VAR-201708-1506
Vulnerability from variot - Updated: 2023-12-18 12:51A vulnerability was discovered in Siemens ViewPort for Web Office Portal before revision number 1453 that could allow an unauthenticated remote user to upload arbitrary code and execute it with the permissions of the operating-system user running the web server by sending specially crafted network packets to port 443/TCP or port 80/TCP. Siemens ViewPort for Web Office Portal Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Web Office Portal provides authorized users to retrieve current data from the Control Center solution Spectrum PowerTM in a read-only manner
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1506",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "viewport for web office portal",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "viewport for web office portal",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "revision number 1453"
},
{
"model": "viewport for web office portal",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "1453"
},
{
"model": "viewport for web office portal",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1452"
},
{
"model": "viewport for web office portal",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "1453"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "viewport for web office portal",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d"
},
{
"db": "CNVD",
"id": "CNVD-2017-12112"
},
{
"db": "BID",
"id": "99343"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007163"
},
{
"db": "NVD",
"id": "CVE-2017-6869"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-628"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:viewport_for_web_office_portal:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6869"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hannes Trunde from Kapsch BusinessCom AG",
"sources": [
{
"db": "BID",
"id": "99343"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6869",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-6869",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-12112",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-6869",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-6869",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-12112",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-628",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-6869",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d"
},
{
"db": "CNVD",
"id": "CNVD-2017-12112"
},
{
"db": "VULMON",
"id": "CVE-2017-6869"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007163"
},
{
"db": "NVD",
"id": "CVE-2017-6869"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-628"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was discovered in Siemens ViewPort for Web Office Portal before revision number 1453 that could allow an unauthenticated remote user to upload arbitrary code and execute it with the permissions of the operating-system user running the web server by sending specially crafted network packets to port 443/TCP or port 80/TCP. Siemens ViewPort for Web Office Portal Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Web Office Portal provides authorized users to retrieve current data from the Control Center solution Spectrum PowerTM in a read-only manner",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6869"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007163"
},
{
"db": "CNVD",
"id": "CNVD-2017-12112"
},
{
"db": "BID",
"id": "99343"
},
{
"db": "IVD",
"id": "0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d"
},
{
"db": "VULMON",
"id": "CVE-2017-6869"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6869",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-545214",
"trust": 2.3
},
{
"db": "BID",
"id": "99343",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-17-180-03",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2017-12112",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-628",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007163",
"trust": 0.8
},
{
"db": "IVD",
"id": "0A4ACB9E-A4F9-4E80-AACD-8CA53BBD700D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2017-6869",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d"
},
{
"db": "CNVD",
"id": "CNVD-2017-12112"
},
{
"db": "VULMON",
"id": "CVE-2017-6869"
},
{
"db": "BID",
"id": "99343"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007163"
},
{
"db": "NVD",
"id": "CVE-2017-6869"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-628"
}
]
},
"id": "VAR-201708-1506",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d"
},
{
"db": "CNVD",
"id": "CNVD-2017-12112"
}
],
"trust": 1.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d"
},
{
"db": "CNVD",
"id": "CNVD-2017-12112"
}
]
},
"last_update_date": "2023-12-18T12:51:05.162000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-545214",
"trust": 0.8,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-545214.pdf"
},
{
"title": "Patch for Siemens ViewPort for Web Office Portal Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/96915"
},
{
"title": "Siemens ViewPort for Web Office Portal Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99681"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12112"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007163"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-628"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007163"
},
{
"db": "NVD",
"id": "CVE-2017-6869"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-545214.pdf"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/99343"
},
{
"trust": 1.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-180-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6869"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6869"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-12112"
},
{
"db": "VULMON",
"id": "CVE-2017-6869"
},
{
"db": "BID",
"id": "99343"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007163"
},
{
"db": "NVD",
"id": "CVE-2017-6869"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-628"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d"
},
{
"db": "CNVD",
"id": "CNVD-2017-12112"
},
{
"db": "VULMON",
"id": "CVE-2017-6869"
},
{
"db": "BID",
"id": "99343"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007163"
},
{
"db": "NVD",
"id": "CVE-2017-6869"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-628"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-30T00:00:00",
"db": "IVD",
"id": "0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d"
},
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12112"
},
{
"date": "2017-08-08T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6869"
},
{
"date": "2017-06-29T00:00:00",
"db": "BID",
"id": "99343"
},
{
"date": "2017-09-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007163"
},
{
"date": "2017-08-08T00:29:00.180000",
"db": "NVD",
"id": "CVE-2017-6869"
},
{
"date": "2017-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-628"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-12112"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6869"
},
{
"date": "2017-06-29T00:00:00",
"db": "BID",
"id": "99343"
},
{
"date": "2017-09-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007163"
},
{
"date": "2019-10-09T23:29:20.450000",
"db": "NVD",
"id": "CVE-2017-6869"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-628"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-628"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens ViewPort for Web Office Portal Remote code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "0a4acb9e-a4f9-4e80-aacd-8ca53bbd700d"
},
{
"db": "CNVD",
"id": "CNVD-2017-12112"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-628"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…