ID

VAR-190001-0517


TITLE

MiniWeb Directory Traversal Vulnerability

Trust: 0.8

sources: IVD: 9ac98712-1f7d-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5111

DESCRIPTION

MiniWeb is a micro Web Server developed for embedded applications written in C-voice. MiniWeb has a denial of service vulnerability. An attacker could exploit the vulnerability to cause the server to crash

Trust: 1.71

sources: CNVD: CNVD-2011-5111 // CNVD: CNVD-2011-5109 // BID: 50827 // IVD: 9ac98712-1f7d-11e6-abef-000c29c66e3d // IVD: 9d778914-1f7d-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.6

sources: IVD: 9ac98712-1f7d-11e6-abef-000c29c66e3d // IVD: 9d778914-1f7d-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5111 // CNVD: CNVD-2011-5109

AFFECTED PRODUCTS

vendor:siemensmodel:simatic wincc flexible runtimescope:eqversion:0

Trust: 1.5

vendor:stanleymodel:huang miniwebscope:eqversion:0

Trust: 1.5

vendor:siemensmodel:simatic wincc flexible sp2scope:eqversion:2008

Trust: 1.5

vendor:siemensmodel:simatic wincc flexible runtime stanley huang miniwebscope:eqversion:00*

Trust: 0.4

vendor:siemensmodel:simatic wincc flexible sp2scope:eqversion:2008*

Trust: 0.4

sources: IVD: 9ac98712-1f7d-11e6-abef-000c29c66e3d // IVD: 9d778914-1f7d-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5111 // CNVD: CNVD-2011-5109 // BID: 50827

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD: 9ac98712-1f7d-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: 9d778914-1f7d-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: 9ac98712-1f7d-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

IVD: 9d778914-1f7d-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

sources: IVD: 9ac98712-1f7d-11e6-abef-000c29c66e3d // IVD: 9d778914-1f7d-11e6-abef-000c29c66e3d

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201111-479

TYPE

Unknown

Trust: 0.3

sources: BID: 50827

PATCH

title:Patch for MiniWeb Directory Traversal Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/177431

Trust: 0.6

title:Patch for MiniWeb Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/177429

Trust: 0.6

sources: CNVD: CNVD-2011-5111 // CNVD: CNVD-2011-5109

EXTERNAL IDS

db:BIDid:50827

Trust: 2.1

db:CNVDid:CNVD-2011-5111

Trust: 0.8

db:CNVDid:CNVD-2011-5109

Trust: 0.8

db:CNNVDid:CNNVD-201111-479

Trust: 0.6

db:IVDid:9AC98712-1F7D-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:9D778914-1F7D-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 9ac98712-1f7d-11e6-abef-000c29c66e3d // IVD: 9d778914-1f7d-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5111 // CNVD: CNVD-2011-5109 // BID: 50827 // CNNVD: CNNVD-201111-479

REFERENCES

url:http://www.securityfocus.com/bid/50827

Trust: 1.8

url:http://sourceforge.net/projects/miniweb

Trust: 0.3

url:http://aluigi.altervista.org/adv/winccflex_1-adv.txt

Trust: 0.3

url:http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/pages/default.aspx

Trust: 0.3

sources: CNVD: CNVD-2011-5111 // CNVD: CNVD-2011-5109 // BID: 50827 // CNNVD: CNNVD-201111-479

CREDITS

Luigi Auriemma

Trust: 0.9

sources: BID: 50827 // CNNVD: CNNVD-201111-479

SOURCES

db:IVDid:9ac98712-1f7d-11e6-abef-000c29c66e3d
db:IVDid:9d778914-1f7d-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-5111
db:CNVDid:CNVD-2011-5109
db:BIDid:50827
db:CNNVDid:CNNVD-201111-479

LAST UPDATE DATE

2022-05-17T02:10:24.229000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-5111date:2019-08-28T00:00:00
db:CNVDid:CNVD-2011-5109date:2019-08-28T00:00:00
db:BIDid:50827date:2012-05-31T22:20:00
db:CNNVDid:CNNVD-201111-479date:2011-11-30T00:00:00

SOURCES RELEASE DATE

db:IVDid:9ac98712-1f7d-11e6-abef-000c29c66e3ddate:2011-12-05T00:00:00
db:IVDid:9d778914-1f7d-11e6-abef-000c29c66e3ddate:2011-12-05T00:00:00
db:CNVDid:CNVD-2011-5111date:2011-12-05T00:00:00
db:CNVDid:CNVD-2011-5109date:2011-12-05T00:00:00
db:BIDid:50827date:2011-11-28T00:00:00
db:CNNVDid:CNNVD-201111-479date:1900-01-01T00:00:00