A vulnerability, which was classified as critical, has been found in IntelliCom Netbiter Serial Ethernet Server Ss100 (unknown version). This issue affects an unknown code block. The manipulation with an unknown input leads to a code injection vulnerability. Using CWE to declare the problem leads to CWE-94. The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to execute arbitrary code by using a config.html 2.conf action to replace the logo page s GIF image file with a file containing this code, a different vulnerability than CVE-2009-4463.

The weakness was published 02/14/2011 (Website). It is possible to read the advisory at us-cert.gov. The identification of this vulnerability is CVE-2010-4732 since 02/14/2011. The exploitation is known to be easy. The attack may be initiated remotely. The requirement for exploitation is a simple authentication. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1059 according to MITRE ATT&CK.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Similar entries are available at 56496, 56494 and 56493.

Productinfo

Vendor

• IntelliCom

Name

• Netbiter Serial Ethernet Server Ss100

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion