cvelistv5 - cve-2016-9155

CVE-2016-9155 (GCVE-0-2016-9155)

Vulnerability from cvelistv5 – Published: 2016-11-22 11:00 – Updated: 2024-08-06 02:42

Summary

Severity ?

No CVSS data available.

CWE

incorrect access control

Assigner

siemens

References

URL

Tags

	https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01	x_refsource_MISC
	http://www.securityfocus.com/bid/94392	vdb-entryx_refsource_BID
	https://www.siemens.com/cert/pool/cert/siemens_se…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	SIEMENS-branded IP Cameras	Affected: SIEMENS-branded IP Cameras

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:42:10.946Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01"
          },
          {
            "name": "94392",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94392"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SIEMENS-branded IP Cameras",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "SIEMENS-branded IP Cameras"
            }
          ]
        }
      ],
      "datePublic": "2016-11-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 prior to version v2635_SP1 could allow an attacker with network access to the web server to obtain administrative credentials under certain circumstances."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "incorrect access control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-20T21:57:01",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01"
        },
        {
          "name": "94392",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94392"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2016-9155",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIEMENS-branded IP Cameras",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SIEMENS-branded IP Cameras"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 prior to version v2635_SP1 could allow an attacker with network access to the web server to obtain administrative credentials under certain circumstances."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "incorrect access control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01"
            },
            {
              "name": "94392",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94392"
            },
            {
              "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf",
              "refsource": "CONFIRM",
              "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2016-9155",
    "datePublished": "2016-11-22T11:00:00",
    "dateReserved": "2016-11-03T00:00:00",
    "dateUpdated": "2024-08-06T02:42:10.946Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:ccid1445-dn18_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E1F039AE-D526-4F43-9007-9C00E2C08880\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:ccid1445-dn28_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88EC5887-45C6-422E-8E57-D9331546254A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:ccid1445-dn36_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA09D0D1-9895-4BD8-A42A-80CBEFE6990C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:ccis1425_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6B2762A-0D97-46E0-9D21-56FEE35F1F0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:ccmd3025-dn18_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F46EA075-F169-4B14-8D60-0C93DA3C06AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:ccms2025_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1FD79F66-2F40-4E95-B4F9-8359D7FF93CB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:ccmw1025_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D39231DE-FFAD-4DA5-B4BD-3171909C129D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:ccmw3025_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5AA99FEA-3A7A-44A3-BEDE-7E1157DFDCB3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:ccpw3025_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B386F53B-8E9B-43A8-9DD6-54664AC1C255\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:cfis1425_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C325746A-F539-4898-95DF-F8EFC6B8710A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:cfms2025_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FCDBAC23-33B7-432C-A47F-932927595CE6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:cfmw1025_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A5D60B9-0FF6-4494-BDBC-2E2EFD57062A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:cfmw3025_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"215EE58B-4A87-4575-86B0-04591EF01BF5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:cvms2025-ir_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0FC5EB6-902C-47AD-B1BF-41F372724C02\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:cvmw3025-ir_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57A3B0ED-CAE7-490B-B3B1-D514D9B4B9C8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:ccid1445-dn18:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EA97AA5-3B1F-484C-AAD8-3B8335A0A547\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:ccid1445-dn28:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8402FE84-6E6F-486D-B8FF-7C24FD5D7019\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:ccid1445-dn36:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E87FD167-D791-4212-9508-53C93A2E3130\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:ccis1425:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BADA712-0889-45EF-A635-9591D5E21575\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:ccmd3025-dn18:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F7D9909-BCDA-4E51-B043-B0433228EFAA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:ccms2025:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D180A778-773C-45B0-B3C2-4F99D9C717F5\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:ccmw1025:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCE30250-D0F6-420F-825E-7125F80D4F5E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:ccmw3025:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"187F4405-E61D-4290-8989-DF3895DD6D4C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:ccpw3025:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D56F30E-F04C-4B19-B6E6-035EC1C8BE10\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:cfis1425:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C39C97F-C32E-4978-8DD7-BB4FAA1890F7\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:cfms2025:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"13FE39BC-EEFD-4947-8013-A9435B02171E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:cfmw1025:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"162D8C69-BD7E-4669-8B0C-85DF4D3A2DAE\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:cfmw3025:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3752984B-8E03-4F37-88B7-34903B23D88E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:cvms2025-ir:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF169F60-23B3-4D8E-9146-C2724791A862\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:cvmw3025-ir:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C548CBA4-A662-4EF9-A911-61371C92DD26\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 prior to version v2635_SP1 could allow an attacker with network access to the web server to obtain administrative credentials under certain circumstances.\"}, {\"lang\": \"es\", \"value\": \"Los siguientes IP de modelos de c\\u00e1mara de marca SIEMENS CCMW3025, CVMW3025-IR, CFMW3025 anterior a la versi\\u00f3n 1.41_SP18_S1; CCPW3025, CCPW5025 anterior a la versi\\u00f3n 0.1.73_S1; CCMD3025-DN18 anterior a la versi\\u00f3n v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 anterior a la versi\\u00f3n v2635_SP1 podr\\u00eda permitir a un atacante con acceso de red al servidor web obtener credenciales administrativas bajo ciertas circunstancias.\"}]",
      "id": "CVE-2016-9155",
      "lastModified": "2024-11-21T03:00:42.830",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2016-11-22T11:59:00.163",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/94392\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Mitigation\", \"Third Party Advisory\", \"US Government Resource\", \"VDB Entry\"]}, {\"url\": \"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/94392\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Third Party Advisory\", \"US Government Resource\", \"VDB Entry\"]}, {\"url\": \"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "productcert@siemens.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-9155\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2016-11-22T11:59:00.163\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 prior to version v2635_SP1 could allow an attacker with network access to the web server to obtain administrative credentials under certain circumstances.\"},{\"lang\":\"es\",\"value\":\"Los siguientes IP de modelos de c\u00e1mara de marca SIEMENS CCMW3025, CVMW3025-IR, CFMW3025 anterior a la versi\u00f3n 1.41_SP18_S1; CCPW3025, CCPW5025 anterior a la versi\u00f3n 0.1.73_S1; CCMD3025-DN18 anterior a la versi\u00f3n v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 anterior a la versi\u00f3n v2635_SP1 podr\u00eda permitir a un atacante con acceso de red al servidor web obtener credenciales administrativas bajo ciertas circunstancias.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ccid1445-dn18_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1F039AE-D526-4F43-9007-9C00E2C08880\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ccid1445-dn28_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88EC5887-45C6-422E-8E57-D9331546254A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ccid1445-dn36_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA09D0D1-9895-4BD8-A42A-80CBEFE6990C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ccis1425_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6B2762A-0D97-46E0-9D21-56FEE35F1F0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ccmd3025-dn18_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F46EA075-F169-4B14-8D60-0C93DA3C06AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ccms2025_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FD79F66-2F40-4E95-B4F9-8359D7FF93CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ccmw1025_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D39231DE-FFAD-4DA5-B4BD-3171909C129D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ccmw3025_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AA99FEA-3A7A-44A3-BEDE-7E1157DFDCB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ccpw3025_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B386F53B-8E9B-43A8-9DD6-54664AC1C255\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:cfis1425_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C325746A-F539-4898-95DF-F8EFC6B8710A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:cfms2025_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCDBAC23-33B7-432C-A47F-932927595CE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:cfmw1025_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A5D60B9-0FF6-4494-BDBC-2E2EFD57062A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:cfmw3025_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"215EE58B-4A87-4575-86B0-04591EF01BF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:cvms2025-ir_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0FC5EB6-902C-47AD-B1BF-41F372724C02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:cvmw3025-ir_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57A3B0ED-CAE7-490B-B3B1-D514D9B4B9C8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ccid1445-dn18:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EA97AA5-3B1F-484C-AAD8-3B8335A0A547\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ccid1445-dn28:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8402FE84-6E6F-486D-B8FF-7C24FD5D7019\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ccid1445-dn36:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E87FD167-D791-4212-9508-53C93A2E3130\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ccis1425:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BADA712-0889-45EF-A635-9591D5E21575\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ccmd3025-dn18:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F7D9909-BCDA-4E51-B043-B0433228EFAA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ccms2025:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D180A778-773C-45B0-B3C2-4F99D9C717F5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ccmw1025:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCE30250-D0F6-420F-825E-7125F80D4F5E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ccmw3025:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"187F4405-E61D-4290-8989-DF3895DD6D4C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ccpw3025:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D56F30E-F04C-4B19-B6E6-035EC1C8BE10\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:cfis1425:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C39C97F-C32E-4978-8DD7-BB4FAA1890F7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:cfms2025:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13FE39BC-EEFD-4947-8013-A9435B02171E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:cfmw1025:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"162D8C69-BD7E-4669-8B0C-85DF4D3A2DAE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:cfmw3025:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3752984B-8E03-4F37-88B7-34903B23D88E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:cvms2025-ir:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF169F60-23B3-4D8E-9146-C2724791A862\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:cvmw3025-ir:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C548CBA4-A662-4EF9-A911-61371C92DD26\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/94392\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\",\"VDB Entry\"]},{\"url\":\"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/94392\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\",\"VDB Entry\"]},{\"url\":\"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2016-11370

