Sign-up

ID

VAR-201310-0394


CVE

CVE-2013-5967


TITLE

AlienVault Open Source Security Information Management In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-004570

DESCRIPTION

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-iso27001-A11AccessControl-pot.php, (4) radar-iso27001-A10Com_OP_Mgnt-pot.php, or (5) radar-pci-potential.php in RadarReport/. (1) radar-iso27001-potential.php (2) radar-iso27001-A12IS_acquisition-pot.php (3) radar-iso27001-A11AccessControl-pot.php (4) radar-iso27001-A10Com_OP_Mgnt-pot.php (5) radar-pci-potential.php. The Triangle Research Nano-10 PLC is a controller for automated manufacturing. The Triangle Research Nano-10 PLC has a remote denial of service attack when processing specially crafted messages, allowing remote attackers to crash applications. This vulnerability can be triggered when the firmware is processing a special length (over 0x200) MODBUS TCP message on TCP port 502. Open Source SIEM (OSSIM) is prone to multiple SQL-injection vulnerabilities. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Open Source SIEM (OSSIM) 4.3.0 and prior are vulnerable

Trust: 2.61

sources: NVD: CVE-2013-5967 // JVNDB: JVNDB-2013-004570 // CNVD: CNVD-2013-13485 // BID: 62790 // IVD: 53d04baa-1f07-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 53d04baa-1f07-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13485

AFFECTED PRODUCTS

vendor:alienvaultmodel:open source security information managementscope:lteversion:4.3

Trust: 1.8

vendor:alienvaultmodel:open source security information managementscope:eqversion:1.0.6

Trust: 1.6

vendor:alienvaultmodel:open source security information managementscope:eqversion:2.1.5

Trust: 1.6

vendor:alienvaultmodel:open source security information managementscope:eqversion:2.1.5-1

Trust: 1.6

vendor:alienvaultmodel:open source security information managementscope:eqversion:4.0.4

Trust: 1.6

vendor:alienvaultmodel:open source security information managementscope:eqversion:2.1

Trust: 1.6

vendor:alienvaultmodel:open source security information managementscope:eqversion:2.1.5-2

Trust: 1.6

vendor:alienvaultmodel:open source security information managementscope:eqversion:1.0.4

Trust: 1.6

vendor:alienvaultmodel:open source security information managementscope:eqversion:2.1.5-3

Trust: 1.6

vendor:alienvaultmodel:open source security information managementscope:eqversion:3.1

Trust: 1.6

vendor:alienvaultmodel:open source security information managementscope:eqversion:4.2.2

Trust: 1.0

vendor:alienvaultmodel:open source security information managementscope:eqversion:4.1.2

Trust: 1.0

vendor:alienvaultmodel:open source security information managementscope:eqversion:4.2.3

Trust: 1.0

vendor:alienvaultmodel:open source security information managementscope:eqversion:3.1.12

Trust: 1.0

vendor:alienvaultmodel:open source security information managementscope:eqversion:2.1.2

Trust: 1.0

vendor:alienvaultmodel:open source security information managementscope:eqversion:4.0.3

Trust: 1.0

vendor:alienvaultmodel:open source security information managementscope:eqversion:3.1.9

Trust: 1.0

vendor:alienvaultmodel:open source security information managementscope:eqversion:3.1.10

Trust: 1.0

vendor:alienvaultmodel:open source security information managementscope:eqversion:4.1

Trust: 1.0

vendor:alienvaultmodel:open source security information managementscope:eqversion:4.1.3

Trust: 1.0

vendor:alienvaultmodel:open source security information managementscope:eqversion:4.2

Trust: 1.0

vendor:trianglemodel:research international inc nano-10 plc r81scope:ltversion: -

Trust: 0.8

vendor:alienvaultmodel:open source security information managementscope:eqversion:4.3

