ID
VAR-E-201201-0658
CVE
| cve_id: | CVE-2012-1807 | Trust: 0.3 |
| cve_id: | CVE-2012-1808 | Trust: 0.3 |
| cve_id: | CVE-2012-1805 | Trust: 0.3 |
| cve_id: | CVE-2012-1806 | Trust: 0.3 |
| cve_id: | CVE-2012-1809 | Trust: 0.3 |
TITLE
Koyo ECOM100 Ethernet Module Multiple Security Vulnerabilities
Trust: 0.3
DESCRIPTION
Koyo ECOM100 Ethernet Module is prone to multiple unspecified vulnerabilities including:
1. A buffer-overflow vulnerability.
2. A denial-of-service vulnerability.
3. Multiple security-bypass vulnerabilities.
4. A cross site-scripting vulnerability.
Attackers can exploit these issues to execute arbitrary code in the context of the affected application, cause denial-of-service conditions, bypass some security restrictions, allow an attacker to steal cookie-based information, or execute script code in the context of the browser of an unsuspecting user; other attacks may also be possible.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | koyo | model: | h4-ecom100 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | koyo | model: | h4-ecom-f | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | koyo | model: | h4-ecom | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | koyo | model: | h2-ecom100 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | koyo | model: | h2-ecom-f | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | koyo | model: | h2-ecom | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | koyo | model: | h0-ecom100 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | koyo | model: | h0-ecom | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | koyo | model: | ecom100 ethernet module | scope: | eq | version: | 0 | Trust: 0.3 |
EXPLOIT
A brute force password cracking tool has been released that targets the weak authentication vulnerability in the ECOM series modules. Please the references for details.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Unknown
Trust: 0.3
CREDITS
Reid Wightman
Trust: 0.3
EXTERNAL IDS
| db: | ICS CERT ALERT | id: | ICS-ALERT-12-020-05 | Trust: 0.3 |
| db: | ICS CERT ALERT | id: | ICS-ALERT-12-020-05A | Trust: 0.3 |
| db: | ICS CERT | id: | ICSA-12-102-02 | Trust: 0.3 |
| db: | NVD | id: | CVE-2012-1807 | Trust: 0.3 |
| db: | NVD | id: | CVE-2012-1808 | Trust: 0.3 |
| db: | NVD | id: | CVE-2012-1805 | Trust: 0.3 |
| db: | NVD | id: | CVE-2012-1806 | Trust: 0.3 |
| db: | NVD | id: | CVE-2012-1809 | Trust: 0.3 |
| db: | BID | id: | 51634 | Trust: 0.3 |
REFERENCES
| url: | http://www.us-cert.gov/control_systems/pdf/icsa-12-102-02.pdf | Trust: 0.3 |
| url: | http://www.koyoele.co.jp/english/index.html | Trust: 0.3 |
| url: | http://www.us-cert.gov/control_systems/pdf/ics-alert-12-020-05a.pdf | Trust: 0.3 |
| url: | http://www.us-cert.gov/control_systems/pdf/ics-alert-12-020-05.pdf | Trust: 0.3 |
SOURCES
| db: | BID | id: | 51634 |
LAST UPDATE DATE
2022-07-27T09:30:26.312000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 51634 | date: | 2012-04-11T22:40:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 51634 | date: | 2012-01-23T00:00:00 |