Vulnerability from cnvd - Published: 2016-11-17

Title

SIEMENS-branded IP-based CCTV cameras信息泄露漏洞

Description

CCMW3025、CVMW3025-IR、CFMW3025、CCPW3025等是SIEMENS公司的IP摄像头产品。 SIEMENS-branded IP-based CCTV cameras存在信息泄露漏洞。拥有web服务器网络访问权限的攻击者利用漏洞可通过发送特定的请求获得服务器管理凭证，获取敏感信息。

Severity

高

Patch Name

SIEMENS-branded IP-based CCTV cameras信息泄露漏洞的补丁

Patch Description

Formal description

厂商已提供漏洞修补方案，请关注如下链接及时更新： https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf

Reference

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf

Impacted products

Name
['SIEMENS CCMW3025 <1.41_SP18_S1', 'SIEMENS CVMW3025-IR <1.41_SP18_S1', 'SIEMENS CFMW3025 <1.41_SP18_S1', 'SIEMENS CCPW3025 <0.1.73_S1', 'SIEMENS CCPW5025 <0.1.73_S1', 'SIEMENS CCID1445-DN18 <2635', 'SIEMENS CCMD3025-DN18 <1.394_S1', 'SIEMENS CCID1445-DN28 <2635', 'SIEMENS CCID1445-DN36 <2635', 'SIEMENS CFIS1425 <2635', 'SIEMENS CCIS1425 <2635', 'SIEMENS CFMS2025 <2635', 'SIEMENS CCMS2025 <2635', 'SIEMENS CVMS2025-IR <2635', 'SIEMENS CFMW1025 <2635', 'SIEMENS CCMW1025 <2635']

