VAR-201305-0387
Vulnerability from variot - Updated: 2022-05-17 01:48The Siemens Solid Edge SEListCtrlX ActiveX control \"SetItemReadOnly()\" method has an error that allows an attacker to build a malicious WEB page, convincing the user to parse, and can write certain values to any memory address, causing the application to crash or execute arbitrary code. Siemens Solid Edge is a 3D CAD parametric feature solid modeling software from Siemens (Germany). Provides modeling, assembly design, sketching, simulation, and additional application tools. A memory corruption vulnerability exists in the Siemens Solid Edge SEListCtrlX ActiveX control, which is caused by the program not performing sufficient boundary checks on user-submitted data. An attacker could use this vulnerability to execute arbitrary code in the context of an application (typically IE browser) using ActiveX controls, or it could cause a denial of service. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201305-0387",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "selistctrlx activex control",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "105.x"
},
{
"model": "webparthelper activex control",
"scope": "eq",
"trust": 1.2,
"vendor": "siemens",
"version": "105.x"
},
{
"model": "solid edge st5",
"scope": "eq",
"trust": 1.2,
"vendor": "siemens",
"version": "105.x"
},
{
"model": "webparthelper activex control",
"scope": "eq",
"trust": 0.4,
"vendor": "siemens",
"version": "105.x*"
},
{
"model": "solid edge st5",
"scope": "eq",
"trust": 0.4,
"vendor": "siemens",
"version": "105.x*"
},
{
"model": "solid edge",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
}
],
"sources": [
{
"db": "IVD",
"id": "013fbb94-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "02f1f84e-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06292"
},
{
"db": "CNVD",
"id": "CNVD-2013-06291"
},
{
"db": "BID",
"id": "60158"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "BID",
"id": "60158"
},
{
"db": "BID",
"id": "60161"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-588"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-586"
}
],
"trust": 1.8
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-06292",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-06291",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "013fbb94-1f22-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "02f1f84e-1f22-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2013-06292",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-06291",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "013fbb94-1f22-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "02f1f84e-1f22-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "013fbb94-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "02f1f84e-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06292"
},
{
"db": "CNVD",
"id": "CNVD-2013-06291"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Siemens Solid Edge SEListCtrlX ActiveX control \\\"SetItemReadOnly()\\\" method has an error that allows an attacker to build a malicious WEB page, convincing the user to parse, and can write certain values to any memory address, causing the application to crash or execute arbitrary code. Siemens Solid Edge is a 3D CAD parametric feature solid modeling software from Siemens (Germany). Provides modeling, assembly design, sketching, simulation, and additional application tools. \nA memory corruption vulnerability exists in the Siemens Solid Edge SEListCtrlX ActiveX control, which is caused by the program not performing sufficient boundary checks on user-submitted data. An attacker could use this vulnerability to execute arbitrary code in the context of an application (typically IE browser) using ActiveX controls, or it could cause a denial of service. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-06292"
},
{
"db": "CNVD",
"id": "CNVD-2013-06291"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-588"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-586"
},
{
"db": "BID",
"id": "60158"
},
{
"db": "BID",
"id": "60161"
},
{
"db": "IVD",
"id": "013fbb94-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "02f1f84e-1f22-11e6-abef-000c29c66e3d"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "60158",
"trust": 1.5
},
{
"db": "BID",
"id": "60161",
"trust": 1.5
},
{
"db": "SECUNIA",
"id": "53595",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2013-06292",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-06291",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201305-588",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201305-586",
"trust": 0.6
},
{
"db": "IVD",
"id": "013FBB94-1F22-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "02F1F84E-1F22-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "013fbb94-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "02f1f84e-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06292"
},
{
"db": "CNVD",
"id": "CNVD-2013-06291"
},
{
"db": "BID",
"id": "60158"
},
{
"db": "BID",
"id": "60161"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-588"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-586"
}
]
},
"id": "VAR-201305-0387",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "013fbb94-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "02f1f84e-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06292"
},
{
"db": "CNVD",
"id": "CNVD-2013-06291"
}
],
"trust": 2.3978205125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "013fbb94-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "02f1f84e-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06292"
},
{
"db": "CNVD",
"id": "CNVD-2013-06291"
}
]
},
"last_update_date": "2022-05-17T01:48:04.993000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://www.secunia.com/advisories/53595/"
},
{
"trust": 0.6,
"url": "http://retrogod.altervista.org/9sg_siemens_adv_i.htm"
},
{
"trust": 0.6,
"url": "http://retrogod.altervista.org/9sg_siemens_adv_ii.htm"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/60158"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/60161"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
},
{
"trust": 0.3,
"url": "http://www.plm.automation.siemens.com/en_us/products/velocity/solidedge/"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-06292"
},
{
"db": "CNVD",
"id": "CNVD-2013-06291"
},
{
"db": "BID",
"id": "60158"
},
{
"db": "BID",
"id": "60161"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-588"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-586"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "013fbb94-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "02f1f84e-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06292"
},
{
"db": "CNVD",
"id": "CNVD-2013-06291"
},
{
"db": "BID",
"id": "60158"
},
{
"db": "BID",
"id": "60161"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-588"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-586"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-29T00:00:00",
"db": "IVD",
"id": "013fbb94-1f22-11e6-abef-000c29c66e3d"
},
{
"date": "2013-05-29T00:00:00",
"db": "IVD",
"id": "02f1f84e-1f22-11e6-abef-000c29c66e3d"
},
{
"date": "2013-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-06292"
},
{
"date": "2013-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-06291"
},
{
"date": "2013-05-26T00:00:00",
"db": "BID",
"id": "60158"
},
{
"date": "2013-05-26T00:00:00",
"db": "BID",
"id": "60161"
},
{
"date": "2013-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-588"
},
{
"date": "2013-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-586"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-06292"
},
{
"date": "2013-06-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-06291"
},
{
"date": "2013-05-26T00:00:00",
"db": "BID",
"id": "60158"
},
{
"date": "2013-10-04T00:14:00",
"db": "BID",
"id": "60161"
},
{
"date": "2013-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-588"
},
{
"date": "2013-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-586"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-588"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-586"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens Solid Edge WebPartHelper ActiveX Remote code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "013fbb94-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-06292"
},
{
"db": "BID",
"id": "60158"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-588"
}
],
"trust": 1.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "60158"
},
{
"db": "BID",
"id": "60161"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…