{"vuid":"VU#757804","idnumber":"757804","name":"Cisco Network Building Mediator products contain multiple vulnerabilities","keywords":["cisco-sa-20100526-mediator","configTOOL","NBM","scada"],"overview":"Cisco Network Building Mediator (NBM) products are affected by multiple vulnerabilities that could allow an attacker to gain control of a vulnerable device or to cause a denial of service.","clean_desc":"Cisco Network Building Mediator (NBM) products are designed to manage facility energy use. NBM products support automation protocols such as BACnet and Modbus; IT network protocols such as IP, SNMP, SSH, and HTTP/S; and application protocols like XML-RPC and SOAP. NBM products are affected by multiple vulnerabilities, including default administrative credentials, privilege escalation, plaintext transmission of credentials, and unauthenticated access to a file containing credentials. An attacker can exploit these vulnerabilities using several attack vectors over SSH, HTTP/S, and XML-RPC. Cisco Security Advisory cisco-sa-20100526-mediator notes: \"These vulnerabilities affect the legacy Richards-Zeta Mediator 2500 product and Cisco Network Building Mediator NBM-2400 and NBM-4800 models. All Mediator Framework software releases prior to 3.1.1 are affected by all vulnerabilities listed in this security advisory.\" See also ICS-CERT Advisory ICSA-10-147-01.","impact":"These vulnerabilities could allow an unauthenticated, remote attacker to gain complete control over the mediator. An authorized user could gain administrative privileges, and a remote attacker could cause a denial of service.","resolution":"As reported in cisco-sa-20100526-mediator, the first fixed releases are 1.5.1.build.14-eng, 2.2.1.dev.1 and 3.0.9.release.1.","workarounds":"Cisco Security Advisory cisco-sa-20100526-mediator and the associated Applied Mitigation Bulletin provide detailed information about workarounds and mitigation techniques, including changing default passwords, disabling unencrypted services, restricting access, and detecting possible attacks.","sysaffected":"","thanks":"Information from Secunia and Cisco was used in this document.","author":"This document was written by Art Manion.","public":["http://secunia.com/advisories/39904/","http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c518.shtml","http://www.cisco.com/warp/public/707/cisco-amb-20100526-mediator.shtml","http://www.us-cert.gov/control_systems/pdf/ICSA-10-147-01_Cisco_Network_Building_Mediator.pdf"],"cveids":["CVE-2010-0595","CVE-2010-0596","CVE-2010-0597","CVE-2010-0598","CVE-2010-0599","CVE-2010-0600"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2010-05-27T17:41:37Z","publicdate":"2010-05-26T00:00:00Z","datefirstpublished":"2010-06-03T02:37:41Z","dateupdated":"2010-07-12T21:30:32Z","revision":18,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"4","cam_impact":"18","cam_easeofexploitation":"14","cam_attackeraccessrequired":"10","cam_scorecurrent":"2.835","cam_scorecurrentwidelyknown":"3.78","cam_scorecurrentwidelyknownexploited":"7.56","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":2.835,"vulnote":null}