VAR-201710-0793
Vulnerability from variot - Updated: 2023-12-18 12:37A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code. LOYTEC LVIS-3ME Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LOYTEC LVIS-3ME is prone to the following security vulnerabilities: : 1. A directory-traversal vulnerability 2. An insufficient-entropy vulnerability 3. A cross-site scripting vulnerability 4. Versions prior to LVIS-3ME 6.2.0 are vulnerable. LOYTEC LVIS-3ME is an HMI touch panel produced by LOYTEC in Germany. There is a directory traversal vulnerability in LOYTEC LVIS-3ME versions before 6.2.0. The vulnerability stems from the fact that the program does not restrict non-administrator users from accessing important files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0793",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lvis-3me",
"scope": "lte",
"trust": 1.0,
"vendor": "loytec",
"version": "6.1.1"
},
{
"model": "lvis-3me",
"scope": "lt",
"trust": 0.8,
"vendor": "loytec",
"version": "6.2.0"
},
{
"model": "lvis-3me",
"scope": "eq",
"trust": 0.6,
"vendor": "loytec",
"version": "6.1.1"
},
{
"model": "lvis-3me",
"scope": "eq",
"trust": 0.3,
"vendor": "loytec",
"version": "0"
},
{
"model": "lvis-3me",
"scope": "ne",
"trust": 0.3,
"vendor": "loytec",
"version": "6.2"
}
],
"sources": [
{
"db": "BID",
"id": "100847"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008626"
},
{
"db": "NVD",
"id": "CVE-2017-13996"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-868"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:loytec:lvis-3me_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:loytec:lvis-3me:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13996"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davy Douhine of RandoriSec",
"sources": [
{
"db": "BID",
"id": "100847"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-868"
}
],
"trust": 0.9
},
"cve": "CVE-2017-13996",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-13996",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-104674",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-13996",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-13996",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-868",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-104674",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-13996",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104674"
},
{
"db": "VULMON",
"id": "CVE-2017-13996"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008626"
},
{
"db": "NVD",
"id": "CVE-2017-13996"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-868"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code. LOYTEC LVIS-3ME Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LOYTEC LVIS-3ME is prone to the following security vulnerabilities: :\n1. A directory-traversal vulnerability\n2. An insufficient-entropy vulnerability\n3. A cross-site scripting vulnerability\n4. \nVersions prior to LVIS-3ME 6.2.0 are vulnerable. LOYTEC LVIS-3ME is an HMI touch panel produced by LOYTEC in Germany. There is a directory traversal vulnerability in LOYTEC LVIS-3ME versions before 6.2.0. The vulnerability stems from the fact that the program does not restrict non-administrator users from accessing important files",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13996"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008626"
},
{
"db": "BID",
"id": "100847"
},
{
"db": "VULHUB",
"id": "VHN-104674"
},
{
"db": "VULMON",
"id": "CVE-2017-13996"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-17-257-01",
"trust": 2.9
},
{
"db": "NVD",
"id": "CVE-2017-13996",
"trust": 2.9
},
{
"db": "BID",
"id": "100847",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008626",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-868",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-104674",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-13996",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104674"
},
{
"db": "VULMON",
"id": "CVE-2017-13996"
},
{
"db": "BID",
"id": "100847"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008626"
},
{
"db": "NVD",
"id": "CVE-2017-13996"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-868"
}
]
},
"id": "VAR-201710-0793",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-104674"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:37:10.638000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.loytec.com/jp/"
},
{
"title": "LOYTEC LVIS-3ME Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74973"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008626"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-868"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104674"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008626"
},
{
"db": "NVD",
"id": "CVE-2017-13996"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-257-01"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/100847"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13996"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13996"
},
{
"trust": 0.3,
"url": "https://www.loytec.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104674"
},
{
"db": "VULMON",
"id": "CVE-2017-13996"
},
{
"db": "BID",
"id": "100847"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008626"
},
{
"db": "NVD",
"id": "CVE-2017-13996"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-868"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-104674"
},
{
"db": "VULMON",
"id": "CVE-2017-13996"
},
{
"db": "BID",
"id": "100847"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008626"
},
{
"db": "NVD",
"id": "CVE-2017-13996"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-868"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-104674"
},
{
"date": "2017-10-05T00:00:00",
"db": "VULMON",
"id": "CVE-2017-13996"
},
{
"date": "2017-09-14T00:00:00",
"db": "BID",
"id": "100847"
},
{
"date": "2017-10-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008626"
},
{
"date": "2017-10-05T21:29:00.350000",
"db": "NVD",
"id": "CVE-2017-13996"
},
{
"date": "2017-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-868"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-104674"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-13996"
},
{
"date": "2017-09-14T00:00:00",
"db": "BID",
"id": "100847"
},
{
"date": "2017-10-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008626"
},
{
"date": "2019-10-09T23:23:41.700000",
"db": "NVD",
"id": "CVE-2017-13996"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-868"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-868"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LOYTEC LVIS-3ME Path traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008626"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-868"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-868"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…