VAR-201703-0462
Vulnerability from variot - Updated: 2023-12-18 12:37An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating. Eaton xComfort is a smart home solution from Eaton, USA. The program includes a wireless home automation system that provides home security and energy management features. There are security vulnerabilities in Eaton xComfort ECI 1.07 and earlier. An unauthorized attacker could exploit the vulnerability to access files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0462",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xcomfort ethernet communication interface",
"scope": "lte",
"trust": 1.8,
"vendor": "eaton",
"version": "1.07"
},
{
"model": "xcomfort ethernet communication interface",
"scope": "lte",
"trust": 0.6,
"vendor": "eaton",
"version": "\u003c=1.07"
},
{
"model": "xcomfort ethernet communication interface",
"scope": "eq",
"trust": 0.6,
"vendor": "eaton",
"version": "1.07"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "xcomfort ethernet communication interface",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "ca995212-3594-4e10-b2bc-114358bb39bc"
},
{
"db": "CNVD",
"id": "CNVD-2017-03834"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007967"
},
{
"db": "NVD",
"id": "CVE-2016-9368"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-593"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:eaton:xcomfort_ethernet_communication_interface:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.07",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9368"
}
]
},
"cve": "CVE-2016-9368",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-9368",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-03834",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "ca995212-3594-4e10-b2bc-114358bb39bc",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-9368",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-9368",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-03834",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-593",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "ca995212-3594-4e10-b2bc-114358bb39bc",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ca995212-3594-4e10-b2bc-114358bb39bc"
},
{
"db": "CNVD",
"id": "CNVD-2017-03834"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007967"
},
{
"db": "NVD",
"id": "CVE-2016-9368"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-593"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating. Eaton xComfort is a smart home solution from Eaton, USA. The program includes a wireless home automation system that provides home security and energy management features. There are security vulnerabilities in Eaton xComfort ECI 1.07 and earlier. An unauthorized attacker could exploit the vulnerability to access files",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9368"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007967"
},
{
"db": "CNVD",
"id": "CNVD-2017-03834"
},
{
"db": "IVD",
"id": "ca995212-3594-4e10-b2bc-114358bb39bc"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9368",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-17-061-01",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2017-03834",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-593",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007967",
"trust": 0.8
},
{
"db": "IVD",
"id": "CA995212-3594-4E10-B2BC-114358BB39BC",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "ca995212-3594-4e10-b2bc-114358bb39bc"
},
{
"db": "CNVD",
"id": "CNVD-2017-03834"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007967"
},
{
"db": "NVD",
"id": "CVE-2016-9368"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-593"
}
]
},
"id": "VAR-201703-0462",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ca995212-3594-4e10-b2bc-114358bb39bc"
},
{
"db": "CNVD",
"id": "CNVD-2017-03834"
}
],
"trust": 1.5
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ca995212-3594-4e10-b2bc-114358bb39bc"
},
{
"db": "CNVD",
"id": "CNVD-2017-03834"
}
]
},
"last_update_date": "2023-12-18T12:37:31.810000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "xComfort - RF Smart Home Solutions",
"trust": 0.8,
"url": "http://www.eaton.eu/europe/electrical/productsservices/residential/xcomfort-rfsmarthomesolutions/index.htm?wtredirect=www.eaton.eu/xcomfort#tabs-11"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007967"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007967"
},
{
"db": "NVD",
"id": "CVE-2016-9368"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-061-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9368"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9368"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03834"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007967"
},
{
"db": "NVD",
"id": "CVE-2016-9368"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-593"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ca995212-3594-4e10-b2bc-114358bb39bc"
},
{
"db": "CNVD",
"id": "CNVD-2017-03834"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007967"
},
{
"db": "NVD",
"id": "CVE-2016-9368"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-593"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-02T00:00:00",
"db": "IVD",
"id": "ca995212-3594-4e10-b2bc-114358bb39bc"
},
{
"date": "2017-04-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-03834"
},
{
"date": "2017-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007967"
},
{
"date": "2017-03-14T09:59:00.300000",
"db": "NVD",
"id": "CVE-2016-9368"
},
{
"date": "2017-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-593"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-03834"
},
{
"date": "2017-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007967"
},
{
"date": "2019-10-09T23:20:26.240000",
"db": "NVD",
"id": "CVE-2016-9368"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-593"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-593"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eaton xComfort Ethernet Communication Interface Unauthorized Access Vulnerability",
"sources": [
{
"db": "IVD",
"id": "ca995212-3594-4e10-b2bc-114358bb39bc"
},
{
"db": "CNVD",
"id": "CNVD-2017-03834"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "ca995212-3594-4e10-b2bc-114358bb39bc"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-593"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…