製品・ソフトウェアに関する情報

JVN脆弱性詳細

複数の IntelliCom 製品の cgi-bin/read.cgi における任意のコードを実行される脆弱性

Title	複数の IntelliCom 製品の cgi-bin/read.cgi における任意のコードを実行される脆弱性
Summary	IntelliCom NetBiter NB100 and NB200 プラットフォーム上で稼働する、複数の IntelliCom 製品の cgi-bin/read.cgi には、任意のコードを実行される脆弱性が存在します。本脆弱性は、CVE-2009-4463 とは異なる脆弱性です。
Possible impacts	リモート認証されたユーザは、config.html の 2.conf アクションを使用し、ロゴページの GIF イメージファイルを当該コードを含むファイルに置き換える事により、任意のコードを実行される可能性があります。
Solution	ベンダ情報及び参考情報を参照して適切な対策を実施してください。
Publication Date	Feb. 15, 2011, midnight
Registration Date	June 6, 2011, 2:44 p.m.
Last Update	June 6, 2011, 2:44 p.m.

Affected System

IntelliCom Innovation AB

Netbiter Easy Connect EC150

Netbiter Modbus RTU - TCP Gateway MB100

Netbiter Serial Ethernet Server SS100

Netbiter webSCADA WS100

Netbiter webSCADA WS200

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-4732	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4732
National Vulnerability Database (NVD)
2	CVE-2010-4732	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4732

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-94	https://jvndb.jvn.jp/ja/cwe/CWE-94.html

ベンダー情報

No	Name	URL
IntelliCom
1	Top Page	http://support.intellicom.se

その他

No	Name	URL
ICS-CERT ADVISORY
1	ICSA-10-316-01A	http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf
JVN
2	JVNVU#114560	http://jvn.jp/cert/JVNVU114560
US-CERT Vulnerability Note
3	VU#114560	http://www.kb.cert.org/vuls/id/114560

Change Log

No	Changed Details	Date of change
0	[2011年06月06日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-4732

Summary	cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to execute arbitrary code by using a config.html 2.conf action to replace the logo page's GIF image file with a file containing this code, a different vulnerability than CVE-2009-4463.
Publication Date	Feb. 15, 2011, 10 a.m.
Registration Date	Jan. 29, 2021, 11:09 a.m.
Last Update	Nov. 21, 2024, 10:21 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:h:intellicom:netbiter_easyconnect_ec150::::::::
cpe:2.3:h:intellicom:netbiter_modbus_rtu-tcp_gateway_mb100::::::::
cpe:2.3:h:intellicom:netbiter_serial_ethernet_server_ss100::::::::
cpe:2.3:h:intellicom:netbiter_webscada_ws100::::::::
cpe:2.3:h:intellicom:netbiter_webscada_ws200::::::::
cpe:2.3:h:intellicom:netbiter_nb100::::::::
cpe:2.3:h:intellicom:netbiter_nb200::::::::

Related information, measures and tools

No	URL	タグ
1	http://archives.neohapsis.com/archives/bugtraq/2010-10/0002.html	Exploit
2	http://www.kb.cert.org/vuls/id/114560	US Government Resource
3	http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf	US Government Resource
4	http://archives.neohapsis.com/archives/bugtraq/2010-10/0002.html	Exploit
5	http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf	US Government Resource
6	http://www.kb.cert.org/vuls/id/114560	US Government Resource

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-94	コード・インジェクション	https://cwe.mitre.org/data/definitions/94.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:h:intellicom:netbiter_easyconnect_ec150::::::::
cpe:2.3:h:intellicom:netbiter_modbus_rtu-tcp_gateway_mb100::::::::
cpe:2.3:h:intellicom:netbiter_serial_ethernet_server_ss100::::::::
cpe:2.3:h:intellicom:netbiter_webscada_ws100::::::::
cpe:2.3:h:intellicom:netbiter_webscada_ws200::::::::
cpe:2.3:h:intellicom:netbiter_nb100::::::::
cpe:2.3:h:intellicom:netbiter_nb200::::::::