Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the page parameter, a different vulnerability than CVE-2009-4463.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/bugtraq/2010-10/0002.html | Exploit |
http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf | US Government Resource |
http://www.kb.cert.org/vuls/id/114560 | US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2011-02-14 17:00
Updated : 2011-02-14 21:00
NVD link : CVE-2010-4730
Mitre link : CVE-2010-4730
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
intellicom
- netbiter_easyconnect_ec150
- netbiter_nb100
- netbiter_nb200
- netbiter_webscada_ws200
- netbiter_serial_ethernet_server_ss100
- netbiter_webscada_ws100
- netbiter_modbus_rtu-tcp_gateway_mb100