Details of VAR-201201-0187

ID

VAR-201201-0187

CVE

CVE-2011-4873

TITLE

atvise Remote Denial of Service Vulnerability

Trust: 1.1

sources: IVD: 3349f4de-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0201 // BID: 51553

DESCRIPTION

Unspecified vulnerability in the server in Certec EDV atvise before 2.1 allows remote attackers to cause a denial of service (daemon crash) via crafted requests to TCP port 4840. Atvise is an HMI and SCADA solution. atvise is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause the affected application to crash, denying service to legitimate users. atvise versions prior to 2.1 are vulnerable. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: atvise Unspecified Denial of Service Vulnerability SECUNIA ADVISORY ID: SA47638 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47638/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47638 RELEASE DATE: 2012-01-19 DISCUSS ADVISORY: http://secunia.com/advisories/47638/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47638/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47638 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has reported a vulnerability in atvise, which can be exploited by malicious people to cause a DoS (Denial of Service). PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: Luigi Auriemma: http://aluigi.altervista.org/adv/atvise_1-adv.txt ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-018-02.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2011-4873 // JVNDB: JVNDB-2012-001159 // CNVD: CNVD-2012-0201 // BID: 51553 // IVD: 3349f4de-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52818 // PACKETSTORM: 108927

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 3349f4de-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0201

AFFECTED PRODUCTS

vendor:	atvise	model:	atvise	scope:	lte	version:	2.0.0.3291	Trust: 1.0
vendor:	atvise	model:	atvise	scope:	eq	version:	0	Trust: 0.9
vendor:	certec edv	model:	atvise	scope:	lt	version:	2.1	Trust: 0.8
vendor:	atvise	model:	atvise	scope:	eq	version:	2.0.0.3291	Trust: 0.6
vendor:	atvise	model:	atvise	scope:	ne	version:	2.1	Trust: 0.3
vendor:	atvise	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 3349f4de-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0201 // BID: 51553 // JVNDB: JVNDB-2012-001159 // CNNVD: CNNVD-201201-303 // NVD: CVE-2011-4873

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-4873
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-4873
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201201-303
value:	MEDIUM
Trust: 0.6
IVD:	3349f4de-2354-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-52818
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-4873
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	3349f4de-2354-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-52818
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 3349f4de-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52818 // JVNDB: JVNDB-2012-001159 // CNNVD: CNNVD-201201-303 // NVD: CVE-2011-4873

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2011-4873

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201201-303

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201201-303

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001159

PATCH

title:	Top Page	url:	http://www.atvise.com/	Trust: 0.8
title:	Atvise remote denial of service vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/7712	Trust: 0.6

sources: CNVD: CNVD-2012-0201 // JVNDB: JVNDB-2012-001159

EXTERNAL IDS

db:	NVD	id:	CVE-2011-4873	Trust: 3.6
db:	ICS CERT	id:	ICSA-12-018-02	Trust: 3.5
db:	BID	id:	51553	Trust: 2.0
db:	SECUNIA	id:	47638	Trust: 1.9
db:	CNNVD	id:	CNNVD-201201-303	Trust: 0.9
db:	CNVD	id:	CNVD-2012-0201	Trust: 0.8
db:	JVNDB	id:	JVNDB-2012-001159	Trust: 0.8
db:	IVD	id:	3349F4DE-2354-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-52818	Trust: 0.1
db:	PACKETSTORM	id:	108927	Trust: 0.1

sources: IVD: 3349f4de-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0201 // VULHUB: VHN-52818 // BID: 51553 // JVNDB: JVNDB-2012-001159 // PACKETSTORM: 108927 // CNNVD: CNNVD-201201-303 // NVD: CVE-2011-4873

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/icsa-12-018-02.pdf	Trust: 3.5
url:	http://aluigi.altervista.org/adv/atvise_1-adv.txt	Trust: 1.8
url:	http://www.securityfocus.com/bid/51553	Trust: 1.7
url:	http://secunia.com/advisories/47638	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4873	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4873	Trust: 0.8
url:	http://www.atvise.com	Trust: 0.3
url:	http://secunia.com/advisories/47638/	Trust: 0.1
url:	http://secunia.com/company/jobs/	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/advisories/47638/#comments	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=47638	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2012-0201 // VULHUB: VHN-52818 // BID: 51553 // JVNDB: JVNDB-2012-001159 // PACKETSTORM: 108927 // CNNVD: CNNVD-201201-303 // NVD: CVE-2011-4873

CREDITS

Luigi Auriemma

Trust: 0.9

sources: BID: 51553 // CNNVD: CNNVD-201201-303

SOURCES

db:	IVD	id:	3349f4de-2354-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2012-0201
db:	VULHUB	id:	VHN-52818
db:	BID	id:	51553
db:	JVNDB	id:	JVNDB-2012-001159
db:	PACKETSTORM	id:	108927
db:	CNNVD	id:	CNNVD-201201-303
db:	NVD	id:	CVE-2011-4873

LAST UPDATE DATE

2024-08-14T15:19:26.438000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-0201	date:	2012-01-30T00:00:00
db:	VULHUB	id:	VHN-52818	date:	2012-01-20T00:00:00
db:	BID	id:	51553	date:	2012-01-18T00:00:00
db:	JVNDB	id:	JVNDB-2012-001159	date:	2012-01-24T00:00:00
db:	CNNVD	id:	CNNVD-201201-303	date:	2012-01-30T00:00:00
db:	NVD	id:	CVE-2011-4873	date:	2012-01-20T16:19:26.660

SOURCES RELEASE DATE

db:	IVD	id:	3349f4de-2354-11e6-abef-000c29c66e3d	date:	2012-01-30T00:00:00
db:	CNVD	id:	CNVD-2012-0201	date:	2012-01-30T00:00:00
db:	VULHUB	id:	VHN-52818	date:	2012-01-19T00:00:00
db:	BID	id:	51553	date:	2012-01-18T00:00:00
db:	JVNDB	id:	JVNDB-2012-001159	date:	2012-01-24T00:00:00
db:	PACKETSTORM	id:	108927	date:	2012-01-22T04:20:50
db:	CNNVD	id:	CNNVD-201201-303	date:	1900-01-01T00:00:00
db:	NVD	id:	CVE-2011-4873	date:	2012-01-19T15:55:00.880