Name

['SIEMENS CCMW3025 <1.41_SP18_S1', 'SIEMENS CVMW3025-IR <1.41_SP18_S1', 'SIEMENS CFMW3025 <1.41_SP18_S1', 'SIEMENS CCPW3025 <0.1.73_S1', 'SIEMENS CCPW5025 <0.1.73_S1', 'SIEMENS CCID1445-DN18 <2635', 'SIEMENS CCMD3025-DN18 <1.394_S1', 'SIEMENS CCID1445-DN28 <2635', 'SIEMENS CCID1445-DN36 <2635', 'SIEMENS CFIS1425 <2635', 'SIEMENS CCIS1425 <2635', 'SIEMENS CFMS2025 <2635', 'SIEMENS CCMS2025 <2635', 'SIEMENS CVMS2025-IR <2635', 'SIEMENS CFMW1025 <2635', 'SIEMENS CCMW1025 <2635']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "94392"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-9155"
    }
  },
  "description": "CCMW3025\u3001CVMW3025-IR\u3001CFMW3025\u3001CCPW3025\u7b49\u662fSIEMENS\u516c\u53f8\u7684IP\u6444\u50cf\u5934\u4ea7\u54c1\u3002\r\n\r\nSIEMENS-branded IP-based CCTV cameras\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u62e5\u6709web\u670d\u52a1\u5668\u7f51\u7edc\u8bbf\u95ee\u6743\u9650\u7684\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5b9a\u7684\u8bf7\u6c42\u83b7\u5f97\u670d\u52a1\u5668\u7ba1\u7406\u51ed\u8bc1\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "The vendor reported this issue.",
  "formalWay": "\u5382\u5546\u5df2\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u8865\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5982\u4e0b\u94fe\u63a5\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttps://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-11370",
  "openTime": "2016-11-17",
  "patchDescription": "CCMW3025\u3001CVMW3025-IR\u3001CFMW3025\u3001CCPW3025\u7b49\u662fSIEMENS\u516c\u53f8\u7684IP\u6444\u50cf\u5934\u4ea7\u54c1\u3002\r\n\r\nSIEMENS-branded IP-based CCTV cameras\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u62e5\u6709web\u670d\u52a1\u5668\u7f51\u7edc\u8bbf\u95ee\u6743\u9650\u7684\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5b9a\u7684\u8bf7\u6c42\u83b7\u5f97\u670d\u52a1\u5668\u7ba1\u7406\u51ed\u8bc1\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SIEMENS-branded IP-based CCTV cameras\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SIEMENS CCMW3025 \u003c1.41_SP18_S1",
      "SIEMENS CVMW3025-IR \u003c1.41_SP18_S1",
      "SIEMENS CFMW3025 \u003c1.41_SP18_S1",
      "SIEMENS CCPW3025 \u003c0.1.73_S1",
      "SIEMENS CCPW5025 \u003c0.1.73_S1",
      "SIEMENS CCID1445-DN18 \u003c2635",
      "SIEMENS CCMD3025-DN18 \u003c1.394_S1",
      "SIEMENS CCID1445-DN28 \u003c2635",
      "SIEMENS CCID1445-DN36 \u003c2635",
      "SIEMENS CFIS1425 \u003c2635",
      "SIEMENS CCIS1425 \u003c2635",
      "SIEMENS CFMS2025 \u003c2635",
      "SIEMENS CCMS2025 \u003c2635",
      "SIEMENS CVMS2025-IR \u003c2635",
      "SIEMENS CFMW1025 \u003c2635",
      "SIEMENS CCMW1025 \u003c2635"
    ]
  },
  "referenceLink": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf",
  "serverity": "\u9ad8",
  "submitTime": "2016-11-17",
  "title": "SIEMENS-branded IP-based CCTV cameras\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CERTFR-2016-AVI-383

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans SCADA les caméras IP-CCTV Siemens. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	Siemens CFMS2025 versions antérieures à v2635
Siemens	N/A	Siemens CCMW1025 versions antérieures à v2635
Siemens	N/A	Siemens CCMD3025-DN18 versions antérieures à v1.394_S1
Siemens	N/A	Siemens CCMS2025 versions antérieures à v2635
Siemens	N/A	Siemens CFMW1025 versions antérieures à v2635
Siemens	N/A	Siemens CCMW3025 versions antérieures à 1.41_SP18_S1
Siemens	N/A	Siemens CCPW5025 versions antérieures à 0.1.73_S1
Siemens	N/A	Siemens CCPW3025 versions antérieures à 0.1.73_S1
Siemens	N/A	Siemens CVMW33025-IR versions antérieures à 1.41_SP18_S1
Siemens	N/A	Siemens CFMW3025 versions antérieures à 1.41_SP18_S1
Siemens	N/A	Siemens CCID1445-DN28 versions antérieures à v2635
Siemens	N/A	Siemens CCID1445-DN18 versions antérieures à v2635
Siemens	N/A	Siemens CCID1445-DN36 versions antérieures à v2635
Siemens	N/A	Siemens CFIS1425 versions antérieures à v2635
Siemens	N/A	Siemens VMS2025-IR versions antérieures à v2635
Siemens	N/A	Siemens CCIS1425 versions antérieures à v2635

