VAR-201812-0853
Vulnerability from variot - Updated: 2024-02-06 22:52An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files. IIoT Monitor Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric IIoT Monitor. Authentication is required to exploit this vulnerability but authentication can be easily bypassed.The specific flaw exists within the processing of the upload method of the ProtectionMgmt servlet. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Schneider Electric IIoT Monitor is an industrial IoT monitor from Schneider Electric of France. A directory-traversal vulnerability 2. An arbitrary file-upload vulnerability 3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0853",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iiot monitor",
"scope": null,
"trust": 3.5,
"vendor": "schneider electric",
"version": null
},
{
"model": "iiot monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "schneider electric",
"version": "3.1.38"
},
{
"model": "electric iiot monitor",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider",
"version": "3.1.38"
},
{
"model": "iiot monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "0"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-032"
},
{
"db": "ZDI",
"id": "ZDI-19-022"
},
{
"db": "ZDI",
"id": "ZDI-19-030"
},
{
"db": "ZDI",
"id": "ZDI-19-021"
},
{
"db": "ZDI",
"id": "ZDI-19-029"
},
{
"db": "CNVD",
"id": "CNVD-2019-03464"
},
{
"db": "BID",
"id": "106484"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014342"
},
{
"db": "NVD",
"id": "CVE-2018-7836"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:iiot_monitor:3.1.38:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7836"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod of 9sg Security Team - rgod@9sgsec.com",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-032"
},
{
"db": "ZDI",
"id": "ZDI-19-022"
},
{
"db": "ZDI",
"id": "ZDI-19-030"
},
{
"db": "ZDI",
"id": "ZDI-19-021"
},
{
"db": "ZDI",
"id": "ZDI-19-029"
}
],
"trust": 3.5
},
"cve": "CVE-2018-7836",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7836",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-03464",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2018-7836",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.1,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-7836",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7836",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2018-7836",
"trust": 2.1,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-7836",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2018-7836",
"trust": 1.4,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-03464",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-1096",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-7836",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-032"
},
{
"db": "ZDI",
"id": "ZDI-19-022"
},
{
"db": "ZDI",
"id": "ZDI-19-030"
},
{
"db": "ZDI",
"id": "ZDI-19-021"
},
{
"db": "ZDI",
"id": "ZDI-19-029"
},
{
"db": "CNVD",
"id": "CNVD-2019-03464"
},
{
"db": "VULMON",
"id": "CVE-2018-7836"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014342"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1096"
},
{
"db": "NVD",
"id": "CVE-2018-7836"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unrestricted Upload of File with Dangerous Type vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow upload and execution of malicious files. IIoT Monitor Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric IIoT Monitor. Authentication is required to exploit this vulnerability but authentication can be easily bypassed.The specific flaw exists within the processing of the upload method of the ProtectionMgmt servlet. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Schneider Electric IIoT Monitor is an industrial IoT monitor from Schneider Electric of France. A directory-traversal vulnerability\n2. An arbitrary file-upload vulnerability\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7836"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014342"
},
{
"db": "ZDI",
"id": "ZDI-19-032"
},
{
"db": "ZDI",
"id": "ZDI-19-022"
},
{
"db": "ZDI",
"id": "ZDI-19-030"
},
{
"db": "ZDI",
"id": "ZDI-19-021"
},
{
"db": "ZDI",
"id": "ZDI-19-029"
},
{
"db": "CNVD",
"id": "CNVD-2019-03464"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1096"
},
{
"db": "BID",
"id": "106484"
},
{
"db": "VULMON",
"id": "CVE-2018-7836"
}
],
"trust": 6.21
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7836",
"trust": 6.9
},
{
"db": "BID",
"id": "106484",
"trust": 2.0
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-354-03",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-008-02",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014342",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7120",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-032",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7122",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-022",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7136",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-030",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7121",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-021",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-7135",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-029",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-03464",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1096",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-7836",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-032"
},
