VAR-201510-0100
Vulnerability from variot - Updated: 2023-12-18 12:30Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests. Infinite Automation Mango Automation is an open source web-based SCADA (data acquisition and monitoring control), HMI and automation software from Infinite Automation Systems, USA. An arbitrary-file-upload vulnerability 2. Multiple information-disclosure vulnerabilities 3. A command-execution vulnerability 4. An SQL-injection vulnerability 5. A cross-site request forgery vulnerability 6. A cross-site scripting vulnerability Attackers may leverage these issues to steal cookie-based authentication credentials, execute arbitrary script code in the browser, perform unauthorized actions, gain unauthorized access, obtain sensitive information, compromise the application, access or modify data and to execute arbitrary commands in the context of the vulnerable application; other attacks are also possible. It is easy, affordable, and open source.The application is prone to a reflected cross-sitescripting vulnerability due to a failure to properlysanitize user-supplied input to the 'username' POSTparameter in the 'login.htm' script. Mango Automation is a flexible SCADA, HMIAnd Automation software application that allows youto view, log, graph, animate, alarm, and report ondata from sensors, equipment, PLCs, databases, webpages,etc. It is easy, affordable, and open source.The weakness is caused due to the 'login.htm' scriptand how it verifies provided credentials. Attacker canuse this weakness to enumerate valid users on the affectednode.Tested on: Microsoft Windows 7 Professional SP1 (EN) 32/64bitMicrosoft Windows 7 Ultimate SP1 (EN) 32/64bitJetty(9.2.2.v20140723)Java(TM) SE Runtime Environment (build 1.8.0_51-b16)Java HotSpot(TM) Client VM (build 25.51-b03, mixed mode)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0100",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mango automation",
"scope": "eq",
"trust": 2.2,
"vendor": "infinite automation",
"version": "2.5.5"
},
{
"model": "mango automation",
"scope": "eq",
"trust": 2.2,
"vendor": "infinite automation",
"version": "2.6.0"
},
{
"model": "mango automation",
"scope": "eq",
"trust": 1.6,
"vendor": "infinite automation",
"version": "2.5.0"
},
{
"model": "mango automation",
"scope": "eq",
"trust": 0.8,
"vendor": "infinite automation",
"version": "2.5.x"
},
{
"model": "mango automation",
"scope": "lt",
"trust": 0.8,
"vendor": "infinite automation",
"version": "2.6.x"
},
{
"model": "mango automation",
"scope": "eq",
"trust": 0.8,
"vendor": "infinite automation",
"version": "2.6.0 build 430"
},
{
"model": "mango automation",
"scope": "eq",
"trust": 0.5,
"vendor": "infinite automation",
"version": "2.5.2 and 2.6.0 beta (build 327)"
},
{
"model": "automation systems mango automation",
"scope": "eq",
"trust": 0.3,
"vendor": "infinite",
"version": "2.6.0"
},
{
"model": "automation systems mango automation",
"scope": "eq",
"trust": 0.3,
"vendor": "infinite",
"version": "2.5.0"
},
{
"model": "automation systems mango automation build",
"scope": "ne",
"trust": 0.3,
"vendor": "infinite",
"version": "2.6.0430"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mango automation",
"version": "2.5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mango automation",
"version": "2.5.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mango automation",
"version": "2.6.0"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2015-5261"
},
{
"db": "ZSL",
"id": "ZSL-2015-5259"
},
{
"db": "ZSL",
"id": "ZSL-2015-5258"
},
{
"db": "ZSL",
"id": "ZSL-2015-5257"
},
{
"db": "ZSL",
"id": "ZSL-2015-5256"
},
{
"db": "IVD",
"id": "6d568ec4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07171"
},
{
"db": "BID",
"id": "77331"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005641"
},
{
"db": "NVD",
"id": "CVE-2015-7902"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-682"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:infinite_automation_systems:mango_automation:2.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:infinite_automation_systems:mango_automation:2.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7902"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Gjoko Krstic",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2015-5261"
},
{
"db": "ZSL",
"id": "ZSL-2015-5259"
},
{
"db": "ZSL",
"id": "ZSL-2015-5258"
},
{
"db": "ZSL",
"id": "ZSL-2015-5257"
},
{
"db": "ZSL",
"id": "ZSL-2015-5256"
}
],
"trust": 0.5
},
