CVE-2010-4732 - OpenCVE

cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to execute arbitrary code by using a config.html 2.conf action to replace the logo page's GIF image file with a file containing this code, a different vulnerability than CVE-2009-4463.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Intellicom	Netbiter Easyconnect Ec150 Netbiter Serial Ethernet Server Ss100 Netbiter Nb200 Netbiter Nb100 Netbiter Webscada Ws200 Netbiter Modbus Rtu-tcp Gateway Mb100 Netbiter Webscada Ws100

Configuration 1 [-]

AND

OR	cpe:2.3:h:intellicom:netbiter_easyconnect_ec150::::::::
	cpe:2.3:h:intellicom:netbiter_modbus_rtu-tcp_gateway_mb100::::::::
	cpe:2.3:h:intellicom:netbiter_serial_ethernet_server_ss100::::::::
	cpe:2.3:h:intellicom:netbiter_webscada_ws100::::::::
	cpe:2.3:h:intellicom:netbiter_webscada_ws200::::::::

OR	cpe:2.3:h:intellicom:netbiter_nb100::::::::
	cpe:2.3:h:intellicom:netbiter_nb200::::::::

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2010-10/0002.html	Exploit
http://www.kb.cert.org/vuls/id/114560	US Government Resource
http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf	US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:21:05

Updated: 2022-10-03T16:21:05

Reserved: 2022-10-03T00:00:00

Link: CVE-2010-4732

JSON object: View

NVD Information

Status : Analyzed

Published: 2011-02-15T01:00:01.727

Modified: 2011-02-15T05:00:00.000

Link: CVE-2010-4732

JSON object: View

Redhat Information

No data.

CWE

CWE-94

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to execute arbitrary code by using a config.html 2.conf action to replace the logo page's GIF image file with a file containing this code, a different vulnerability than CVE-2009-4463."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:21:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "VU#114560", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/114560"}, {"tags": ["x_refsource_MISC"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf"}, {"name": "20101001 [STANKOINFORMZASCHITA-10-01] Netbiter, webSCADA multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2010-10/0002.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-4732", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to execute arbitrary code by using a config.html 2.conf action to replace the logo page's GIF image file with a file containing this code, a different vulnerability than CVE-2009-4463."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "VU#114560", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/114560"}, {"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf", "refsource": "MISC", "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf"}, {"name": "20101001 [STANKOINFORMZASCHITA-10-01] Netbiter, webSCADA multiple vulnerabilities", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2010-10/0002.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-4732", "datePublished": "2022-10-03T16:21:05", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:21:05", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:intellicom:netbiter_easyconnect_ec150:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC537D95-3DCD-4FD8-9CCE-61F70A818F4C", "vulnerable": true}, {"criteria": "cpe:2.3:h:intellicom:netbiter_modbus_rtu-tcp_gateway_mb100:*:*:*:*:*:*:*:*", "matchCriteriaId": "4DBABB5F-235A-427D-B13E-7DCBFE7A4337", "vulnerable": true}, {"criteria": "cpe:2.3:h:intellicom:netbiter_serial_ethernet_server_ss100:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFD64BF7-5945-4CDE-84E3-D872081CB42F", "vulnerable": true}, {"criteria": "cpe:2.3:h:intellicom:netbiter_webscada_ws100:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCD25C93-C0EE-4EFD-8066-53CE3840BF1B", "vulnerable": true}, {"criteria": "cpe:2.3:h:intellicom:netbiter_webscada_ws200:*:*:*:*:*:*:*:*", "matchCriteriaId": "01FE6CE4-81D4-47B9-A859-92E267712B49", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intellicom:netbiter_nb100:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD774110-E3E9-4A65-9B8D-5A62B0AEB410", "vulnerable": true}, {"criteria": "cpe:2.3:h:intellicom:netbiter_nb200:*:*:*:*:*:*:*:*", "matchCriteriaId": "769218F4-5A0A-42E6-8DB4-F133AF5741E8", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to execute arbitrary code by using a config.html 2.conf action to replace the logo page's GIF image file with a file containing this code, a different vulnerability than CVE-2009-4463."}, {"lang": "es", "value": "cgi-bin/read.cgi en WebSCADA WS100 y WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, y Serial Ethernet Server SS100 en el IntelliCom NetBiter NB100 y plataformas NB200 permite a administradores autenticados de forma remota ejecutar c\u00f3digo de su elecci\u00f3n usando la acci\u00f3n config.html 2.conf para reemplazar el logo de la p\u00e1gina principal que es una imagen GIF por un archivo que contiene este c\u00f3digo, una vulnerabilidad distinta que CVE-2009-4463."}], "id": "CVE-2010-4732", "lastModified": "2011-02-15T05:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-02-15T01:00:01.727", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2010-10/0002.html"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/114560"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}