References

Title

Publication Time

Tags

Bulletin de sécurité SCADA Siemens du 16 novembre 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Siemens CFMS2025 versions ant\u00e9rieures \u00e0 v2635",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CCMW1025 versions ant\u00e9rieures \u00e0 v2635",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CCMD3025-DN18 versions ant\u00e9rieures \u00e0 v1.394_S1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CCMS2025 versions ant\u00e9rieures \u00e0 v2635",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CFMW1025 versions ant\u00e9rieures \u00e0 v2635",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CCMW3025 versions ant\u00e9rieures \u00e0 1.41_SP18_S1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CCPW5025 versions ant\u00e9rieures \u00e0 0.1.73_S1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CCPW3025 versions ant\u00e9rieures \u00e0 0.1.73_S1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CVMW33025-IR versions ant\u00e9rieures \u00e0 1.41_SP18_S1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CFMW3025 versions ant\u00e9rieures \u00e0 1.41_SP18_S1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CCID1445-DN28 versions ant\u00e9rieures \u00e0 v2635",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CCID1445-DN18 versions ant\u00e9rieures \u00e0 v2635",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CCID1445-DN36 versions ant\u00e9rieures \u00e0 v2635",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CFIS1425 versions ant\u00e9rieures \u00e0 v2635",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens VMS2025-IR versions ant\u00e9rieures \u00e0 v2635",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CCIS1425 versions ant\u00e9rieures \u00e0 v2635",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-9155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9155"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-383",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-11-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eSCADA les\ncam\u00e9ras IP-CCTV Siemens\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer\nun contournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans SCADA les cam\u00e9ras IP-CCTV Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens du 16 novembre 2016",
      "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-284765.pdf"
    }
  ]
}

CERTFR-2016-AVI-383

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	Siemens CFMS2025 versions antérieures à v2635
Siemens	N/A	Siemens CCMW1025 versions antérieures à v2635
Siemens	N/A	Siemens CCMD3025-DN18 versions antérieures à v1.394_S1
Siemens	N/A	Siemens CCMS2025 versions antérieures à v2635
Siemens	N/A	Siemens CFMW1025 versions antérieures à v2635
Siemens	N/A	Siemens CCMW3025 versions antérieures à 1.41_SP18_S1
Siemens	N/A	Siemens CCPW5025 versions antérieures à 0.1.73_S1
Siemens	N/A	Siemens CCPW3025 versions antérieures à 0.1.73_S1
Siemens	N/A	Siemens CVMW33025-IR versions antérieures à 1.41_SP18_S1
Siemens	N/A	Siemens CFMW3025 versions antérieures à 1.41_SP18_S1
Siemens	N/A	Siemens CCID1445-DN28 versions antérieures à v2635
Siemens	N/A	Siemens CCID1445-DN18 versions antérieures à v2635
Siemens	N/A	Siemens CCID1445-DN36 versions antérieures à v2635
Siemens	N/A	Siemens CFIS1425 versions antérieures à v2635
Siemens	N/A	Siemens VMS2025-IR versions antérieures à v2635
Siemens	N/A	Siemens CCIS1425 versions antérieures à v2635

References

Title

Publication Time

Tags

Bulletin de sécurité SCADA Siemens du 16 novembre 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Siemens CFMS2025 versions ant\u00e9rieures \u00e0 v2635",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CCMW1025 versions ant\u00e9rieures \u00e0 v2635",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CCMD3025-DN18 versions ant\u00e9rieures \u00e0 v1.394_S1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CCMS2025 versions ant\u00e9rieures \u00e0 v2635",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CFMW1025 versions ant\u00e9rieures \u00e0 v2635",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CCMW3025 versions ant\u00e9rieures \u00e0 1.41_SP18_S1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CCPW5025 versions ant\u00e9rieures \u00e0 0.1.73_S1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CCPW3025 versions ant\u00e9rieures \u00e0 0.1.73_S1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CVMW33025-IR versions ant\u00e9rieures \u00e0 1.41_SP18_S1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CFMW3025 versions ant\u00e9rieures \u00e0 1.41_SP18_S1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CCID1445-DN28 versions ant\u00e9rieures \u00e0 v2635",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CCID1445-DN18 versions ant\u00e9rieures \u00e0 v2635",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CCID1445-DN36 versions ant\u00e9rieures \u00e0 v2635",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CFIS1425 versions ant\u00e9rieures \u00e0 v2635",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens VMS2025-IR versions ant\u00e9rieures \u00e0 v2635",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens CCIS1425 versions ant\u00e9rieures \u00e0 v2635",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-9155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9155"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-383",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-11-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eSCADA les\ncam\u00e9ras IP-CCTV Siemens\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer\nun contournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans SCADA les cam\u00e9ras IP-CCTV Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens du 16 novembre 2016",
      "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-284765.pdf"
    }
  ]
}

ICSA-16-322-01

Vulnerability from csaf_cisa - Published: 2016-08-21 06:00 - Updated: 2025-06-05 22:02

Summary

Vanderbilt Industries Siemens IP CCTV Cameras Vulnerability

Notes

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation.