"cve": "CVE-2015-7902",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-7902",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-07171",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "6d568ec4-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7902",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-07171",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-682",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "6d568ec4-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "ZSL",
"id": "ZSL-2015-5261",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2015-5259",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2015-5258",
"trust": 0.1,
"value": "(3/5)"
},
{
"author": "ZSL",
"id": "ZSL-2015-5257",
"trust": 0.1,
"value": "(3/5)"
},
{
"author": "ZSL",
"id": "ZSL-2015-5256",
"trust": 0.1,
"value": "(1/5)"
},
{
"author": "VULMON",
"id": "CVE-2015-7902",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2015-5261"
},
{
"db": "ZSL",
"id": "ZSL-2015-5259"
},
{
"db": "ZSL",
"id": "ZSL-2015-5258"
},
{
"db": "ZSL",
"id": "ZSL-2015-5257"
},
{
"db": "ZSL",
"id": "ZSL-2015-5256"
},
{
"db": "IVD",
"id": "6d568ec4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07171"
},
{
"db": "VULMON",
"id": "CVE-2015-7902"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005641"
},
{
"db": "NVD",
"id": "CVE-2015-7902"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-682"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests. Infinite Automation Mango Automation is an open source web-based SCADA (data acquisition and monitoring control), HMI and automation software from Infinite Automation Systems, USA. An arbitrary-file-upload vulnerability\n2. Multiple information-disclosure vulnerabilities\n3. A command-execution vulnerability\n4. An SQL-injection vulnerability\n5. A cross-site request forgery vulnerability\n6. A cross-site scripting vulnerability\nAttackers may leverage these issues to steal cookie-based authentication credentials, execute arbitrary script code in the browser, perform unauthorized actions, gain unauthorized access, obtain sensitive information, compromise the application, access or modify data and to execute arbitrary commands in the context of the vulnerable application; other attacks are also possible. It is easy, affordable, and open source.The application is prone to a reflected cross-sitescripting vulnerability due to a failure to properlysanitize user-supplied input to the \u0027username\u0027 POSTparameter in the \u0027login.htm\u0027 script. Mango Automation is a flexible SCADA, HMIAnd Automation software application that allows youto view, log, graph, animate, alarm, and report ondata from sensors, equipment, PLCs, databases, webpages,etc. It is easy, affordable, and open source.The weakness is caused due to the \u0027login.htm\u0027 scriptand how it verifies provided credentials. Attacker canuse this weakness to enumerate valid users on the affectednode.Tested on: Microsoft Windows 7 Professional SP1 (EN) 32/64bitMicrosoft Windows 7 Ultimate SP1 (EN) 32/64bitJetty(9.2.2.v20140723)Java(TM) SE Runtime Environment (build 1.8.0_51-b16)Java HotSpot(TM) Client VM (build 25.51-b03, mixed mode)",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7902"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005641"
},
{
"db": "CNVD",
"id": "CNVD-2015-07171"
},
{
"db": "BID",
"id": "77331"
},
{
"db": "IVD",
"id": "6d568ec4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZSL",
"id": "ZSL-2015-5261"
},
{
"db": "ZSL",
"id": "ZSL-2015-5259"
},
{
"db": "ZSL",
"id": "ZSL-2015-5258"
},
{
"db": "ZSL",
"id": "ZSL-2015-5257"
},
{
"db": "ZSL",
"id": "ZSL-2015-5256"
},
{
"db": "VULMON",
"id": "CVE-2015-7902"
}
],
"trust": 3.15
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/mango_cmdexec.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/mango_sql.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/mango_csrf.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/mango_xss.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://www.zeroscience.mk/codes/mango_userenum.txt",
"trust": 0.1,
"type": "poc"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=38338",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2015-5261"
},
{
"db": "ZSL",
"id": "ZSL-2015-5259"
},
{
"db": "ZSL",
"id": "ZSL-2015-5258"
},
{
"db": "ZSL",
"id": "ZSL-2015-5257"
},
{
"db": "ZSL",
"id": "ZSL-2015-5256"
},
{
"db": "VULMON",
"id": "CVE-2015-7902"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7902",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-15-300-02",
"trust": 3.5
},
{
"db": "CNVD",
