ID

VAR-201305-0006


CVE

CVE-2011-4518


TITLE

MICROSYS PROMOTIC Directory Traversal Vulnerability

Trust: 0.8

sources: IVD: ef3a1f72-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-06169

DESCRIPTION

Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors. PROMOTIC is a SCADA software. A directory traversal vulnerability exists in MICROSYS PROMOTIC. PROMOTIC is prone to multiple security vulnerabilities. Exploiting these issues may allow remote attackers to execute arbitrary code within the context of the affected application or disclose sensitive information. PROMOTIC 8.1.3 is vulnerable; other versions may also be affected

Trust: 2.61

sources: NVD: CVE-2011-4518 // JVNDB: JVNDB-2011-005230 // CNVD: CNVD-2013-06169 // BID: 50133 // IVD: ef3a1f72-2352-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: ef3a1f72-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-06169

AFFECTED PRODUCTS

vendor:microsysmodel:promoticscope:eqversion:8.0.6

Trust: 1.6

vendor:microsysmodel:promoticscope:eqversion:8.1.0

Trust: 1.6

vendor:microsysmodel:promoticscope:eqversion:8.0.7

Trust: 1.6

vendor:microsysmodel:promoticscope:eqversion:8.0.8

Trust: 1.6

vendor:microsysmodel:promoticscope:eqversion:8.1.1

Trust: 1.6

vendor:microsysmodel:promoticscope:eqversion:8.1.3

Trust: 1.6

vendor:microsysmodel:promoticscope:eqversion:8.0.5

Trust: 1.6

vendor:microsysmodel:promoticscope:eqversion:8.0.9

Trust: 1.6

vendor:microsysmodel:promoticscope:eqversion:8.1.2

Trust: 1.6

vendor:microsysmodel:promoticscope:eqversion:8.0.2

Trust: 1.0

vendor:microsysmodel:promoticscope:eqversion:8.0.1

Trust: 1.0

vendor:microsysmodel:promoticscope:lteversion:8.1.4

Trust: 1.0

vendor:microsysmodel:promoticscope:eqversion:8.0.10

Trust: 1.0

vendor:microsysmodel:promoticscope:eqversion:8.0.4

Trust: 1.0

vendor:microsysmodel:promoticscope:eqversion:8.0.0

Trust: 1.0

vendor:microsysmodel:promoticscope:eqversion:8.0.12

Trust: 1.0

vendor:microsysmodel:promoticscope:eqversion:8.0.13

Trust: 1.0

vendor:microsysmodel:promoticscope:eqversion:8.0.11

Trust: 1.0

vendor:microsysmodel:promoticscope:eqversion:8.0.3

Trust: 1.0

vendor:microsysmodel:promoticscope:ltversion:8.1.5

Trust: 0.8

vendor:microsysmodel:spol. s r.o. promoticscope:eqversion:8.1.4

Trust: 0.6

vendor:microsysmodel:spol. s r.o. promoticscope:eqversion:8.1.3

Trust: 0.6

vendor:microsysmodel:promoticscope:eqversion:8.1.4

Trust: 0.6

vendor:promoticmodel:promoticscope:eqversion:8.1.3

Trust: 0.3

vendor:promoticmodel: - scope:eqversion:8.0.0

Trust: 0.2

vendor:promoticmodel: - scope:eqversion:8.0.1

Trust: 0.2

vendor:promoticmodel: - scope:eqversion:8.0.2

Trust: 0.2

vendor:promoticmodel: - scope:eqversion:8.0.3

Trust: 0.2

vendor:promoticmodel: - scope:eqversion:8.0.4

Trust: 0.2

vendor:promoticmodel: - scope:eqversion:8.0.5

Trust: 0.2

vendor:promoticmodel: - scope:eqversion:8.0.6

Trust: 0.2

vendor:promoticmodel: - scope:eqversion:8.0.7

Trust: 0.2

vendor:promoticmodel: - scope:eqversion:8.0.8

Trust: 0.2

vendor:promoticmodel: - scope:eqversion:8.0.9

Trust: 0.2

vendor:promoticmodel: - scope:eqversion:8.0.10

Trust: 0.2

vendor:promoticmodel: - scope:eqversion:8.0.11

Trust: 0.2

vendor:promoticmodel: - scope:eqversion:8.0.12

Trust: 0.2

vendor:promoticmodel: - scope:eqversion:8.0.13

Trust: 0.2

vendor:promoticmodel: - scope:eqversion:8.1.0

Trust: 0.2

vendor:promoticmodel: - scope:eqversion:8.1.1

Trust: 0.2

vendor:promoticmodel: - scope:eqversion:8.1.2

Trust: 0.2

vendor:promoticmodel: - scope:eqversion:8.1.3

Trust: 0.2

vendor:promoticmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: ef3a1f72-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-06169 // BID: 50133 // JVNDB: JVNDB-2011-005230 // CNNVD: CNNVD-201205-482 // NVD: CVE-2011-4518

