mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
73 lines
2.4 KiB
JSON
73 lines
2.4 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "ics-cert@hq.dhs.gov",
|
|
"DATE_PUBLIC": "2017-03-23T00:00:00",
|
|
"ID": "CVE-2017-6020",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "LAquis SCADA software",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "versions prior to version 4.1.0.3237"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "LCDS - Le\u00c3\u00a3o Consultoria e Desenvolvimento de Sistemas LTDA ME"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Path traversal CWE-22"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "42885",
|
|
"refsource": "EXPLOIT-DB",
|
|
"url": "https://www.exploit-db.com/exploits/42885/"
|
|
},
|
|
{
|
|
"name": "97055",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/97055"
|
|
},
|
|
{
|
|
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01",
|
|
"refsource": "MISC",
|
|
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01"
|
|
}
|
|
]
|
|
}
|
|
} |