VAR-201711-0410
Vulnerability from variot - Updated: 2023-12-18 12:37In AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) Versions 2.10 and prior; C-More Programming Software (Part Number EA9-PGMSW) Versions 6.30 and prior; C-More Micro (Part Number EA-PGMSW) Versions 4.20.01.0 and prior; Do-more Designer Software (Part Number DM-PGMSW) Versions 2.0.3 and prior; GS Drives Configuration Software (Part Number GSOFT) Versions 4.0.6 and prior; SL-SOFT SOLO Temperature Controller Configuration Software (Part Number SL-SOFT) Versions 1.1.0.5 and prior; and DirectSOFT Programming Software Versions 6.1 and prior, an uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. Once loaded by the application, the DLL could run malicious code at the privilege level of the application. plural AutomationDirect The product is vulnerable to an uncontrolled search path element.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. AutomationDirect is the world's largest PLC design and production company. An attacker would need administrative access to the default installation location to install a malicious DLL. Multiple AutomationDirect Products are prone to local arbitrary code-execution vulnerability because it fails to sanitize user-supplied input. A local attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. are all products of American AutomationDirect. Several AutomationDirect products have DLL hijacking vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0410",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "c-more micro",
"scope": "lte",
"trust": 1.0,
"vendor": "automationdirect",
"version": "4.20.01.0"
},
{
"model": "gs drives fimware",
"scope": "lte",
"trust": 1.0,
"vendor": "automationdirect",
"version": "4.0.6"
},
{
"model": "click plc",
"scope": "lte",
"trust": 1.0,
"vendor": "automationdirect",
"version": "2.10"
},
{
"model": "sl-soft solo temperature controller",
"scope": "lte",
"trust": 1.0,
"vendor": "automationdirect",
"version": "1.1.0.5"
},
{
"model": "c-more plc",
"scope": "lte",
"trust": 1.0,
"vendor": "automationdirect",
"version": "6.30"
},
{
"model": "c-more micro",
"scope": "eq",
"trust": 0.9,
"vendor": "automationdirect",
"version": "4.20.01.0"
},
{
"model": "c-more micro",
"scope": "lte",
"trust": 0.8,
"vendor": "automationdirect",
"version": "(part number ea-pgmsw) 4.20.01.0"
},
{
"model": "c-more programming software",
"scope": "lte",
"trust": 0.8,
"vendor": "automationdirect",
"version": "(part number ea9-pgmsw) 6.30"
},
{
"model": "click programming software",
"scope": "lte",
"trust": 0.8,
"vendor": "automationdirect",
"version": "(part number c0-pgmsw) 2.10"
},
{
"model": "gs drives configuration software",
"scope": "lte",
"trust": 0.8,
"vendor": "automationdirect",
"version": "(part number gsoft) 4.0.6"
},
{
"model": "sl-soft solo temperature controller configuration software",
"scope": "lte",
"trust": 0.8,
"vendor": "automationdirect",
"version": "(part number sl-soft) 1.1.0.5"
},
{
"model": "click",
"scope": "lte",
"trust": 0.6,
"vendor": "automationdirect",
"version": "\u003c=2.10"
},
{
"model": "c-more",
"scope": "lte",
"trust": 0.6,
"vendor": "automationdirect",
"version": "\u003c=6.30"
},
{
"model": "c-more micro",
"scope": "lte",
"trust": 0.6,
"vendor": "automationdirect",
"version": "\u003c=4.20.01.0"
},
{
"model": "gs drives",
"scope": "lte",
"trust": 0.6,
"vendor": "automationdirect",
"version": "\u003c=4.0.6"
},
{
"model": "sl-soft solo",
"scope": "lte",
"trust": 0.6,
"vendor": "automationdirect",
"version": "\u003c=1.1.0.5"
},
{
"model": "sl-soft solo temperature controller",
"scope": "eq",
"trust": 0.6,
"vendor": "automationdirect",
"version": "1.1.0.5"
},
{
"model": "c-more plc",
"scope": "eq",
"trust": 0.6,
"vendor": "automationdirect",
"version": "6.30"
},
{
"model": "gs drives fimware",
"scope": "eq",
"trust": 0.6,
"vendor": "automationdirect",
"version": "4.0.6"
},
{
"model": "click plc",
"scope": "eq",
"trust": 0.6,
"vendor": "automationdirect",
"version": "2.10"
},
{
"model": "sl-soft solo",
"scope": "eq",
"trust": 0.3,
"vendor": "automationdirect",
"version": "1.1.0.5"
},
{
"model": "gs drives configuration software",
"scope": "eq",
"trust": 0.3,
"vendor": "automationdirect",
"version": "4.0.6"
},
{
"model": "click programming software",
"scope": "eq",
"trust": 0.3,
"vendor": "automationdirect",
"version": "2.10"
},
{
"model": "c-more programming software",
"scope": "eq",
"trust": 0.3,
"vendor": "automationdirect",
"version": "6.30"
},
{
"model": "sl-soft solo",
"scope": "ne",
"trust": 0.3,
"vendor": "automationdirect",
"version": "1.1.0.6"
},
{
"model": "gs drives configuration software",
"scope": "ne",
"trust": 0.3,
"vendor": "automationdirect",
"version": "4.0.7"
},
{
"model": "click programming software",
"scope": "ne",
"trust": 0.3,
"vendor": "automationdirect",
"version": "2.11"
},
{
"model": "c-more programming software",
