VAR-201306-0125
Vulnerability from variot - Updated: 2024-04-19 22:51The default configuration of the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 contains a known SSH private key, which makes it easier for remote attackers to obtain root access, and spoof alerts, via an SSH session. Multiple Vendors EAS Devices are prone to an information-disclosure vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201306-0125",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dasdec eas",
"scope": "eq",
"trust": 1.0,
"vendor": "digital alert",
"version": "2.0-0"
},
{
"model": "dasdec eas",
"scope": "lte",
"trust": 1.0,
"vendor": "digital alert",
"version": "2.0-1"
},
{
"model": "r189 one-net eas",
"scope": "eq",
"trust": 1.0,
"vendor": "monroe",
"version": "2.0-0"
},
{
"model": "r189 one-net eas",
"scope": "lte",
"trust": 1.0,
"vendor": "monroe",
"version": "2.0-1"
},
{
"model": "dasdec",
"scope": "lt",
"trust": 0.8,
"vendor": "digital alert",
"version": "eas 2.0-2"
},
{
"model": "r189 one-net",
"scope": "lt",
"trust": 0.8,
"vendor": "monroe",
"version": "eas 2.0-2"
},
{
"model": "electronics one-net e189 emergency alert system devices",
"scope": null,
"trust": 0.6,
"vendor": "monroe",
"version": null
},
{
"model": "alert systems dasdec",
"scope": null,
"trust": 0.6,
"vendor": "digital",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08540"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003170"
},
{
"db": "NVD",
"id": "CVE-2013-0137"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:digital_alert_systems:dasdec_eas:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.0-1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:monroe_electronics:r189_one-net_eas:2.0-0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:monroe_electronics:r189_one-net_eas:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.0-1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:digital_alert_systems:dasdec_eas:2.0-0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0137"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mike Davis and Cesar Cerrudo of IOActive",
"sources": [
{
"db": "BID",
"id": "60810"
}
],
"trust": 0.3
},
"cve": "CVE-2013-0137",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-0137",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-08540",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-0137",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-08540",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201306-516",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08540"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003170"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-516"
},
{
"db": "NVD",
"id": "CVE-2013-0137"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The default configuration of the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 contains a known SSH private key, which makes it easier for remote attackers to obtain root access, and spoof alerts, via an SSH session. Multiple Vendors EAS Devices are prone to an information-disclosure vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0137"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003170"
},
{
"db": "CNVD",
"id": "CNVD-2013-08540"
},
{
"db": "BID",
"id": "60810"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0137",
"trust": 3.3
},
{
"db": "CERT/CC",
"id": "VU#662676",
"trust": 3.0
},
{
"db": "BID",
"id": "60810",
"trust": 0.9
},
{
"db": "USCERT",
"id": "TA13-175A",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99235742",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003170",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-08540",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201306-516",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08540"
},
{
"db": "BID",
"id": "60810"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003170"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-516"
},
{
"db": "NVD",
"id": "CVE-2013-0137"
}
]
},
"id": "VAR-201306-0125",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08540"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08540"
}
]
},
"last_update_date": "2024-04-19T22:51:28.162000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Monroe Electronics Provides New Software Update Enhancing Security and Functionality",
"trust": 0.8,
"url": "http://www.digitalalertsystems.com/pdf/130604-monroe-security-pr.pdf"
},
{
"title": "Monroe Electronics Provides New Software Update Enhancing Security and Functionality",
"trust": 0.8,
"url": "http://www.monroe-electronics.com/monroe_electronics_pdf/130604-monroe-security-pr.pdf"
},
{
"title": "TA13-175A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta13-175a.html"
},
{
"title": "Patch of SSH private key information disclosure vulnerability of multiple EAS devices from multiple vendors",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/34903"
},
{
"title": "Digital Alert Systems DASDEC EAS Fixes for encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=170990"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08540"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003170"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-516"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003170"
},
{
"db": "NVD",
"id": "CVE-2013-0137"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.kb.cert.org/vuls/id/662676"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/aamn-98muk2"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/aamn-98mu7h"
},
{
"trust": 1.6,
"url": "http://www.monroe-electronics.com/monroe_electronics_pdf/130604-monroe-security-pr.pdf"
},
{
"trust": 1.6,
"url": "http://www.digitalalertsystems.com/pdf/130604-monroe-security-pr.pdf"
},
{
"trust": 1.0,
"url": "https://securityledger.com/2020/01/seven-years-later-scores-of-eas-systems-sit-un-patched-vulnerable/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0137"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu99235742"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0137"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/ncas/alerts/ta13-175a"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08540"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003170"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-516"
},
{
"db": "NVD",
"id": "CVE-2013-0137"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-08540"
},
{
"db": "BID",
"id": "60810"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003170"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-516"
},
{
"db": "NVD",
"id": "CVE-2013-0137"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-08540"
},
{
"date": "2013-06-26T00:00:00",
"db": "BID",
"id": "60810"
},
{
"date": "2013-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003170"
},
{
"date": "2013-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-516"
},
{
"date": "2013-06-30T19:28:09.593000",
"db": "NVD",
"id": "CVE-2013-0137"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-08540"
},
{
"date": "2013-06-26T00:00:00",
"db": "BID",
"id": "60810"
},
{
"date": "2013-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003170"
},
{
"date": "2021-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-516"
},
{
"date": "2020-01-29T18:15:11.560000",
"db": "NVD",
"id": "CVE-2013-0137"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-516"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Digital Alert Systems DASDEC EAS and Monroe Electronics R189 One-Net EAS In root Vulnerability for which access rights are acquired",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003170"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-516"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…