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4518
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-4518
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-06169
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201205-482
value: MEDIUM

Trust: 0.6

IVD: ef3a1f72-2352-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2011-4518
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-06169
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: ef3a1f72-2352-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: ef3a1f72-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-06169 // JVNDB: JVNDB-2011-005230 // CNNVD: CNNVD-201205-482 // NVD: CVE-2011-4518

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2011-005230 // NVD: CVE-2011-4518

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201205-482

TYPE

Path traversal

Trust: 0.8

sources: IVD: ef3a1f72-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201205-482

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-005230

PATCH

title:Version 8.1.5 (from 28.11.2011) - stable versionurl:http://www.promotic.eu/en/pmdoc/News.htm#ver80105

Trust: 0.8

title:MICROSYS PROMOTIC directory traversal vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/34283

Trust: 0.6

sources: CNVD: CNVD-2013-06169 // JVNDB: JVNDB-2011-005230

EXTERNAL IDS

db:NVDid:CVE-2011-4518

Trust: 3.2

db:ICS CERTid:ICSA-12-024-02

Trust: 2.7

db:BIDid:50133

Trust: 1.5

db:CNVDid:CNVD-2013-06169

Trust: 0.8

db:CNNVDid:CNNVD-201205-482

Trust: 0.8

db:JVNDBid:JVNDB-2011-005230

Trust: 0.8

db:IVDid:EF3A1F72-2352-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: ef3a1f72-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-06169 // BID: 50133 // JVNDB: JVNDB-2011-005230 // CNNVD: CNNVD-201205-482 // NVD: CVE-2011-4518

REFERENCES

url:http://www.promotic.eu/en/pmdoc/news.htm#ver80105

Trust: 2.5

url:http://ics-cert.us-cert.gov/advisories/icsa-12-024-02

Trust: 2.4

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4518

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4518

Trust: 0.8

url:http://www.securityfocus.com/bid/50133

Trust: 0.6

url:http://www.promotic.eu/en/promotic/scada-pm.htm

Trust: 0.3

url:http://aluigi.altervista.org/adv/promotic_1-adv.txt

Trust: 0.3

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-024-02.pdf

Trust: 0.3

sources: CNVD: CNVD-2013-06169 // BID: 50133 // JVNDB: JVNDB-2011-005230 // CNNVD: CNNVD-201205-482 // NVD: CVE-2011-4518

CREDITS

Luigi Auriemma

Trust: 0.9

sources: BID: 50133 // CNNVD: CNNVD-201205-482

SOURCES

db:IVDid:ef3a1f72-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-06169
db:BIDid:50133
db:JVNDBid:JVNDB-2011-005230
db:CNNVDid:CNNVD-201205-482
db:NVDid:CVE-2011-4518

LAST UPDATE DATE

2024-08-14T14:21:21.605000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-06169date:2013-05-28T00:00:00
db:BIDid:50133date:2011-10-14T00:00:00
db:JVNDBid:JVNDB-2011-005230date:2013-05-27T00:00:00
db:CNNVDid:CNNVD-201205-482date:2013-05-24T00:00:00
db:NVDid:CVE-2011-4518date:2013-06-03T04:00:00

SOURCES RELEASE DATE

db:IVDid:ef3a1f72-2352-11e6-abef-000c29c66e3ddate:2013-05-28T00:00:00
db:CNVDid:CNVD-2013-06169date:2013-05-28T00:00:00
db:BIDid:50133date:2011-10-14T00:00:00
db:JVNDBid:JVNDB-2011-005230date:2013-05-27T00:00:00
db:CNNVDid:CNNVD-201205-482date:1900-01-01T00:00:00
db:NVDid:CVE-2011-4518date:2013-05-23T17:55:02.807