"scope": "ne",
"trust": 0.3,
"vendor": "automationdirect",
"version": "6.32"
},
{
"model": "c-more micro",
"scope": "ne",
"trust": 0.3,
"vendor": "automationdirect",
"version": "4.21"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "click plc",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "c more plc",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "c more micro",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "gs drives fimware",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sl soft solo temperature controller",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "579caf4e-6fe9-4eec-bca4-7f3e62f9ff08"
},
{
"db": "CNVD",
"id": "CNVD-2017-33807"
},
{
"db": "BID",
"id": "101780"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010444"
},
{
"db": "NVD",
"id": "CVE-2017-14020"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1255"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:automationdirect:click_plc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:automationdirect:click_plc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:automationdirect:c-more_plc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.30",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:automationdirect:c-more_plc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:automationdirect:c-more_micro_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.20.01.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:automationdirect:c-more_micro:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:automationdirect:gs_drives_fimware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:automationdirect:gs_drives:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:automationdirect:sl-soft_solo_temperature_controller_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.0.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:automationdirect:sl-soft_solo_temperature_controller:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14020"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mark Cross of RIoT Solutions",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1255"
}
],
"trust": 0.6
},
"cve": "CVE-2017-14020",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-14020",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "CNVD-2017-33807",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "579caf4e-6fe9-4eec-bca4-7f3e62f9ff08",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-104701",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14020",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14020",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-33807",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1255",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "579caf4e-6fe9-4eec-bca4-7f3e62f9ff08",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-104701",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "579caf4e-6fe9-4eec-bca4-7f3e62f9ff08"
},
{
"db": "CNVD",
"id": "CNVD-2017-33807"
},
{
"db": "VULHUB",
"id": "VHN-104701"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010444"
},
{
"db": "NVD",
"id": "CVE-2017-14020"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1255"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) Versions 2.10 and prior; C-More Programming Software (Part Number EA9-PGMSW) Versions 6.30 and prior; C-More Micro (Part Number EA-PGMSW) Versions 4.20.01.0 and prior; Do-more Designer Software (Part Number DM-PGMSW) Versions 2.0.3 and prior; GS Drives Configuration Software (Part Number GSOFT) Versions 4.0.6 and prior; SL-SOFT SOLO Temperature Controller Configuration Software (Part Number SL-SOFT) Versions 1.1.0.5 and prior; and DirectSOFT Programming Software Versions 6.1 and prior, an uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. Once loaded by the application, the DLL could run malicious code at the privilege level of the application. plural AutomationDirect The product is vulnerable to an uncontrolled search path element.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. AutomationDirect is the world\u0027s largest PLC design and production company. An attacker would need administrative access to the default installation location to install a malicious DLL. Multiple AutomationDirect Products are prone to local arbitrary code-execution vulnerability because it fails to sanitize user-supplied input. \nA local attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. are all products of American AutomationDirect. Several AutomationDirect products have DLL hijacking vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14020"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010444"
},
{
"db": "CNVD",
"id": "CNVD-2017-33807"
},
{
"db": "BID",
"id": "101780"
},
{
"db": "IVD",
"id": "579caf4e-6fe9-4eec-bca4-7f3e62f9ff08"
},
{
"db": "VULHUB",