Recommended Practices

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Recommended Practices

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

Recommended Practices

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-16-322-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2016/icsa-16-322-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-16-322-01 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-16-322-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      }
    ],
    "title": "Vanderbilt Industries Siemens IP CCTV Cameras Vulnerability",
    "tracking": {
      "current_release_date": "2025-06-05T22:02:40.536934Z",
      "generator": {
        "date": "2025-06-05T22:02:40.536875Z",
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-16-322-01",
      "initial_release_date": "2016-08-21T06:00:00.000000Z",
      "revision_history": [
        {
          "date": "2016-08-21T06:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        },
        {
          "date": "2025-06-05T22:02:40.536934Z",
          "legacy_version": "CSAF Conversion",
          "number": "2",
          "summary": "Advisory converted into a CSAF"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.41_SP18_S1",
                "product": {
                  "name": "Vanderbilt Industries CCMW3025: \u003c1.41_SP18_S1",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "CCMW3025"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.41_SP18_S1",
                "product": {
                  "name": "Vanderbilt Industries CVMW3025-IR: \u003c1.41_SP18_S1",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "CVMW3025-IR"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.41_SP18_S1",
                "product": {
                  "name": "Vanderbilt Industries CFMW3025: \u003c1.41_SP18_S1",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "CFMW3025"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c0.1.73_S1",
                "product": {
                  "name": "Vanderbilt Industries CCPW3025: \u003c0.1.73_S1",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "CCPW3025"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c0.1.73_S1",
                "product": {
                  "name": "Vanderbilt Industries CCPW5025: \u003c0.1.73_S1",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "CCPW5025"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cv1.394_S1",
                "product": {
                  "name": "Vanderbilt Industries CCMD3025-DN18: \u003cv1.394_S1",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "CCMD3025-DN18"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cv2635",
                "product": {
                  "name": "Vanderbilt Industries CCID1445-DN18: \u003cv2635",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "CCID1445-DN18"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cv2635",
                "product": {
                  "name": "Vanderbilt Industries CCID1445-DN28: \u003cv2635",
                  "product_id": "CSAFPID-0008"
                }
              }
            ],
            "category": "product_name",
            "name": "CCID1445-DN28"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cv2635",
                "product": {
                  "name": "Vanderbilt Industries CCID1445-DN36: \u003cv2635",
                  "product_id": "CSAFPID-0009"
                }
              }
            ],
            "category": "product_name",
            "name": "CCID1445-DN36"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cv2635",
                "product": {
                  "name": "Vanderbilt Industries CFIS1425: \u003cv2635",
                  "product_id": "CSAFPID-0010"
                }
              }
            ],
            "category": "product_name",
            "name": "CFIS1425"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cv2635",
                "product": {
                  "name": "Vanderbilt Industries CCIS1425: \u003cv2635",
                  "product_id": "CSAFPID-0011"
                }
              }
            ],
            "category": "product_name",
            "name": "CCIS1425"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cv2635",
                "product": {
                  "name": "Vanderbilt Industries CFMS2025: \u003cv2635",
                  "product_id": "CSAFPID-0012"
                }
              }
            ],
            "category": "product_name",
            "name": "CFMS2025"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cv2635",
                "product": {
                  "name": "Vanderbilt Industries CCMS2025: \u003cv2635",
                  "product_id": "CSAFPID-0013"
                }
              }
            ],
            "category": "product_name",
            "name": "CCMS2025"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cv2635",
                "product": {
                  "name": "Vanderbilt Industries CVMS2025-IR: \u003cv2635",
                  "product_id": "CSAFPID-0014"
                }
              }
            ],
            "category": "product_name",
            "name": "CVMS2025-IR"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cv2635",
                "product": {
                  "name": "Vanderbilt Industries CFMW1025: \u003cv2635",
                  "product_id": "CSAFPID-0015"
                }
              }
            ],
            "category": "product_name",
            "name": "CFMW1025"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cv2635",
                "product": {
                  "name": "Vanderbilt Industries CCMW1025: \u003cv2635",
                  "product_id": "CSAFPID-0016"
                }
              }
            ],
            "category": "product_name",
            "name": "CCMW1025"
          }
        ],
        "category": "vendor",
        "name": "Vanderbilt Industries"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-9155",
      "cwe": {
        "id": "CWE-522",
        "name": "Insufficiently Protected Credentials"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 prior to version v2635_SP1 could allow an attacker with network access to the web server to obtain administrative credentials under certain circumstances.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-0010",
          "CSAFPID-0011",
          "CSAFPID-0012",
          "CSAFPID-0013",
          "CSAFPID-0014",
          "CSAFPID-0015",
          "CSAFPID-0016"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Vanderbilt has released updates to mitigate this vulnerability. For links to the new versions for each of the affected models, please see Siemens Security Advisory SSA-284765 at the following location: (http://www.siemens.com/cert/advisories)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016"
          ],
          "url": "http://www.siemens.com/cert/advisories"
        },
        {
          "category": "mitigation",
          "details": "Siemens recommends that users operate the devices within trusted networks and protect network access to the devices with appropriate mechanisms. Siemens also recommends enabling authentication on the web server.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016"
          ]
        }
      ]
    }
  ]
}

FKIE_CVE-2016-9155

Vulnerability from fkie_nvd - Published: 2016-11-22 11:59 - Updated: 2025-04-12 10:46

