CVE-2009-0214

Unspecified vulnerability in the WebFGServer application in AREVA e-terrahabitat 5.7 and earlier allows remote authenticated users to gain privileges via unknown vectors, aka PD32022.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/33837
http://www.kb.cert.org/vuls/id/337569	US Government Resource
http://www.scada-security.com/vulnerabilities/areva1.html	URL Repurposed
http://www.securityfocus.com/archive/1/500689/100/0/threaded
http://www.securityfocus.com/bid/33637

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:areva:e-terrahabitat::::::::
	cpe:2.3:a:areva:e-terrahabitat:5.5:::::::*
	cpe:2.3:a:areva:e-terrahabitat:5.6:::::::*

History

14 Feb 2024, 01:17

Type	Values Removed	Values Added
References	~~() http://www.scada-security.com/vulnerabilities/areva1.html -~~	() http://www.scada-security.com/vulnerabilities/areva1.html - URL Repurposed

Information

Published : 2009-02-08 22:30

Updated : 2024-02-14 01:17

NVD link : CVE-2009-0214

Mitre link : CVE-2009-0214

CVE.ORG link : CVE-2009-0214

JSON object : View

Products Affected

areva

e-terrahabitat

CWE

NVD-CWE-noinfo

{"id": "CVE-2009-0214", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-02-08T22:30:00.343", "references": [{"url": "http://secunia.com/advisories/33837", "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/337569", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.scada-security.com/vulnerabilities/areva1.html", "tags": ["URL Repurposed"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/archive/1/500689/100/0/threaded", "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/33637", "source": "cret@cert.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the WebFGServer application in AREVA e-terrahabitat 5.7 and earlier allows remote authenticated users to gain privileges via unknown vectors, aka PD32022."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en la aplicaci\u00f3n WebFGServer en AREVA e-terrahabitat v5.7 y anteriores, permite a usuarios autenticados remotamente obtener privilegios a trav\u00e9s de vectores no especificados. Tambi\u00e9n conocidos como PD32022."}], "lastModified": "2024-02-14T01:17:43.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:areva:e-terrahabitat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81433ED5-61A7-406A-BCEA-C0FB80B4B374", "versionEndIncluding": "5.7"}, {"criteria": "cpe:2.3:a:areva:e-terrahabitat:5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8C5CBA7-E0D6-4C2B-AD9F-16707B084C31"}, {"criteria": "cpe:2.3:a:areva:e-terrahabitat:5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00DA6AF7-707F-476F-B204-B6BD870762D0"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org", "evaluatorSolution": "Per http://www.kb.cert.org/vuls/id/337569 \r\n\r\n\"III. Solution \r\n\r\nApply Patch Users of e-terrahabitat version 5.5, 5.6, and 5.7 should apply the e-terrahabitat_560_P20081030_SEC patch immediately.\""}