"id": "VHN-104701"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14020",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-313-01",
"trust": 2.6
},
{
"db": "BID",
"id": "101780",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1255",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-33807",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-313-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010444",
"trust": 0.8
},
{
"db": "IVD",
"id": "579CAF4E-6FE9-4EEC-BCA4-7F3E62F9FF08",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-104701",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "579caf4e-6fe9-4eec-bca4-7f3e62f9ff08"
},
{
"db": "CNVD",
"id": "CNVD-2017-33807"
},
{
"db": "VULHUB",
"id": "VHN-104701"
},
{
"db": "BID",
"id": "101780"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010444"
},
{
"db": "NVD",
"id": "CVE-2017-14020"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1255"
}
]
},
"id": "VAR-201711-0410",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "579caf4e-6fe9-4eec-bca4-7f3e62f9ff08"
},
{
"db": "CNVD",
"id": "CNVD-2017-33807"
},
{
"db": "VULHUB",
"id": "VHN-104701"
}
],
"trust": 1.77
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "579caf4e-6fe9-4eec-bca4-7f3e62f9ff08"
},
{
"db": "CNVD",
"id": "CNVD-2017-33807"
}
]
},
"last_update_date": "2023-12-18T12:37:09.319000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "C-more Micro Panels Support Resources",
"trust": 0.8,
"url": "http://support.automationdirect.com/products/cmoremicro.html"
},
{
"title": "GSoft Support Resources",
"trust": 0.8,
"url": "http://support.automationdirect.com/products/gsoft.html"
},
{
"title": "SOLO Temperature Controllers Support Resources",
"trust": 0.8,
"url": "http://support.automationdirect.com/products/solo.html"
},
{
"title": "CLICK PLC Support Resources",
"trust": 0.8,
"url": "http://support.automationdirect.com/products/clickplcs.html"
},
{
"title": "C-More Support Resources",
"trust": 0.8,
"url": "http://support.automationdirect.com/products/cmore.html"
},
{
"title": "AutomationDirect multiple product DLL hijacked patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/106012"
},
{
"title": "Multiple AutomationDirect Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76097"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33807"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010444"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1255"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104701"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010444"
},
{
"db": "NVD",
"id": "CVE-2017-14020"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-313-01"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/101780"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14020"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-313-01a"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14020"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33807"
},
{
"db": "VULHUB",
"id": "VHN-104701"
},
{
"db": "BID",
"id": "101780"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010444"
},
{
"db": "NVD",
"id": "CVE-2017-14020"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1255"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "579caf4e-6fe9-4eec-bca4-7f3e62f9ff08"
},
{
"db": "CNVD",
"id": "CNVD-2017-33807"
},
{
"db": "VULHUB",
"id": "VHN-104701"
},
{
"db": "BID",
"id": "101780"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010444"
},
{
"db": "NVD",
"id": "CVE-2017-14020"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1255"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-14T00:00:00",
"db": "IVD",
"id": "579caf4e-6fe9-4eec-bca4-7f3e62f9ff08"
},
{
"date": "2017-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33807"
},
{
"date": "2017-11-13T00:00:00",
"db": "VULHUB",
"id": "VHN-104701"
},
{
"date": "2017-11-09T00:00:00",
"db": "BID",
"id": "101780"
},
{
"date": "2017-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010444"
},
{
"date": "2017-11-13T20:29:00.257000",
"db": "NVD",
"id": "CVE-2017-14020"
},
{
"date": "2017-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1255"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33807"
},
{
"date": "2018-08-01T00:00:00",
"db": "VULHUB",
"id": "VHN-104701"
},
{
"date": "2017-12-19T21:00:00",
"db": "BID",
"id": "101780"
},
{
"date": "2017-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010444"
},
{
"date": "2018-08-01T01:29:00.400000",
"db": "NVD",
"id": "CVE-2017-14020"
},
{
"date": "2017-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1255"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1255"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural AutomationDirect Uncontrolled search path element vulnerability in product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010444"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1255"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…