"id": "CNVD-2015-07171",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201510-682",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005641",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "38338",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-300-02A",
"trust": 0.6
},
{
"db": "BID",
"id": "77331",
"trust": 0.5
},
{
"db": "AUSCERT",
"id": "ESB-2015.2713",
"trust": 0.2
},
{
"db": "IVD",
"id": "6D568EC4-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "NVD",
"id": "CVE-2015-7901",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133734",
"trust": 0.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005640",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2015-5261",
"trust": 0.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005642",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2015-7903",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133732",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2015-5259",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133731",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2015-6493",
"trust": 0.1
},
{
"db": "NSFOCUS",
"id": "31400",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2015-5258",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2015090186",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2015-6494",
"trust": 0.1
},
{
"db": "NSFOCUS",
"id": "31399",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133727",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2015-5257",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2015090185",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133726",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2015-5256",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-7902",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2015-5261"
},
{
"db": "ZSL",
"id": "ZSL-2015-5259"
},
{
"db": "ZSL",
"id": "ZSL-2015-5258"
},
{
"db": "ZSL",
"id": "ZSL-2015-5257"
},
{
"db": "ZSL",
"id": "ZSL-2015-5256"
},
{
"db": "IVD",
"id": "6d568ec4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07171"
},
{
"db": "VULMON",
"id": "CVE-2015-7902"
},
{
"db": "BID",
"id": "77331"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005641"
},
{
"db": "NVD",
"id": "CVE-2015-7902"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-682"
}
]
},
"id": "VAR-201510-0100",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "6d568ec4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07171"
}
],
"trust": 1.4025641000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "6d568ec4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07171"
}
]
},
"last_update_date": "2023-12-18T12:30:13.679000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Mango Automation Core with All Features Download",
"trust": 0.8,
"url": "http://infiniteautomation.com/index.php/download"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://infiniteautomation.com/index.php/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005641"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005641"
},
{
"db": "NVD",
"id": "CVE-2015-7902"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-300-02"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7902"
},
{
"trust": 0.9,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7902"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/38338/"
},
{
"trust": 0.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-300-02a"
},
{
"trust": 0.5,
"url": "http://infiniteautomation.com/forum/topic/1995/mango-security-testing"
},
{
"trust": 0.5,
"url": "http://infiniteautomation.com/index.php/what-s-new/entry/what-s-new-in-mango-automation-2-6-0-released-october-20th-2016"
},
{
"trust": 0.5,
"url": "http://infiniteautomation.com/forum/topic/1997/mango-automation-2-6-released"
},
{
"trust": 0.3,
"url": "http://infiniteautomation.com/"
},
{
"trust": 0.2,
"url": "https://www.auscert.org.au/render.html?it=27342"
},
{
"trust": 0.2,
"url": "http://www.securityfocus.com/bid/77331"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/133734"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106864"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7901"
},
{
"trust": 0.1,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7901"
},
{
"trust": 0.1,
"url": "http://jvndb.jvn.jp/ja/contents/2015/jvndb-2015-005640.html"
},
{
"trust": 0.1,
"url": "http://www.securityweek.com/infinite-automation-patches-flaws-scadahmi-product"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/133732"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106862"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7903"
},
