VAR-201505-0070
Vulnerability from variot - Updated: 2023-12-18 13:09SQL injection vulnerability in Emerson AMS Device Manager before 13 allows remote authenticated users to gain privileges via malformed input. Emerson Electric AMS Device Manager is a set of fixed asset management software. The software provides predictive diagnostics, device configuration management and more. The attacker can submit the malformed input to the affected software. This vulnerability can be used to access the application and its data files with administrator privileges. An authenticated attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201505-0070",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ams device manager",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "12.5"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "12.5"
},
{
"model": "ams device manager",
"scope": "lt",
"trust": 0.8,
"vendor": "emerson",
"version": "13"
},
{
"model": "ams device manager",
"scope": "lte",
"trust": 0.6,
"vendor": "emerson",
"version": "\u003c=12.5"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "12.4"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "12.3"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "12.2"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "12.1"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "12.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ams device manager",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"db": "BID",
"id": "74774"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"db": "NVD",
"id": "CVE-2015-1008"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-505"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:emerson:ams_device_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1008"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson Process Management",
"sources": [
{
"db": "BID",
"id": "74774"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-505"
}
],
"trust": 0.9
},
"cve": "CVE-2015-1008",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-1008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.1,
"id": "CNVD-2015-03472",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.1,
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-1008",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-03472",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201505-505",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"db": "NVD",
"id": "CVE-2015-1008"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-505"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in Emerson AMS Device Manager before 13 allows remote authenticated users to gain privileges via malformed input. Emerson Electric AMS Device Manager is a set of fixed asset management software. The software provides predictive diagnostics, device configuration management and more. The attacker can submit the malformed input to the affected software. This vulnerability can be used to access the application and its data files with administrator privileges. \nAn authenticated attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1008"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"db": "BID",
"id": "74774"
},
{
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-1008",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-15-111-01",
"trust": 3.3
},
{
"db": "BID",
"id": "74774",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2015-03472",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201505-505",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002810",
"trust": 0.8
},
{
"db": "IVD",
"id": "8EAADD14-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"db": "BID",
"id": "74774"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"db": "NVD",
"id": "CVE-2015-1008"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-505"
}
]
},
"id": "VAR-201505-0070",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-03472"
}
],
"trust": 1.21025642
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-03472"
}
]
},
"last_update_date": "2023-12-18T13:09:11.330000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSN15003-2 AMS Device Manager SQL Injection Vulnerability",
"trust": 0.8,
"url": "http://community.emerson.com/process/emerson-exchange/operateandmanage/deltav/deltav_security/b/securitynotificationblog/archive/2015/04/16/dsn15003-2-ams-device-management-sql-injection-vulnerability"
},
{
"title": "Emerson AMS Device Manager patch for local SQL injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/59067"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"db": "NVD",
"id": "CVE-2015-1008"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-111-01"
},
{
"trust": 1.6,
"url": "http://community.emerson.com/process/emerson-exchange/operateandmanage/deltav/deltav_security/b/securitynotificationblog/archive/2015/04/16/dsn15003-2-ams-device-management-sql-injection-vulnerability"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/74774"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1008"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1008"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/amssuite/amsdevicemanager/pages/amsdevicemanager.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"db": "BID",
"id": "74774"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"db": "NVD",
"id": "CVE-2015-1008"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-505"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"db": "BID",
"id": "74774"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"db": "NVD",
"id": "CVE-2015-1008"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-505"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-29T00:00:00",
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"date": "2015-05-21T00:00:00",
"db": "BID",
"id": "74774"
},
{
"date": "2015-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"date": "2015-05-26T01:59:00.180000",
"db": "NVD",
"id": "CVE-2015-1008"
},
{
"date": "2015-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-505"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"date": "2015-05-21T00:00:00",
"db": "BID",
"id": "74774"
},
{
"date": "2015-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"date": "2016-04-06T12:47:24.647000",
"db": "NVD",
"id": "CVE-2015-1008"
},
{
"date": "2015-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-505"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-505"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson AMS Device Manager In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-505"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…