VAR-201511-0019
Vulnerability from variot - Updated: 2023-12-18 13:19ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService deployment method to publish a class. Supplementary information : CWE Vulnerability type by CWE-434: Unrestricted Upload of File with Dangerous Type ( Unlimited upload of dangerous types of files ) Has been identified. This vulnerability allows attackers to elevate privileges on vulnerable installations of Tibbo AggreGate SCADA/HMI. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Tibbo Technology AggreGate is a set of IoT platforms that Tibbo Technology uses to configure and monitor different electronic devices through network technology. AggreGate Platform is prone to multiple arbitrary file-upload vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201511-0019",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aggregate",
"scope": "lte",
"trust": 1.0,
"vendor": "tibbo",
"version": "5.21.02"
},
{
"model": "aggregate",
"scope": "lt",
"trust": 0.8,
"vendor": "tibbo",
"version": "(scada/hmi) 5.30.06"
},
{
"model": "aggregate scada/hmi",
"scope": null,
"trust": 0.7,
"vendor": "tibbo",
"version": null
},
{
"model": "technology aggregate platform",
"scope": "lt",
"trust": 0.6,
"vendor": "tibbo",
"version": "5.30.06"
},
{
"model": "aggregate",
"scope": "eq",
"trust": 0.6,
"vendor": "tibbo",
"version": "5.21.02"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-572"
},
{
"db": "CNVD",
"id": "CNVD-2015-07767"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006004"
},
{
"db": "NVD",
"id": "CVE-2015-7913"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-387"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tibbo:aggregate:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.21.02",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7913"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-572"
}
],
"trust": 0.7
},
"cve": "CVE-2015-7913",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-7913",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.5,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2015-07767",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7913",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2015-7913",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-07767",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-387",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-572"
},
{
"db": "CNVD",
"id": "CNVD-2015-07767"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006004"
},
{
"db": "NVD",
"id": "CVE-2015-7913"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-387"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService deployment method to publish a class. Supplementary information : CWE Vulnerability type by CWE-434: Unrestricted Upload of File with Dangerous Type ( Unlimited upload of dangerous types of files ) Has been identified. This vulnerability allows attackers to elevate privileges on vulnerable installations of Tibbo AggreGate SCADA/HMI. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Tibbo Technology AggreGate is a set of IoT platforms that Tibbo Technology uses to configure and monitor different electronic devices through network technology. AggreGate Platform is prone to multiple arbitrary file-upload vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7913"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006004"
},
{
"db": "ZDI",
"id": "ZDI-15-572"
},
{
"db": "CNVD",
"id": "CNVD-2015-07767"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-387"
},
{
"db": "BID",
"id": "77658"
}
],
"trust": 3.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7913",
"trust": 4.0
},
{
"db": "ICS CERT",
"id": "ICSA-15-323-01",
"trust": 3.0
},
{
"db": "ZDI",
"id": "ZDI-15-572",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006004",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3135",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-07767",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201511-387",
"trust": 0.6
},
{
"db": "BID",
"id": "77658",
"trust": 0.3
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-572"
},
{
"db": "CNVD",
"id": "CNVD-2015-07767"
},
{
"db": "BID",
"id": "77658"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006004"
},
{
"db": "NVD",
"id": "CVE-2015-7913"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-387"
}
]
},
"id": "VAR-201511-0019",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07767"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07767"
}
]
},
"last_update_date": "2023-12-18T13:19:47.353000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AggreGate",
"trust": 0.8,
"url": "http://aggregate.tibbo.com/"
},
{
"title": "Tibbo has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-323-01"
},
{
"title": "Patch for Tibbo Technology AggreGate Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/67105"
},
{
"title": "Tibbo Technology AggreGate Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=58836"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-572"
},
{
"db": "CNVD",
"id": "CNVD-2015-07767"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006004"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-387"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006004"
},
{
"db": "NVD",
"id": "CVE-2015-7913"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-323-01"
},
{
"trust": 2.2,
"url": "http://zerodayinitiative.com/advisories/zdi-15-572/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7913"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7913"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-572"
},
{
"db": "CNVD",
"id": "CNVD-2015-07767"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006004"
},
{
"db": "NVD",
"id": "CVE-2015-7913"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-387"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-15-572"
},
{
"db": "CNVD",
"id": "CNVD-2015-07767"
},
{
"db": "BID",
"id": "77658"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006004"
},
{
"db": "NVD",
"id": "CVE-2015-7913"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-387"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-20T00:00:00",
"db": "ZDI",
"id": "ZDI-15-572"
},
{
"date": "2015-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07767"
},
{
"date": "2015-11-19T00:00:00",
"db": "BID",
"id": "77658"
},
{
"date": "2015-11-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006004"
},
{
"date": "2015-11-21T11:59:25.923000",
"db": "NVD",
"id": "CVE-2015-7913"
},
{
"date": "2015-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-387"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-20T00:00:00",
"db": "ZDI",
"id": "ZDI-15-572"
},
{
"date": "2015-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07767"
},
{
"date": "2015-12-07T22:25:00",
"db": "BID",
"id": "77658"
},
{
"date": "2015-11-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006004"
},
{
"date": "2015-11-23T15:36:25.857000",
"db": "NVD",
"id": "CVE-2015-7913"
},
{
"date": "2015-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-387"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-387"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tibbo AggreGate of AggreGate Server Service of ag_server_service.exe In any Java Code execution vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006004"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "77658"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…