dee4c0-39ab-11e9-8cbe-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-35814"
}
],
"trust": 1.4666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2dee4c0-39ab-11e9-8cbe-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-35814"
}
]
},
"last_update_date": "2023-12-18T13:08:40.573000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Reliance SCADA/HMI system for download",
"trust": 0.8,
"url": "https://www.reliance-scada.com/en/download"
},
{
"title": "Patch for Geovap Reliance SCADA Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/107563"
},
{
"title": "GEOVAP Relliance SCADA Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76861"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35814"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010953"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1262"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010953"
},
{
"db": "NVD",
"id": "CVE-2017-16721"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-334-02"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/102031"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16721"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16721"
},
{
"trust": 0.3,
"url": "https://www.reliance-scada.com/en/main"
},
{
"trust": 0.3,
"url": "https://www.reliance-scada.com/files-to-download/documentation/reliance4/reliancehistory_enu.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35814"
},
{
"db": "BID",
"id": "102031"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010953"
},
{
"db": "NVD",
"id": "CVE-2017-16721"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1262"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2dee4c0-39ab-11e9-8cbe-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-35814"
},
{
"db": "BID",
"id": "102031"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010953"
},
{
"db": "NVD",
"id": "CVE-2017-16721"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1262"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-01T00:00:00",
"db": "IVD",
"id": "e2dee4c0-39ab-11e9-8cbe-000c29342cb1"
},
{
"date": "2017-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35814"
},
{
"date": "2017-11-30T00:00:00",
"db": "BID",
"id": "102031"
},
{
"date": "2017-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010953"
},
{
"date": "2017-12-04T15:29:00.193000",
"db": "NVD",
"id": "CVE-2017-16721"
},
{
"date": "2017-12-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-1262"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35814"
},
{
"date": "2017-12-19T22:37:00",
"db": "BID",
"id": "102031"
},
{
"date": "2017-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010953"
},
{
"date": "2019-10-09T23:25:14.643000",
"db": "NVD",
"id": "CVE-2017-16721"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-1262"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-1262"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geovap Reliance SCADA Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2dee4c0-39ab-11e9-8cbe-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-35814"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-1262"
}
],
"trust": 0.6
}
}
CVE-2018-17904 (GCVE-0-2018-17904)
Vulnerability from cvelistv5 – Published: 2018-10-25 22:00 – Updated: 2024-08-05 11:01
VLAI
Summary
Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code.
Severity
No CVSS data available.
CWE
- CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/105738 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-298-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GEOVAP | Reliance 4 SCADA/HMI |
Affected:
Version 4.7.3 Update 3 and prior.
|
Date Public
2018-10-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105738",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105738"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-298-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Reliance 4 SCADA/HMI",
"vendor": "GEOVAP",
"versions": [
{
"status": "affected",
"version": "Version 4.7.3 Update 3 and prior."
}
]
}
],
"datePublic": "2018-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-26T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "105738",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105738"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-298-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-17904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reliance 4 SCADA/HMI",
"version": {
"version_data": [
{
"version_value": "Version 4.7.3 Update 3 and prior."
}
]
}
}
]
},
"vendor_name": "GEOVAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105738",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105738"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-298-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-298-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-17904",
"datePublished": "2018-10-25T22:00:00.000Z",
"dateReserved": "2018-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:01:14.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16721 (GCVE-0-2017-16721)
Vulnerability from cvelistv5 – Published: 2017-12-04 15:00 – Updated: 2024-08-05 20:35
VLAI
Summary
A Cross-site Scripting issue was discovered in Geovap Reliance SCADA Version 4.7.3 Update 2 and prior. This vulnerability could allow an unauthenticated attacker to inject arbitrary code.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/102031 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-334-02 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Geovap Reliance SCADA |
Affected:
Geovap Reliance SCADA
|
Date Public
2017-12-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:20.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102031",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-334-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Geovap Reliance SCADA",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Geovap Reliance SCADA"
}
]
}
],
"datePublic": "2017-12-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting issue was discovered in Geovap Reliance SCADA Version 4.7.3 Update 2 and prior. This vulnerability could allow an unauthenticated attacker to inject arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-05T10:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "102031",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-334-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-16721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Geovap Reliance SCADA",
"version": {
"version_data": [
{
"version_value": "Geovap Reliance SCADA"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting issue was discovered in Geovap Reliance SCADA Version 4.7.3 Update 2 and prior. This vulnerability could allow an unauthenticated attacker to inject arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102031",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102031"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-334-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-334-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-16721",
"datePublished": "2017-12-04T15:00:00.000Z",
"dateReserved": "2017-11-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:35:20.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17904 (GCVE-0-2018-17904)
Vulnerability from nvd – Published: 2018-10-25 22:00 – Updated: 2024-08-05 11:01
VLAI
Summary
Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code.
Severity
No CVSS data available.
CWE
- CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/105738 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-298-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GEOVAP | Reliance 4 SCADA/HMI |
Affected:
Version 4.7.3 Update 3 and prior.
|
Date Public
2018-10-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105738",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105738"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-298-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Reliance 4 SCADA/HMI",
"vendor": "GEOVAP",
"versions": [
{
"status": "affected",
"version": "Version 4.7.3 Update 3 and prior."
}
]
}
],
"datePublic": "2018-10-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-26T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "105738",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105738"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-298-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-17904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reliance 4 SCADA/HMI",
"version": {
"version_data": [
{
"version_value": "Version 4.7.3 Update 3 and prior."
}
]
}
}
]
},
"vendor_name": "GEOVAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105738",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105738"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-298-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-298-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-17904",
"datePublished": "2018-10-25T22:00:00.000Z",
"dateReserved": "2018-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:01:14.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16721 (GCVE-0-2017-16721)
Vulnerability from nvd – Published: 2017-12-04 15:00 – Updated: 2024-08-05 20:35
VLAI
Summary
A Cross-site Scripting issue was discovered in Geovap Reliance SCADA Version 4.7.3 Update 2 and prior. This vulnerability could allow an unauthenticated attacker to inject arbitrary code.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/102031 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-334-02 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Geovap Reliance SCADA |
Affected:
Geovap Reliance SCADA
|
Date Public
2017-12-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:20.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102031",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-334-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Geovap Reliance SCADA",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Geovap Reliance SCADA"
}
]
}
],
"datePublic": "2017-12-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting issue was discovered in Geovap Reliance SCADA Version 4.7.3 Update 2 and prior. This vulnerability could allow an unauthenticated attacker to inject arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-05T10:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "102031",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-334-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-16721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Geovap Reliance SCADA",
"version": {
"version_data": [
{
"version_value": "Geovap Reliance SCADA"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting issue was discovered in Geovap Reliance SCADA Version 4.7.3 Update 2 and prior. This vulnerability could allow an unauthenticated attacker to inject arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102031",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102031"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-334-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-334-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-16721",
"datePublished": "2017-12-04T15:00:00.000Z",
"dateReserved": "2017-11-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:35:20.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}