VAR-201308-0171
Vulnerability from variot - Updated: 2023-12-18 13:03The universal protocol implementation in Sixnet UDR before 2.0 and RTU firmware before 4.8 allows remote attackers to execute arbitrary code; read, modify, or create files; or obtain file metadata via function opcodes. SIXNET is a long-established manufacturer of industrial automation and industrial Ethernet products. Since 1976, it has provided high quality control systems and industrial network communication products to users all over the world. The Sixnet Universal Protocol has a remote security bypass vulnerability. Both Sixnet UDR and RTU are products of SIXNET in the United States. UDR is a generic driver used in OPC servers. RTU is a data acquisition system suitable for energy metering and environmental monitoring. A security vulnerability exists in common protocol functions in versions prior to Sixnet UDR 2.0 and RTU firmware prior to 4.8
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201308-0171",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "udr",
"scope": "lt",
"trust": 1.4,
"vendor": "sixnet",
"version": "2.0"
},
{
"model": "rtu",
"scope": "lte",
"trust": 1.0,
"vendor": "sixnet",
"version": "4.7"
},
{
"model": "udr",
"scope": "lte",
"trust": 1.0,
"vendor": "sixnet",
"version": "1.9"
},
{
"model": "industrial rtu",
"scope": "lt",
"trust": 0.8,
"vendor": "sixnet",
"version": "4.8"
},
{
"model": "rtu",
"scope": "lt",
"trust": 0.6,
"vendor": "sixnet",
"version": "4.8"
},
{
"model": "rtu",
"scope": "eq",
"trust": 0.6,
"vendor": "sixnet",
"version": "4.7"
},
{
"model": "udr",
"scope": "eq",
"trust": 0.6,
"vendor": "sixnet",
"version": "1.9"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "udr",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "rtu",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "be59298e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12528"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003840"
},
{
"db": "NVD",
"id": "CVE-2013-2802"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-328"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sixnet:rtu_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sixnet:udr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.9",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2802"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mehdi Sabraoui",
"sources": [
{
"db": "BID",
"id": "61837"
}
],
"trust": 0.3
},
"cve": "CVE-2013-2802",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-2802",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-12528",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "be59298e-2352-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-62804",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-2802",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-12528",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-328",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "be59298e-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-62804",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "be59298e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12528"
},
{
"db": "VULHUB",
"id": "VHN-62804"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003840"
},
{
"db": "NVD",
"id": "CVE-2013-2802"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-328"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The universal protocol implementation in Sixnet UDR before 2.0 and RTU firmware before 4.8 allows remote attackers to execute arbitrary code; read, modify, or create files; or obtain file metadata via function opcodes. SIXNET is a long-established manufacturer of industrial automation and industrial Ethernet products. Since 1976, it has provided high quality control systems and industrial network communication products to users all over the world. The Sixnet Universal Protocol has a remote security bypass vulnerability. Both Sixnet UDR and RTU are products of SIXNET in the United States. UDR is a generic driver used in OPC servers. RTU is a data acquisition system suitable for energy metering and environmental monitoring. A security vulnerability exists in common protocol functions in versions prior to Sixnet UDR 2.0 and RTU firmware prior to 4.8",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2802"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003840"
},
{
"db": "CNVD",
"id": "CNVD-2013-12528"
},
{
"db": "BID",
"id": "61837"
},
{
"db": "IVD",
"id": "be59298e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-62804"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2802",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-13-231-01",
"trust": 3.1
},
{
"db": "BID",
"id": "61837",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2013-12528",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201308-328",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003840",
"trust": 0.8
},
{
"db": "IVD",
"id": "BE59298E-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-62804",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "be59298e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12528"
},
{
"db": "VULHUB",
"id": "VHN-62804"
},
{
"db": "BID",
"id": "61837"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003840"
},
{
"db": "NVD",
"id": "CVE-2013-2802"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-328"
}
]
},
"id": "VAR-201308-0171",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "be59298e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12528"
},
{
"db": "VULHUB",
"id": "VHN-62804"
}
],
"trust": 1.54583335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "be59298e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12528"
}
]
},
"last_update_date": "2023-12-18T13:03:44.559000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.sixnet.com/index.cfm"
},
{
"title": "Sixnet Universal Protocol Undocumented function code remote security bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/39096"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12528"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003840"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62804"
},
{
"db": "NVD",
"id": "CVE-2013-2802"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-231-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2802"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2802"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12528"
},
{
"db": "VULHUB",
"id": "VHN-62804"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003840"
},
{
"db": "NVD",
"id": "CVE-2013-2802"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-328"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "be59298e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12528"
},
{
"db": "VULHUB",
"id": "VHN-62804"
},
{
"db": "BID",
"id": "61837"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003840"
},
{
"db": "NVD",
"id": "CVE-2013-2802"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-328"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-23T00:00:00",
"db": "IVD",
"id": "be59298e-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-08-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-12528"
},
{
"date": "2013-08-21T00:00:00",
"db": "VULHUB",
"id": "VHN-62804"
},
{
"date": "2013-08-19T00:00:00",
"db": "BID",
"id": "61837"
},
{
"date": "2013-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003840"
},
{
"date": "2013-08-21T21:55:06.040000",
"db": "NVD",
"id": "CVE-2013-2802"
},
{
"date": "2013-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-328"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-12528"
},
{
"date": "2013-08-23T00:00:00",
"db": "VULHUB",
"id": "VHN-62804"
},
{
"date": "2013-08-19T00:00:00",
"db": "BID",
"id": "61837"
},
{
"date": "2013-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003840"
},
{
"date": "2013-08-23T20:28:06.597000",
"db": "NVD",
"id": "CVE-2013-2802"
},
{
"date": "2013-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-328"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-328"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sixnet Universal Protocol Undocumented Function code remote security bypass vulnerability",
"sources": [
{
"db": "IVD",
"id": "be59298e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-12528"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code injection",
"sources": [
{
"db": "IVD",
"id": "be59298e-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-328"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…