var-201305-0387
Vulnerability from variot
The Siemens Solid Edge SEListCtrlX ActiveX control \"SetItemReadOnly()\" method has an error that allows an attacker to build a malicious WEB page, convincing the user to parse, and can write certain values to any memory address, causing the application to crash or execute arbitrary code. Siemens Solid Edge is a 3D CAD parametric feature solid modeling software from Siemens (Germany). Provides modeling, assembly design, sketching, simulation, and additional application tools. A memory corruption vulnerability exists in the Siemens Solid Edge SEListCtrlX ActiveX control, which is caused by the program not performing sufficient boundary checks on user-submitted data. An attacker could use this vulnerability to execute arbitrary code in the context of an application (typically IE browser) using ActiveX controls, or it could cause a denial of service. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201305-0387",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "selistctrlx activex control",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "105.x"
},
{
"model": "webparthelper activex control",
"scope": "eq",
"trust": 1.2,
"vendor": "siemens",
"version": "105.x"
},
{
"model": "solid edge st5",
"scope": "eq",
"trust": 1.2,
"vendor": "siemens",
"version": "105.x"
},
{
"model": "webparthelper activex control",
"scope": "eq",
"trust": 0.4,
"vendor": "siemens",
"version": "105.x*"
},
{
"model": "solid edge st5",
"scope": "eq",
"trust": 0.4,
"vendor": "siemens",
"version": "105.x*"
},
{
"model": "solid edge",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
}
],
"sources": [
{
"db": "IVD",
"id": "013fbb94-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "02f1f84e-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06292"
},
{
"db": "CNVD",
"id": "CNVD-2013-06291"
},
{
"db": "BID",
"id": "60158"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "BID",
"id": "60158"
},
{
"db": "BID",
"id": "60161"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-588"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-586"
}
],
"trust": 1.8
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-06292",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-06291",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "013fbb94-1f22-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "02f1f84e-1f22-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2013-06292",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-06291",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "013fbb94-1f22-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "02f1f84e-1f22-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "013fbb94-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "02f1f84e-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06292"
},
{
"db": "CNVD",
"id": "CNVD-2013-06291"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Siemens Solid Edge SEListCtrlX ActiveX control \\\"SetItemReadOnly()\\\" method has an error that allows an attacker to build a malicious WEB page, convincing the user to parse, and can write certain values to any memory address, causing the application to crash or execute arbitrary code. Siemens Solid Edge is a 3D CAD parametric feature solid modeling software from Siemens (Germany). Provides modeling, assembly design, sketching, simulation, and additional application tools. \nA memory corruption vulnerability exists in the Siemens Solid Edge SEListCtrlX ActiveX control, which is caused by the program not performing sufficient boundary checks on user-submitted data. An attacker could use this vulnerability to execute arbitrary code in the context of an application (typically IE browser) using ActiveX controls, or it could cause a denial of service. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-06292"
},
{
"db": "CNVD",
"id": "CNVD-2013-06291"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-588"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-586"
},
{
"db": "BID",
"id": "60158"
},
{
"db": "BID",
"id": "60161"
},
{
"db": "IVD",
"id": "013fbb94-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "02f1f84e-1f22-11e6-abef-000c29c66e3d"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "60158",
"trust": 1.5
},
{
"db": "BID",
"id": "60161",
"trust": 1.5
},
{
"db": "SECUNIA",
"id": "53595",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2013-06292",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-06291",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201305-588",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201305-586",
"trust": 0.6
},
{
"db": "IVD",
"id": "013FBB94-1F22-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "02F1F84E-1F22-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "013fbb94-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "02f1f84e-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06292"
},
{
"db": "CNVD",
"id": "CNVD-2013-06291"
},
{
"db": "BID",
"id": "60158"
},
{
"db": "BID",
"id": "60161"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-588"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-586"
}
]
},
"id": "VAR-201305-0387",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "013fbb94-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "02f1f84e-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06292"
},
{
"db": "CNVD",
"id": "CNVD-2013-06291"
}
],
"trust": 2.3978205125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "013fbb94-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "02f1f84e-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06292"
},
{
"db": "CNVD",
"id": "CNVD-2013-06291"
}
]
},
"last_update_date": "2022-05-17T01:48:04.993000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://www.secunia.com/advisories/53595/"
},
{
"trust": 0.6,
"url": "http://retrogod.altervista.org/9sg_siemens_adv_i.htm"
},
{
"trust": 0.6,
"url": "http://retrogod.altervista.org/9sg_siemens_adv_ii.htm"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/60158"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/60161"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
},
{
"trust": 0.3,
"url": "http://www.plm.automation.siemens.com/en_us/products/velocity/solidedge/"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-06292"
},
{
"db": "CNVD",
"id": "CNVD-2013-06291"
},
{
"db": "BID",
"id": "60158"
},
{
"db": "BID",
"id": "60161"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-588"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-586"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "013fbb94-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "02f1f84e-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06292"
},
{
"db": "CNVD",
"id": "CNVD-2013-06291"
},
{
"db": "BID",
"id": "60158"
},
{
"db": "BID",
"id": "60161"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-588"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-586"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-29T00:00:00",
"db": "IVD",
"id": "013fbb94-1f22-11e6-abef-000c29c66e3d"
},
{
"date": "2013-05-29T00:00:00",
"db": "IVD",
"id": "02f1f84e-1f22-11e6-abef-000c29c66e3d"
},
{
"date": "2013-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-06292"
},
{
"date": "2013-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-06291"
},
{
"date": "2013-05-26T00:00:00",
"db": "BID",
"id": "60158"
},
{
"date": "2013-05-26T00:00:00",
"db": "BID",
"id": "60161"
},
{
"date": "2013-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-588"
},
{
"date": "2013-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-586"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-06292"
},
{
"date": "2013-06-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-06291"
},
{
"date": "2013-05-26T00:00:00",
"db": "BID",
"id": "60158"
},
{
"date": "2013-10-04T00:14:00",
"db": "BID",
"id": "60161"
},
{
"date": "2013-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-588"
},
{
"date": "2013-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-586"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-588"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-586"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens Solid Edge WebPartHelper ActiveX Remote code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "013fbb94-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06292"
},
{
"db": "BID",
"id": "60158"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-588"
}
],
"trust": 1.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "60158"
},
{
"db": "BID",
"id": "60161"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.