Trust: 0.6

vendor:alienvaultmodel:open source siemscope:eqversion:4.0.2

Trust: 0.3

vendor:alienvaultmodel:open source siemscope:eqversion:4.3.0

Trust: 0.3

vendor:alienvaultmodel:open source siemscope:eqversion:4.2.3

Trust: 0.3

vendor:alienvaultmodel:open source siemscope:eqversion:4.1.2

Trust: 0.3

vendor:alienvaultmodel:open source siemscope:eqversion:4.1

Trust: 0.3

vendor:alienvaultmodel:open source siemscope:eqversion:4.0

Trust: 0.3

vendor:alienvaultmodel:open source siemscope:eqversion:3.1

Trust: 0.3

sources: IVD: 53d04baa-1f07-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13485 // BID: 62790 // JVNDB: JVNDB-2013-004570 // CNNVD: CNNVD-201310-130 // NVD: CVE-2013-5967

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5967
value: HIGH

Trust: 1.0

NVD: CVE-2013-5967
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-13485
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201310-130
value: HIGH

Trust: 0.6

IVD: 53d04baa-1f07-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2013-5967
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-13485
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 53d04baa-1f07-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 53d04baa-1f07-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13485 // JVNDB: JVNDB-2013-004570 // CNNVD: CNNVD-201310-130 // NVD: CVE-2013-5967

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.8

sources: JVNDB: JVNDB-2013-004570 // NVD: CVE-2013-5967

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-130

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201310-130

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004570

PATCH
title:OSSIM: Open Source SIEMurl:http://www.alienvault.com/open-threat-exchange/projects
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004570

EXTERNAL IDS
db:NVDid:CVE-2013-5967
Trust: 2.7
db:BIDid:62790
Trust: 2.7
db:OSVDBid:98052
Trust: 1.6
db:CNVDid:CNVD-2013-13485
Trust: 0.8
db:JVNDBid:JVNDB-2013-004570
Trust: 0.8
db:CNNVDid:CNNVD-201310-130
Trust: 0.6
db:IVDid:53D04BAA-1F07-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: 53d04baa-1f07-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-13485 // 
            
            
            
            BID: 62790 // 
            
            
            
            JVNDB: JVNDB-2013-004570 // 
            
            
            
            CNNVD: CNNVD-201310-130 // 
            
            
            
            NVD: CVE-2013-5967

REFERENCES
url:http://www.securityfocus.com/bid/62790
Trust: 1.6
url:http://osvdb.org/ref/97/ossim-sql.txt
Trust: 1.6
url:http://osvdb.org/98052
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5967
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5967
Trust: 0.8
url:http://www.securityfocus.com/bid/62790/info
Trust: 0.8
url:http://osvdb.org/ref/97/tri-nano10.txt
Trust: 0.6
url:http://www.alienvault.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-13485 // 
            
            
            
            BID: 62790 // 
            
            
            
            JVNDB: JVNDB-2013-004570 // 
            
            
            
            CNNVD: CNNVD-201310-130 // 
            
            
            
            NVD: CVE-2013-5967

CREDITS
Yu-Chi Ding
Trust: 0.3
sources:
            
            
            BID: 62790

SOURCES
db:IVDid:53d04baa-1f07-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-13485
db:BIDid:62790
db:JVNDBid:JVNDB-2013-004570
db:CNNVDid:CNNVD-201310-130
db:NVDid:CVE-2013-5967

LAST UPDATE DATE
2024-11-23T21:55:30.770000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-13485date:2013-10-09T00:00:00
db:BIDid:62790date:2013-10-02T00:00:00
db:JVNDBid:JVNDB-2013-004570date:2013-10-11T00:00:00
db:CNNVDid:CNNVD-201310-130date:2013-10-12T00:00:00
db:NVDid:CVE-2013-5967date:2024-11-21T01:58:30.967

SOURCES RELEASE DATE
db:IVDid:53d04baa-1f07-11e6-abef-000c29c66e3ddate:2013-10-09T00:00:00
db:CNVDid:CNVD-2013-13485date:2013-10-09T00:00:00
db:BIDid:62790date:2013-10-02T00:00:00
db:JVNDBid:JVNDB-2013-004570date:2013-10-11T00:00:00
db:CNNVDid:CNNVD-201310-130date:2013-10-10T00:00:00
db:NVDid:CVE-2013-5967date:2013-10-09T14:54:26.810