Details of VAR-190001-0517

ID

VAR-190001-0517

TITLE

MiniWeb Directory Traversal Vulnerability

Trust: 0.8

sources: IVD: 9ac98712-1f7d-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5111

DESCRIPTION

MiniWeb is a micro Web Server developed for embedded applications written in C-voice. MiniWeb has a denial of service vulnerability. An attacker could exploit the vulnerability to cause the server to crash

Trust: 1.71

sources: CNVD: CNVD-2011-5111 // CNVD: CNVD-2011-5109 // BID: 50827 // IVD: 9ac98712-1f7d-11e6-abef-000c29c66e3d // IVD: 9d778914-1f7d-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.6

sources: IVD: 9ac98712-1f7d-11e6-abef-000c29c66e3d // IVD: 9d778914-1f7d-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5111 // CNVD: CNVD-2011-5109

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic wincc flexible runtime	scope:	eq	version:	0	Trust: 1.5
vendor:	stanley	model:	huang miniweb	scope:	eq	version:	0	Trust: 1.5
vendor:	siemens	model:	simatic wincc flexible sp2	scope:	eq	version:	2008	Trust: 1.5
vendor:	siemens	model:	simatic wincc flexible runtime stanley huang miniweb	scope:	eq	version:	00*	Trust: 0.4
vendor:	siemens	model:	simatic wincc flexible sp2	scope:	eq	version:	2008*	Trust: 0.4

sources: IVD: 9ac98712-1f7d-11e6-abef-000c29c66e3d // IVD: 9d778914-1f7d-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5111 // CNVD: CNVD-2011-5109 // BID: 50827

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD:	9ac98712-1f7d-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
IVD:	9d778914-1f7d-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

IVD:	9ac98712-1f7d-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2
IVD:	9d778914-1f7d-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2

sources: IVD: 9ac98712-1f7d-11e6-abef-000c29c66e3d // IVD: 9d778914-1f7d-11e6-abef-000c29c66e3d

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201111-479

TYPE

Unknown

Trust: 0.3

sources: BID: 50827

PATCH

title:	Patch for MiniWeb Directory Traversal Vulnerability	url:	https://www.cnvd.org.cn/patchinfo/show/177431	Trust: 0.6
title:	Patch for MiniWeb Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchinfo/show/177429	Trust: 0.6

sources: CNVD: CNVD-2011-5111 // CNVD: CNVD-2011-5109

EXTERNAL IDS

db:	BID	id:	50827	Trust: 2.1
db:	CNVD	id:	CNVD-2011-5111	Trust: 0.8
db:	CNVD	id:	CNVD-2011-5109	Trust: 0.8
db:	CNNVD	id:	CNNVD-201111-479	Trust: 0.6
db:	IVD	id:	9AC98712-1F7D-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	9D778914-1F7D-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 9ac98712-1f7d-11e6-abef-000c29c66e3d // IVD: 9d778914-1f7d-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5111 // CNVD: CNVD-2011-5109 // BID: 50827 // CNNVD: CNNVD-201111-479

REFERENCES

url:	http://www.securityfocus.com/bid/50827	Trust: 1.8
url:	http://sourceforge.net/projects/miniweb	Trust: 0.3
url:	http://aluigi.altervista.org/adv/winccflex_1-adv.txt	Trust: 0.3
url:	http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/pages/default.aspx	Trust: 0.3

sources: CNVD: CNVD-2011-5111 // CNVD: CNVD-2011-5109 // BID: 50827 // CNNVD: CNNVD-201111-479

CREDITS

Luigi Auriemma

Trust: 0.9

sources: BID: 50827 // CNNVD: CNNVD-201111-479

SOURCES

db:	IVD	id:	9ac98712-1f7d-11e6-abef-000c29c66e3d
db:	IVD	id:	9d778914-1f7d-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2011-5111
db:	CNVD	id:	CNVD-2011-5109
db:	BID	id:	50827
db:	CNNVD	id:	CNNVD-201111-479

LAST UPDATE DATE

2022-05-17T02:10:24.229000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-5111	date:	2019-08-28T00:00:00
db:	CNVD	id:	CNVD-2011-5109	date:	2019-08-28T00:00:00
db:	BID	id:	50827	date:	2012-05-31T22:20:00
db:	CNNVD	id:	CNNVD-201111-479	date:	2011-11-30T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	9ac98712-1f7d-11e6-abef-000c29c66e3d	date:	2011-12-05T00:00:00
db:	IVD	id:	9d778914-1f7d-11e6-abef-000c29c66e3d	date:	2011-12-05T00:00:00
db:	CNVD	id:	CNVD-2011-5111	date:	2011-12-05T00:00:00
db:	CNVD	id:	CNVD-2011-5109	date:	2011-12-05T00:00:00
db:	BID	id:	50827	date:	2011-11-28T00:00:00
db:	CNNVD	id:	CNNVD-201111-479	date:	1900-01-01T00:00:00