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
productcert@siemens.com	http://www.securityfocus.com/bid/94392	Third Party Advisory, VDB Entry
productcert@siemens.com	https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01	Mitigation, Third Party Advisory, US Government Resource, VDB Entry
productcert@siemens.com	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94392	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01	Mitigation, Third Party Advisory, US Government Resource, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
siemens	ccid1445-dn18_firmware	-
siemens	ccid1445-dn28_firmware	-
siemens	ccid1445-dn36_firmware	-
siemens	ccis1425_firmware	-
siemens	ccmd3025-dn18_firmware	-
siemens	ccms2025_firmware	-
siemens	ccmw1025_firmware	-
siemens	ccmw3025_firmware	-
siemens	ccpw3025_firmware	-
siemens	cfis1425_firmware	-
siemens	cfms2025_firmware	-
siemens	cfmw1025_firmware	-
siemens	cfmw3025_firmware	-
siemens	cvms2025-ir_firmware	-
siemens	cvmw3025-ir_firmware	-
siemens	ccid1445-dn18	-
siemens	ccid1445-dn28	-
siemens	ccid1445-dn36	-
siemens	ccis1425	-
siemens	ccmd3025-dn18	-
siemens	ccms2025	-
siemens	ccmw1025	-
siemens	ccmw3025	-
siemens	ccpw3025	-
siemens	cfis1425	-
siemens	cfms2025	-
siemens	cfmw1025	-
siemens	cfmw3025	-
siemens	cvms2025-ir	-
siemens	cvmw3025-ir	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:ccid1445-dn18_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1F039AE-D526-4F43-9007-9C00E2C08880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:ccid1445-dn28_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "88EC5887-45C6-422E-8E57-D9331546254A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:ccid1445-dn36_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA09D0D1-9895-4BD8-A42A-80CBEFE6990C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:ccis1425_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6B2762A-0D97-46E0-9D21-56FEE35F1F0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:ccmd3025-dn18_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F46EA075-F169-4B14-8D60-0C93DA3C06AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:ccms2025_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FD79F66-2F40-4E95-B4F9-8359D7FF93CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:ccmw1025_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D39231DE-FFAD-4DA5-B4BD-3171909C129D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:ccmw3025_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AA99FEA-3A7A-44A3-BEDE-7E1157DFDCB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:ccpw3025_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B386F53B-8E9B-43A8-9DD6-54664AC1C255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:cfis1425_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C325746A-F539-4898-95DF-F8EFC6B8710A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:cfms2025_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCDBAC23-33B7-432C-A47F-932927595CE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:cfmw1025_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A5D60B9-0FF6-4494-BDBC-2E2EFD57062A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:cfmw3025_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "215EE58B-4A87-4575-86B0-04591EF01BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:cvms2025-ir_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0FC5EB6-902C-47AD-B1BF-41F372724C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:cvmw3025-ir_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57A3B0ED-CAE7-490B-B3B1-D514D9B4B9C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:ccid1445-dn18:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EA97AA5-3B1F-484C-AAD8-3B8335A0A547",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ccid1445-dn28:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8402FE84-6E6F-486D-B8FF-7C24FD5D7019",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ccid1445-dn36:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E87FD167-D791-4212-9508-53C93A2E3130",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ccis1425:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BADA712-0889-45EF-A635-9591D5E21575",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ccmd3025-dn18:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F7D9909-BCDA-4E51-B043-B0433228EFAA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ccms2025:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D180A778-773C-45B0-B3C2-4F99D9C717F5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ccmw1025:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCE30250-D0F6-420F-825E-7125F80D4F5E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ccmw3025:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "187F4405-E61D-4290-8989-DF3895DD6D4C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:ccpw3025:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D56F30E-F04C-4B19-B6E6-035EC1C8BE10",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:cfis1425:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C39C97F-C32E-4978-8DD7-BB4FAA1890F7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:cfms2025:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "13FE39BC-EEFD-4947-8013-A9435B02171E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:cfmw1025:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "162D8C69-BD7E-4669-8B0C-85DF4D3A2DAE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:cfmw3025:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3752984B-8E03-4F37-88B7-34903B23D88E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:cvms2025-ir:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF169F60-23B3-4D8E-9146-C2724791A862",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:siemens:cvmw3025-ir:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C548CBA4-A662-4EF9-A911-61371C92DD26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 prior to version v2635_SP1 could allow an attacker with network access to the web server to obtain administrative credentials under certain circumstances."
    },
    {
      "lang": "es",
      "value": "Los siguientes IP de modelos de c\u00e1mara de marca SIEMENS CCMW3025, CVMW3025-IR, CFMW3025 anterior a la versi\u00f3n 1.41_SP18_S1; CCPW3025, CCPW5025 anterior a la versi\u00f3n 0.1.73_S1; CCMD3025-DN18 anterior a la versi\u00f3n v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 anterior a la versi\u00f3n v2635_SP1 podr\u00eda permitir a un atacante con acceso de red al servidor web obtener credenciales administrativas bajo ciertas circunstancias."
    }
  ],
  "id": "CVE-2016-9155",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-11-22T11:59:00.163",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94392"
    },
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource",
        "VDB Entry"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01"
    },
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource",
        "VDB Entry"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2016-9155

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-9155

Aliases

CVE-2016-9155

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-9155",
    "description": "The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 prior to version v2635_SP1 could allow an attacker with network access to the web server to obtain administrative credentials under certain circumstances.",
    "id": "GSD-2016-9155"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-9155"
      ],
      "details": "The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 prior to version v2635_SP1 could allow an attacker with network access to the web server to obtain administrative credentials under certain circumstances.",
      "id": "GSD-2016-9155",
      "modified": "2023-12-13T01:21:21.642624Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2016-9155",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SIEMENS-branded IP Cameras",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "SIEMENS-branded IP Cameras"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 prior to version v2635_SP1 could allow an attacker with network access to the web server to obtain administrative credentials under certain circumstances."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "incorrect access control"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01"
          },
          {
            "name": "94392",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/94392"
          },
          {
            "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf",
            "refsource": "CONFIRM",
            "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ccmw1025_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:cvms2025-ir_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ccid1445-dn36_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ccid1445-dn18_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ccms2025_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:cfms2025_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ccis1425_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:cfis1425_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ccpw3025_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:cfmw3025_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:cvmw3025-ir_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ccmw3025_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:cfmw1025_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ccid1445-dn28_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ccmd3025-dn18_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ccmw1025:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:cvms2025-ir:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ccid1445-dn18:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ccpw3025:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:cfms2025:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ccis1425:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:cfis1425:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ccid1445-dn36:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:cfmw3025:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:cvmw3025-ir:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ccmw3025:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:cfmw1025:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ccms2025:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ccid1445-dn28:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ccmd3025-dn18:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2016-9155"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 prior to version v2635_SP1 could allow an attacker with network access to the web server to obtain administrative credentials under certain circumstances."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf"
            },
            {
              "name": "94392",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/94392"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Third Party Advisory",
                "US Government Resource",
                "VDB Entry"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2016-12-23T04:14Z",
      "publishedDate": "2016-11-22T11:59Z"
    }
  }
}

