VAR-201710-0792
Vulnerability from variot - Updated: 2023-12-18 13:02An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. The webserver does not properly authenticate users, which may allow a malicious attacker to access sensitive information such as HMI pages or modify PLC variables. iniNet Solutions SCADA Web Server Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SCADA Webserver is a third-party web-based server software. IniNet Solutions SCADA Web Server is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. IniNet Solutions SCADA Web Server prior to 2.02.0100 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0792",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ininet webserver",
"scope": "lte",
"trust": 1.0,
"vendor": "spidercontrol",
"version": "2.02.0000"
},
{
"model": "scada web server",
"scope": "lt",
"trust": 0.8,
"vendor": "ininet",
"version": "2.02.0100"
},
{
"model": "scada webserver",
"scope": "lt",
"trust": 0.6,
"vendor": "ininet",
"version": "2.02.0100"
},
{
"model": "ininet webserver",
"scope": "eq",
"trust": 0.6,
"vendor": "spidercontrol",
"version": "2.02.0000"
},
{
"model": "scada web server",
"scope": "eq",
"trust": 0.3,
"vendor": "ininet",
"version": "2.02"
},
{
"model": "scada web server",
"scope": "eq",
"trust": 0.3,
"vendor": "ininet",
"version": "2.01"
},
{
"model": "scada web server",
"scope": "eq",
"trust": 0.3,
"vendor": "ininet",
"version": "2.0"
},
{
"model": "scada web server",
"scope": "ne",
"trust": 0.3,
"vendor": "ininet",
"version": "2.02.0100"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ininet webserver",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "f360a512-61e8-46a7-9a28-c8f631a2e303"
},
{
"db": "CNVD",
"id": "CNVD-2017-28914"
},
{
"db": "BID",
"id": "100951"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009407"
},
{
"db": "NVD",
"id": "CVE-2017-13995"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1089"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:spidercontrol:ininet_webserver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.02.0000",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13995"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "both of Augsburg University of Applied Sciences.,Matthias Niedermaier and Florian Fischer",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1089"
}
],
"trust": 0.6
},
"cve": "CVE-2017-13995",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-13995",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-28914",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "f360a512-61e8-46a7-9a28-c8f631a2e303",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 10.0,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-13995",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-13995",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-28914",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-1089",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "f360a512-61e8-46a7-9a28-c8f631a2e303",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-13995",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f360a512-61e8-46a7-9a28-c8f631a2e303"
},
{
"db": "CNVD",
"id": "CNVD-2017-28914"
},
{
"db": "VULMON",
"id": "CVE-2017-13995"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009407"
},
{
"db": "NVD",
"id": "CVE-2017-13995"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1089"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. The webserver does not properly authenticate users, which may allow a malicious attacker to access sensitive information such as HMI pages or modify PLC variables. iniNet Solutions SCADA Web Server Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SCADA Webserver is a third-party web-based server software. IniNet Solutions SCADA Web Server is prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. \nIniNet Solutions SCADA Web Server prior to 2.02.0100 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13995"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009407"
},
{
"db": "CNVD",
"id": "CNVD-2017-28914"
},
{
"db": "BID",
"id": "100951"
},
{
"db": "IVD",
"id": "f360a512-61e8-46a7-9a28-c8f631a2e303"
},
{
"db": "VULMON",
"id": "CVE-2017-13995"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-13995",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-264-04",
"trust": 3.4
},
{
"db": "BID",
"id": "100951",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2017-28914",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1089",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009407",
"trust": 0.8
},
{
"db": "IVD",
"id": "F360A512-61E8-46A7-9A28-C8F631A2E303",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2017-13995",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "f360a512-61e8-46a7-9a28-c8f631a2e303"
},
{
"db": "CNVD",
"id": "CNVD-2017-28914"
},
{
"db": "VULMON",
"id": "CVE-2017-13995"
},
{
"db": "BID",
"id": "100951"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009407"
},
{
"db": "NVD",
"id": "CVE-2017-13995"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1089"
}
]
},
"id": "VAR-201710-0792",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f360a512-61e8-46a7-9a28-c8f631a2e303"
},
{
"db": "CNVD",
"id": "CNVD-2017-28914"
}
],
"trust": 1.6125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "f360a512-61e8-46a7-9a28-c8f631a2e303"
},
{
"db": "CNVD",
"id": "CNVD-2017-28914"
}
]
},
"last_update_date": "2023-12-18T13:02:52.847000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://spidercontrol.net/?lang=en"
},
{
"title": "iniNet Solutions GmbH SCADA Webserver Unauthorized Access Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/102631"
},
{
"title": "IniNet Solutions SCADA Web Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75076"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28914"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009407"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1089"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009407"
},
{
"db": "NVD",
"id": "CVE-2017-13995"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-264-04"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/100951"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13995"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13995"
},
{
"trust": 0.3,
"url": "http://spidercontrol.net/ininet/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28914"
},
{
"db": "VULMON",
"id": "CVE-2017-13995"
},
{
"db": "BID",
"id": "100951"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009407"
},
{
"db": "NVD",
"id": "CVE-2017-13995"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1089"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f360a512-61e8-46a7-9a28-c8f631a2e303"
},
{
"db": "CNVD",
"id": "CNVD-2017-28914"
},
{
"db": "VULMON",
"id": "CVE-2017-13995"
},
{
"db": "BID",
"id": "100951"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009407"
},
{
"db": "NVD",
"id": "CVE-2017-13995"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1089"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-22T00:00:00",
"db": "IVD",
"id": "f360a512-61e8-46a7-9a28-c8f631a2e303"
},
{
"date": "2017-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-28914"
},
{
"date": "2017-10-05T00:00:00",
"db": "VULMON",
"id": "CVE-2017-13995"
},
{
"date": "2017-09-21T00:00:00",
"db": "BID",
"id": "100951"
},
{
"date": "2017-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009407"
},
{
"date": "2017-10-05T01:29:05.227000",
"db": "NVD",
"id": "CVE-2017-13995"
},
{
"date": "2017-09-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1089"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-28914"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-13995"
},
{
"date": "2017-09-21T00:00:00",
"db": "BID",
"id": "100951"
},
{
"date": "2017-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009407"
},
{
"date": "2019-10-09T23:23:41.607000",
"db": "NVD",
"id": "CVE-2017-13995"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1089"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1089"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iniNet Solutions GmbH SCADA Webserver Unauthorized Access Vulnerability",
"sources": [
{
"db": "IVD",
"id": "f360a512-61e8-46a7-9a28-c8f631a2e303"
},
{
"db": "CNVD",
"id": "CNVD-2017-28914"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1089"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…