{
"db": "ZDI",
"id": "ZDI-19-022"
},
{
"db": "ZDI",
"id": "ZDI-19-030"
},
{
"db": "ZDI",
"id": "ZDI-19-021"
},
{
"db": "ZDI",
"id": "ZDI-19-029"
},
{
"db": "CNVD",
"id": "CNVD-2019-03464"
},
{
"db": "VULMON",
"id": "CVE-2018-7836"
},
{
"db": "BID",
"id": "106484"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014342"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1096"
},
{
"db": "NVD",
"id": "CVE-2018-7836"
}
]
},
"id": "VAR-201812-0853",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03464"
}
],
"trust": 1.5166667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03464"
}
]
},
"last_update_date": "2024-02-06T22:52:00.928000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Schneider Electric has issued an update to correct this vulnerability.",
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-008-02"
},
{
"title": "SEVD-2018-354-03",
"trust": 0.8,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-354-03/"
},
{
"title": "Patch for IIoTMonitor Hazardous Type File Upload Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/152471"
},
{
"title": "Schneider Electric IIoT Monitor Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88169"
},
{
"title": "Check Point Security Alerts: Schneider Electric IIoT Monitor Unrestricted File Upload (CVE-2018-7836)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=check_point_security_alerts\u0026qid=495244a44e00a37fadd60897391c108e"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-032"
},
{
"db": "ZDI",
"id": "ZDI-19-022"
},
{
"db": "ZDI",
"id": "ZDI-19-030"
},
{
"db": "ZDI",
"id": "ZDI-19-021"
},
{
"db": "ZDI",
"id": "ZDI-19-029"
},
{
"db": "CNVD",
"id": "CNVD-2019-03464"
},
{
"db": "VULMON",
"id": "CVE-2018-7836"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014342"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1096"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-434",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014342"
},
{
"db": "NVD",
"id": "CVE-2018-7836"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-008-02"
},
{
"trust": 1.7,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-354-03/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7836"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/106484"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7836"
},
{
"trust": 0.3,
"url": "www.controlmicrosystems.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/434.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2018-2576.html"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-032"
},
{
"db": "ZDI",
"id": "ZDI-19-022"
},
{
"db": "ZDI",
"id": "ZDI-19-030"
},
{
"db": "ZDI",
"id": "ZDI-19-021"
},
{
"db": "ZDI",
"id": "ZDI-19-029"
},
{
"db": "CNVD",
"id": "CNVD-2019-03464"
},
{
"db": "VULMON",
"id": "CVE-2018-7836"
},
{
"db": "BID",
"id": "106484"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014342"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1096"
},
{
"db": "NVD",
"id": "CVE-2018-7836"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-19-032"
},
{
"db": "ZDI",
"id": "ZDI-19-022"
},
{
"db": "ZDI",
"id": "ZDI-19-030"
},
{
"db": "ZDI",
"id": "ZDI-19-021"
},
{
"db": "ZDI",
"id": "ZDI-19-029"
},
{
"db": "CNVD",
"id": "CNVD-2019-03464"
},
{
"db": "VULMON",
"id": "CVE-2018-7836"
},
{
"db": "BID",
"id": "106484"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014342"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1096"
},
{
"db": "NVD",
"id": "CVE-2018-7836"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-16T00:00:00",
"db": "ZDI",
"id": "ZDI-19-032"
},
{
"date": "2019-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-19-022"
},
{
"date": "2019-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-19-030"
},
{
"date": "2019-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-19-021"
},
{
"date": "2019-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-19-029"
},
{
"date": "2019-01-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-03464"
},
{
"date": "2018-12-24T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7836"
},
{
"date": "2019-01-08T00:00:00",
"db": "BID",
"id": "106484"
},
{
"date": "2019-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014342"
},
{
"date": "2018-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-1096"
},
{
"date": "2018-12-24T16:29:00.937000",
"db": "NVD",
"id": "CVE-2018-7836"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-16T00:00:00",
"db": "ZDI",
"id": "ZDI-19-032"
},
{
"date": "2019-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-19-022"
},
{
"date": "2019-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-19-030"
},
{
"date": "2019-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-19-021"
},
{
"date": "2019-01-14T00:00:00",
"db": "ZDI",
"id": "ZDI-19-029"
},
{
"date": "2019-01-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-03464"
},
{
"date": "2019-02-06T00:00:00",
"db": "VULMON",
"id": "CVE-2018-7836"
},
{
"date": "2019-01-08T00:00:00",
"db": "BID",
"id": "106484"
},
{
"date": "2019-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014342"
},
{
"date": "2019-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-1096"
},
{
"date": "2019-02-06T20:06:42.490000",
"db": "NVD",
"id": "CVE-2018-7836"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "106484"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IIoT Monitor Vulnerable to unlimited upload of dangerous types of files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014342"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-1096"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…