VAR-201611-0334

Vulnerability from variot - Updated: 2023-12-18 12:29

The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 prior to version v2635_SP1 could allow an attacker with network access to the web server to obtain administrative credentials under certain circumstances. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. CCMW3025, CVMW3025-IR, CFMW3025, CCPW3025, etc. are IP camera products of SIEMENS. An information disclosure vulnerability exists in SIEMENS-brandedIP-basedCCTVcameras. Multiple Siemens IP CCTV Cameras are prone to an information disclosure vulnerability. Successful exploits may lead to other attacks. The following device models and versions are affected: CCMW3025 prior to 1.41_SP18_S1, CVMW3025-IR prior to 1.41_SP18_S1, CFMW3025 prior to 1.41_SP18_S1, CCPW3025 prior to 0.1.73_S1, CCPW5025 prior to 0.1.73_S1, CCMD18025-DN18025 Versions prior to v1.394_S1, CCID1445-DN18 prior to v2635, CCID1445-DN28 prior to v2635, CCID1445-DN36 prior to v2635, CFIS1425 prior to v2635, CCIS1425 prior to v2635, CFMS2025 prior to v2635, CCMS2025 Versions prior to v2635, versions prior to CVMS2025-IR v2635, versions prior to CFMW1025 v2635, versions prior to CCMW1025 2635

