CVE-2010-4730 - Vulnerability Details - OpenCVE

Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the page parameter, a different vulnerability than CVE-2009-4463.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Intellicom	Netbiter Easyconnect Ec150 Netbiter Modbus Rtu-tcp Gateway Mb100 Netbiter Nb100 Netbiter Nb200 Netbiter Serial Ethernet Server Ss100 Netbiter Webscada Ws100 Netbiter Webscada Ws200

Configuration 1 [-]

AND

OR	cpe:2.3:h:intellicom:netbiter_easyconnect_ec150::::::::
	cpe:2.3:h:intellicom:netbiter_modbus_rtu-tcp_gateway_mb100::::::::
	cpe:2.3:h:intellicom:netbiter_serial_ethernet_server_ss100::::::::
	cpe:2.3:h:intellicom:netbiter_webscada_ws100::::::::
	cpe:2.3:h:intellicom:netbiter_webscada_ws200::::::::

OR	cpe:2.3:h:intellicom:netbiter_nb100::::::::
	cpe:2.3:h:intellicom:netbiter_nb200::::::::

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2010-10/0002.html
http://www.kb.cert.org/vuls/id/114560
http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2011-02-14T23:00:00Z

Updated: 2024-09-16T17:08:09.619Z

Reserved: 2011-02-14T00:00:00Z

Link: CVE-2010-4730

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2011-02-15T01:00:01.477

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-4730

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the page parameter, a different vulnerability than CVE-2009-4463."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-02-14T23:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "VU#114560", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/114560"}, {"tags": ["x_refsource_MISC"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf"}, {"name": "20101001 [STANKOINFORMZASCHITA-10-01] Netbiter, webSCADA multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2010-10/0002.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-4730", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the page parameter, a different vulnerability than CVE-2009-4463."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "VU#114560", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/114560"}, {"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf", "refsource": "MISC", "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf"}, {"name": "20101001 [STANKOINFORMZASCHITA-10-01] Netbiter, webSCADA multiple vulnerabilities", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2010-10/0002.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:55:35.056Z"}, "title": "CVE Program Container", "references": [{"name": "VU#114560", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/114560"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf"}, {"name": "20101001 [STANKOINFORMZASCHITA-10-01] Netbiter, webSCADA multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2010-10/0002.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-4730", "datePublished": "2011-02-14T23:00:00Z", "dateReserved": "2011-02-14T00:00:00Z", "dateUpdated": "2024-09-16T17:08:09.619Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:intellicom:netbiter_easyconnect_ec150:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC537D95-3DCD-4FD8-9CCE-61F70A818F4C", "vulnerable": true}, {"criteria": "cpe:2.3:h:intellicom:netbiter_modbus_rtu-tcp_gateway_mb100:*:*:*:*:*:*:*:*", "matchCriteriaId": "4DBABB5F-235A-427D-B13E-7DCBFE7A4337", "vulnerable": true}, {"criteria": "cpe:2.3:h:intellicom:netbiter_serial_ethernet_server_ss100:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFD64BF7-5945-4CDE-84E3-D872081CB42F", "vulnerable": true}, {"criteria": "cpe:2.3:h:intellicom:netbiter_webscada_ws100:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCD25C93-C0EE-4EFD-8066-53CE3840BF1B", "vulnerable": true}, {"criteria": "cpe:2.3:h:intellicom:netbiter_webscada_ws200:*:*:*:*:*:*:*:*", "matchCriteriaId": "01FE6CE4-81D4-47B9-A859-92E267712B49", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:intellicom:netbiter_nb100:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD774110-E3E9-4A65-9B8D-5A62B0AEB410", "vulnerable": true}, {"criteria": "cpe:2.3:h:intellicom:netbiter_nb200:*:*:*:*:*:*:*:*", "matchCriteriaId": "769218F4-5A0A-42E6-8DB4-F133AF5741E8", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the page parameter, a different vulnerability than CVE-2009-4463."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio absoluto en cgi-bin/read.cgi en WebSCADA WS100 y WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, y Serial Ethernet Server SS100 en el IntelliCom NetBiter NB100 y plataformas NB200 permite a administradores autenticados de forma remota leer archivos de su elecci\u00f3n a trav\u00e9s de .. (punto punto) en el par\u00e1metro de la p\u00e1gina, una vulnerabilidad diferente que CVE-2009-4463."}], "id": "CVE-2010-4730", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-02-15T01:00:01.477", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2010-10/0002.html"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/114560"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2010-10/0002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/114560"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-10-316-01A.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}