{
"trust": 0.1,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7903"
},
{
"trust": 0.1,
"url": "http://www.cvedetails.com/vendor/15200/infinite-automation-systems.html"
},
{
"trust": 0.1,
"url": "http://jvndb.jvn.jp/ja/contents/2015/jvndb-2015-005642.html"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/133731"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106858"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6493"
},
{
"trust": 0.1,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6493"
},
{
"trust": 0.1,
"url": "http://www.nsfocus.net/vulndb/31400"
},
{
"trust": 0.1,
"url": "http://chemical-facility-security-news.blogspot.com/2015/10/ics-cert-publishes-three-advisories.html"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/133727"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2015090186"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106786"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6494"
},
{
"trust": 0.1,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6494"
},
{
"trust": 0.1,
"url": "http://www.nsfocus.net/vulndb/31399"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/133726"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2015090185"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106937"
},
{
"trust": 0.1,
"url": "http://www.cnnvd.org.cn/vulnerability/show/cv_id/2015100682"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2015-5261"
},
{
"db": "ZSL",
"id": "ZSL-2015-5259"
},
{
"db": "ZSL",
"id": "ZSL-2015-5258"
},
{
"db": "ZSL",
"id": "ZSL-2015-5257"
},
{
"db": "ZSL",
"id": "ZSL-2015-5256"
},
{
"db": "CNVD",
"id": "CNVD-2015-07171"
},
{
"db": "VULMON",
"id": "CVE-2015-7902"
},
{
"db": "BID",
"id": "77331"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005641"
},
{
"db": "NVD",
"id": "CVE-2015-7902"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-682"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2015-5261"
},
{
"db": "ZSL",
"id": "ZSL-2015-5259"
},
{
"db": "ZSL",
"id": "ZSL-2015-5258"
},
{
"db": "ZSL",
"id": "ZSL-2015-5257"
},
{
"db": "ZSL",
"id": "ZSL-2015-5256"
},
{
"db": "IVD",
"id": "6d568ec4-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-07171"
},
{
"db": "VULMON",
"id": "CVE-2015-7902"
},
{
"db": "BID",
"id": "77331"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005641"
},
{
"db": "NVD",
"id": "CVE-2015-7902"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-682"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-26T00:00:00",
"db": "ZSL",
"id": "ZSL-2015-5261"
},
{
"date": "2015-09-26T00:00:00",
"db": "ZSL",
"id": "ZSL-2015-5259"
},
{
"date": "2015-09-26T00:00:00",
"db": "ZSL",
"id": "ZSL-2015-5258"
},
{
"date": "2015-09-26T00:00:00",
"db": "ZSL",
"id": "ZSL-2015-5257"
},
{
"date": "2015-09-26T00:00:00",
"db": "ZSL",
"id": "ZSL-2015-5256"
},
{
"date": "2015-11-02T00:00:00",
"db": "IVD",
"id": "6d568ec4-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-11-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07171"
},
{
"date": "2015-10-28T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7902"
},
{
"date": "2015-10-27T00:00:00",
"db": "BID",
"id": "77331"
},
{
"date": "2015-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005641"
},
{
"date": "2015-10-28T10:59:22.580000",
"db": "NVD",
"id": "CVE-2015-7902"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-682"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-04T00:00:00",
"db": "ZSL",
"id": "ZSL-2015-5261"
},
{
"date": "2015-10-29T00:00:00",
"db": "ZSL",
"id": "ZSL-2015-5259"
},
{
"date": "2015-10-29T00:00:00",
"db": "ZSL",
"id": "ZSL-2015-5258"
},
{
"date": "2015-10-29T00:00:00",
"db": "ZSL",
"id": "ZSL-2015-5257"
},
{
"date": "2015-10-29T00:00:00",
"db": "ZSL",
"id": "ZSL-2015-5256"
},
{
"date": "2015-11-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07171"
},
{
"date": "2015-10-28T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7902"
},
{
"date": "2015-10-27T00:00:00",
"db": "BID",
"id": "77331"
},
{
"date": "2015-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005641"
},
{
"date": "2015-10-28T18:33:53.923000",
"db": "NVD",
"id": "CVE-2015-7902"
},
{
"date": "2015-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-682"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-682"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Infinite Automation Mango Automation Vulnerability in which important information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005641"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-682"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…