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201611-0334",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "cfmw3025",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccid1445-dn28",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccpw3025",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "cvmw3025-ir",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccid1445-dn18",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccis1425",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "cfis1425",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccmd3025-dn18",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccmw3025",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccid1445-dn36",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccid1445-dn18",
        "scope": "lt",
        "trust": 1.4,
        "vendor": "siemens",
        "version": "2635"
      },
      {
        "model": "ccid1445-dn28",
        "scope": "lt",
        "trust": 1.4,
        "vendor": "siemens",
        "version": "2635"
      },
      {
        "model": "ccid1445-dn36",
        "scope": "lt",
        "trust": 1.4,
        "vendor": "siemens",
        "version": "2635"
      },
      {
        "model": "cfis1425",
        "scope": "lt",
        "trust": 1.4,
        "vendor": "siemens",
        "version": "2635"
      },
      {
        "model": "ccis1425",
        "scope": "lt",
        "trust": 1.4,
        "vendor": "siemens",
        "version": "2635"
      },
      {
        "model": "cfms2025",
        "scope": "lt",
        "trust": 1.4,
        "vendor": "siemens",
        "version": "2635"
      },
      {
        "model": "ccms2025",
        "scope": "lt",
        "trust": 1.4,
        "vendor": "siemens",
        "version": "2635"
      },
      {
        "model": "cvms2025-ir",
        "scope": "lt",
        "trust": 1.4,
        "vendor": "siemens",
        "version": "2635"
      },
      {
        "model": "cfmw1025",
        "scope": "lt",
        "trust": 1.4,
        "vendor": "siemens",
        "version": "2635"
      },
      {
        "model": "ccmw1025",
        "scope": "lt",
        "trust": 1.4,
        "vendor": "siemens",
        "version": "2635"
      },
      {
        "model": "cvms2025-ir",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccms2025",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "cfms2025",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccmw1025",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "cfmw1025",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccid1445-dn18",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccid1445-dn28",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccid1445-dn36",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccis1425",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccmd3025-dn18",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccmd3025-dn18",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "1.394_s1"
      },
      {
        "model": "ccms2025",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccmw1025",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccmw3025",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccmw3025",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "1.41_sp18_s1"
      },
      {
        "model": "ccpw3025",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccpw3025",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "0.1.73_s1"
      },
      {
        "model": "ccpw5025",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccpw5025",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "0.1.73_s1"
      },
      {
        "model": "cfis1425",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "cfms2025",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "cfmw1025",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "cfmw3025",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "cfmw3025",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "1.41_sp18_s1"
      },
      {
        "model": "cvms2025-ir",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "cvmw3025-ir",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "cvmw3025-ir",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "1.41_sp18_s1"
      },
      {
        "model": "ccmw3025 \u003c1.41 sp18 s1",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "cvmw3025-ir \u003c1.41 sp18 s1",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "cfmw3025 \u003c1.41 sp18 s1",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccpw3025 \u003c0.1.73 s1",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccpw5025 \u003c0.1.73 s1",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccmd3025-dn18 \u003c1.394 s1",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "cvmw3025-ir",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "cvms2025-ir",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "cfmw3025",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "cfmw1025",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "cfms2025",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "cfis1425",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "ccpw5025",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "ccpw3025",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "ccmw3025",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "ccmw1025",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "ccms2025",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "ccmd3025-dn18",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "ccis1425",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "ccid1445-dn36",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "ccid1445-dn28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "ccid1445-dn18",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "cvmw3025-ir 1.41 sp18 s1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "cvms2025-ir",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2635"
      },
      {
        "model": "cfmw3025 1.41 sp18 s1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "cfmw1025",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2635"
      },
      {
        "model": "cfms2025",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2635"
      },
      {
        "model": "cfis1425",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2635"
      },
      {
        "model": "ccpw5025 0.1.73 s1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccpw3025 0.1.73 s1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccmw3025 1.41 sp18 s1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccmw1025",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2635"
      },
      {
        "model": "ccms2025",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2635"
      },
      {
        "model": "ccmd3025-dn18 1.394 s1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ccis1425",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2635"
      },
      {
        "model": "ccid1445-dn36",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2635"
      },
      {
        "model": "ccid1445-dn28",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2635"
      },
      {
        "model": "ccid1445-dn18",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2635"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11370"
      },
      {
        "db": "BID",
        "id": "94392"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005924"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9155"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-433"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ccmw1025_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:cvms2025-ir_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ccid1445-dn36_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ccid1445-dn18_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ccms2025_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:cfms2025_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ccis1425_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:cfis1425_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ccpw3025_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:cfmw3025_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:cvmw3025-ir_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ccmw3025_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:cfmw1025_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ccid1445-dn28_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ccmd3025-dn18_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ccmw1025:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:cvms2025-ir:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ccid1445-dn18:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ccpw3025:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:cfms2025:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ccis1425:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:cfis1425:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ccid1445-dn36:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:cfmw3025:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:cvmw3025-ir:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ccmw3025:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:cfmw1025:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ccms2025:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ccid1445-dn28:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ccmd3025-dn18:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-9155"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "94392"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-9155",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-9155",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2016-11370",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-97975",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-9155",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-9155",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-11370",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201611-433",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-97975",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11370"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97975"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005924"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9155"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-433"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 prior to version v2635_SP1 could allow an attacker with network access to the web server to obtain administrative credentials under certain circumstances. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. CCMW3025, CVMW3025-IR, CFMW3025, CCPW3025, etc. are IP camera products of SIEMENS. An information disclosure vulnerability exists in SIEMENS-brandedIP-basedCCTVcameras. Multiple Siemens IP CCTV Cameras are prone to an information disclosure vulnerability. Successful exploits may lead to other attacks. The following device models and versions are affected: CCMW3025 prior to 1.41_SP18_S1, CVMW3025-IR prior to 1.41_SP18_S1, CFMW3025 prior to 1.41_SP18_S1, CCPW3025 prior to 0.1.73_S1, CCPW5025 prior to 0.1.73_S1, CCMD18025-DN18025 Versions prior to v1.394_S1, CCID1445-DN18 prior to v2635, CCID1445-DN28 prior to v2635, CCID1445-DN36 prior to v2635, CFIS1425 prior to v2635, CCIS1425 prior to v2635, CFMS2025 prior to v2635, CCMS2025 Versions prior to v2635, versions prior to CVMS2025-IR v2635, versions prior to CFMW1025 v2635, versions prior to CCMW1025 2635",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-9155"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005924"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11370"
      },
      {
        "db": "BID",
        "id": "94392"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97975"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-9155",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "94392",
        "trust": 2.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-284765",
        "trust": 2.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-16-322-01",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005924",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-433",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11370",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-97975",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11370"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97975"
      },
      {
        "db": "BID",
        "id": "94392"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005924"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9155"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-433"
      }
    ]
  },
  "id": "VAR-201611-0334",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11370"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97975"
      }
    ],
    "trust": 1.3640625
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11370"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:29:53.735000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-284765",
        "trust": 0.8,
        "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf"
      },
      {
        "title": "SIEMENS-brandedIP-based CCTVcameras patch for information disclosure vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/84081"
      },
      {
        "title": "Multiple Vanderbilt Industries Siemens IP CCTV Cameras Repair measures for device information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65774"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11370"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005924"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-433"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-284",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97975"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005924"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9155"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/94392"
      },
      {
        "trust": 1.4,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-322-01"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9155"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9155"
      },
      {
        "trust": 0.3,
        "url": "http://www.siemens.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11370"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97975"
      },
      {
        "db": "BID",
        "id": "94392"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005924"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9155"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-433"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11370"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97975"
      },
      {
        "db": "BID",
        "id": "94392"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005924"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9155"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-433"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-11370"
      },
      {
        "date": "2016-11-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97975"
      },
      {
        "date": "2016-11-17T00:00:00",
        "db": "BID",
        "id": "94392"
      },
      {
        "date": "2016-11-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005924"
      },
      {
        "date": "2016-11-22T11:59:00.163000",
        "db": "NVD",
        "id": "CVE-2016-9155"
      },
      {
        "date": "2016-11-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201611-433"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-11370"
      },
      {
        "date": "2016-12-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97975"
      },
      {
        "date": "2016-11-24T01:11:00",
        "db": "BID",
        "id": "94392"
      },
      {
        "date": "2016-11-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005924"
      },
      {
        "date": "2016-12-23T04:14:57.760000",
        "db": "NVD",
        "id": "CVE-2016-9155"
      },
      {
        "date": "2016-11-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201611-433"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-433"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  SIEMENS Brand  IP Vulnerability to obtain administrator credentials in camera products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005924"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-433"
      }
    ],
    "trust": 0.6
  }
}

GHSA-862X-M8F9-PHHG

Vulnerability from github – Published: 2022-05-17 03:17 – Updated: 2022-05-17 03:17

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-9155"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-11-22T11:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, CFMW3025 prior to version 1.41_SP18_S1; CCPW3025, CCPW5025 prior to version 0.1.73_S1; CCMD3025-DN18 prior to version v1.394_S1; CCID1445-DN18, CCID1445-DN28, CCID1145-DN36, CFIS1425, CCIS1425, CFMS2025, CCMS2025, CVMS2025-IR, CFMW1025, CCMW1025 prior to version v2635_SP1 could allow an attacker with network access to the web server to obtain administrative credentials under certain circumstances.",
  "id": "GHSA-862x-m8f9-phhg",
  "modified": "2022-05-17T03:17:55Z",
  "published": "2022-05-17T03:17:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9155"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01"
    },
    {
      "type": "WEB",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284765.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94392"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-9155 (GCVE-0-2016-9155)

Solution

Solution

Tags

Sightings

Nomenclature