VAR-201609-0334
Vulnerability from variot - Updated: 2023-12-18 13:57ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory. ABB DataManagerPro Contains a privileged vulnerability. Supplementary information : CWE Vulnerability type by CWE-427: Uncontrolled Search Path Element ( Uncontrolled search path elements ) Has been identified. ABB DataManagerPro is a suite of data analysis software from ABB, Switzerland. The software automatically collects data via Ethernet and database management. ABB DataManagerPro is prone to a local arbitrary code-execution vulnerability because it fails to sanitize user-supplied input. A local attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. ABB DataManagerPro versions 1.0.0 through 1.7.0 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0334",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tracer sc",
"scope": "lte",
"trust": 1.0,
"vendor": "trane",
"version": "4.2.1134"
},
{
"model": "datamanagerpro",
"scope": "eq",
"trust": 0.9,
"vendor": "abb",
"version": "1.7.0"
},
{
"model": "datamanagerpro",
"scope": "eq",
"trust": 0.9,
"vendor": "abb",
"version": "1.0.0"
},
{
"model": "datamanagerpro",
"scope": "lt",
"trust": 0.8,
"vendor": "abb",
"version": "1.x"
},
{
"model": "datamanagerpro",
"scope": "eq",
"trust": 0.8,
"vendor": "abb",
"version": "1.7.1"
},
{
"model": "tracer sc",
"scope": "eq",
"trust": 0.6,
"vendor": "trane",
"version": "4.2.1134"
},
{
"model": "datamanagerpro",
"scope": "ne",
"trust": 0.3,
"vendor": "abb",
"version": "1.7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tracer sc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "bdfe210a-e3a3-4a84-8115-984187198303"
},
{
"db": "CNVD",
"id": "CNVD-2016-07742"
},
{
"db": "BID",
"id": "92980"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004812"
},
{
"db": "NVD",
"id": "CVE-2016-4526"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-339"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trane:tracer_sc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.2.1134",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4526"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrea Micalizzi.",
"sources": [
{
"db": "BID",
"id": "92980"
}
],
"trust": 0.3
},
"cve": "CVE-2016-4526",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-4526",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2016-07742",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "bdfe210a-e3a3-4a84-8115-984187198303",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-4526",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4526",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-07742",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201609-339",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "bdfe210a-e3a3-4a84-8115-984187198303",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "bdfe210a-e3a3-4a84-8115-984187198303"
},
{
"db": "CNVD",
"id": "CNVD-2016-07742"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004812"
},
{
"db": "NVD",
"id": "CVE-2016-4526"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-339"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB DataManagerPro 1.x before 1.7.1 allows local users to gain privileges by replacing a DLL file in the package directory. ABB DataManagerPro Contains a privileged vulnerability. Supplementary information : CWE Vulnerability type by CWE-427: Uncontrolled Search Path Element ( Uncontrolled search path elements ) Has been identified. ABB DataManagerPro is a suite of data analysis software from ABB, Switzerland. The software automatically collects data via Ethernet and database management. ABB DataManagerPro is prone to a local arbitrary code-execution vulnerability because it fails to sanitize user-supplied input. \nA local attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. \nABB DataManagerPro versions 1.0.0 through 1.7.0 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4526"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004812"
},
{
"db": "CNVD",
"id": "CNVD-2016-07742"
},
{
"db": "BID",
"id": "92980"
},
{
"db": "IVD",
"id": "bdfe210a-e3a3-4a84-8115-984187198303"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4526",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-259-02",
"trust": 3.3
},
{
"db": "BID",
"id": "92980",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2016-07742",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201609-339",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004812",
"trust": 0.8
},
{
"db": "IVD",
"id": "BDFE210A-E3A3-4A84-8115-984187198303",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "bdfe210a-e3a3-4a84-8115-984187198303"
},
{
"db": "CNVD",
"id": "CNVD-2016-07742"
},
{
"db": "BID",
"id": "92980"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004812"
},
{
"db": "NVD",
"id": "CVE-2016-4526"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-339"
}
]
},
"id": "VAR-201609-0334",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "bdfe210a-e3a3-4a84-8115-984187198303"
},
{
"db": "CNVD",
"id": "CNVD-2016-07742"
}
],
"trust": 1.51428573
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "bdfe210a-e3a3-4a84-8115-984187198303"
},
{
"db": "CNVD",
"id": "CNVD-2016-07742"
}
]
},
"last_update_date": "2023-12-18T13:57:29.526000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "089290",
"trust": 0.8,
"url": "https://library.e.abb.com/public/93e52dbfd6ab4f64aa435973ccf1b6e2/9adb005557_abb_softwarevulnerabilityhandlingadvisory_dmpro.pdf"
},
{
"title": "Patch for ABB DataManagerPro DLL native code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/81525"
},
{
"title": "ABB DataManagerPro Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64139"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07742"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004812"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-339"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004812"
},
{
"db": "NVD",
"id": "CVE-2016-4526"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-259-02"
},
{
"trust": 1.6,
"url": "https://library.e.abb.com/public/93e52dbfd6ab4f64aa435973ccf1b6e2/9adb005557_abb_softwarevulnerabilityhandlingadvisory_dmpro.pdf"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/92980"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4526"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4526"
},
{
"trust": 0.3,
"url": "http://www.abb.com/"
},
{
"trust": 0.3,
"url": "http://blog.rapid7.com/?p=5325"
},
{
"trust": 0.3,
"url": "http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html"
},
{
"trust": 0.3,
"url": "http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07742"
},
{
"db": "BID",
"id": "92980"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004812"
},
{
"db": "NVD",
"id": "CVE-2016-4526"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-339"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "bdfe210a-e3a3-4a84-8115-984187198303"
},
{
"db": "CNVD",
"id": "CNVD-2016-07742"
},
{
"db": "BID",
"id": "92980"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004812"
},
{
"db": "NVD",
"id": "CVE-2016-4526"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-339"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-20T00:00:00",
"db": "IVD",
"id": "bdfe210a-e3a3-4a84-8115-984187198303"
},
{
"date": "2016-09-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-07742"
},
{
"date": "2016-09-16T00:00:00",
"db": "BID",
"id": "92980"
},
{
"date": "2016-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004812"
},
{
"date": "2016-09-19T01:59:02.790000",
"db": "NVD",
"id": "CVE-2016-4526"
},
{
"date": "2016-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-339"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-07742"
},
{
"date": "2016-09-16T00:00:00",
"db": "BID",
"id": "92980"
},
{
"date": "2016-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004812"
},
{
"date": "2016-11-28T20:18:37.307000",
"db": "NVD",
"id": "CVE-2016-4526"
},
{
"date": "2016-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-339"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "92980"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-339"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ABB DataManagerPro DLL Native code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "bdfe210a-e3a3-4a84-8115-984187198303"
},
{
"db": "CNVD",
"id": "CNVD-2016-07742"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-339"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…