Search criteria
6 vulnerabilities found for Thermal Management Center by Ice Qube
VAR-201809-0032
Vulnerability from variot - Updated: 2023-12-18 13:08In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication. Ice Qube Thermal Management Center Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Ice Qube Thermal Management Center is a thermal management application from Ice Qube, USA. The program includes email notifications, remote management, LCD display and temperature alarms. An attacker could exploit this vulnerability to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0032",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thermal management center",
"scope": "lt",
"trust": 1.0,
"vendor": "iceqube",
"version": "4.13"
},
{
"model": "thermal management center",
"scope": "lt",
"trust": 0.8,
"vendor": "ice qube",
"version": "4.13"
},
{
"model": "qube thermal management center",
"scope": "lt",
"trust": 0.6,
"vendor": "ice",
"version": "4.13"
},
{
"model": "qube thermal management center",
"scope": "eq",
"trust": 0.3,
"vendor": "ice",
"version": "0"
},
{
"model": "qube thermal management center",
"scope": "ne",
"trust": 0.3,
"vendor": "ice",
"version": "4.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "thermal management center",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f92381-39ab-11e9-89b7-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18113"
},
{
"db": "BID",
"id": "105303"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014266"
},
{
"db": "NVD",
"id": "CVE-2017-16714"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iceqube:thermal_management_center_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.13",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iceqube:thermal_management_center:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16714"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Rupp",
"sources": [
{
"db": "BID",
"id": "105303"
}
],
"trust": 0.3
},
"cve": "CVE-2017-16714",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-16714",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-18113",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2f92381-39ab-11e9-89b7-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-16714",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-16714",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-18113",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-308",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2f92381-39ab-11e9-89b7-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f92381-39ab-11e9-89b7-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18113"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014266"
},
{
"db": "NVD",
"id": "CVE-2017-16714"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-308"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication. Ice Qube Thermal Management Center Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Ice Qube Thermal Management Center is a thermal management application from Ice Qube, USA. The program includes email notifications, remote management, LCD display and temperature alarms. An attacker could exploit this vulnerability to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16714"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014266"
},
{
"db": "CNVD",
"id": "CNVD-2018-18113"
},
{
"db": "BID",
"id": "105303"
},
{
"db": "IVD",
"id": "e2f92381-39ab-11e9-89b7-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-16714",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-249-01",
"trust": 3.3
},
{
"db": "BID",
"id": "105303",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2018-18113",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-308",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014266",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F92381-39AB-11E9-89B7-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f92381-39ab-11e9-89b7-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18113"
},
{
"db": "BID",
"id": "105303"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014266"
},
{
"db": "NVD",
"id": "CVE-2017-16714"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-308"
}
]
},
"id": "VAR-201809-0032",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f92381-39ab-11e9-89b7-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18113"
}
],
"trust": 1.6333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f92381-39ab-11e9-89b7-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18113"
}
]
},
"last_update_date": "2023-12-18T13:08:22.037000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Thermal Management",
"trust": 0.8,
"url": "https://www.iceqube.com/options-accessories/thermal-management/"
},
{
"title": "Ice Qube Thermal Management Center Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/139771"
},
{
"title": "Ice Qube Thermal Management Center Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84629"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18113"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014266"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-308"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014266"
},
{
"db": "NVD",
"id": "CVE-2017-16714"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-249-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105303"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16714"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16714"
},
{
"trust": 0.3,
"url": "https://www.iceqube.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18113"
},
{
"db": "BID",
"id": "105303"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014266"
},
{
"db": "NVD",
"id": "CVE-2017-16714"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-308"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f92381-39ab-11e9-89b7-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18113"
},
{
"db": "BID",
"id": "105303"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014266"
},
{
"db": "NVD",
"id": "CVE-2017-16714"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-308"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-10T00:00:00",
"db": "IVD",
"id": "e2f92381-39ab-11e9-89b7-000c29342cb1"
},
{
"date": "2018-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18113"
},
{
"date": "2018-09-06T00:00:00",
"db": "BID",
"id": "105303"
},
{
"date": "2018-12-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014266"
},
{
"date": "2018-09-06T19:29:00.377000",
"db": "NVD",
"id": "CVE-2017-16714"
},
{
"date": "2018-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-308"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18113"
},
{
"date": "2018-09-06T00:00:00",
"db": "BID",
"id": "105303"
},
{
"date": "2018-12-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014266"
},
{
"date": "2019-10-09T23:25:13.643000",
"db": "NVD",
"id": "CVE-2017-16714"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-308"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-308"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ice Qube Thermal Management Center Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2f92381-39ab-11e9-89b7-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18113"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-308"
}
],
"trust": 0.6
}
}
VAR-201809-0055
Vulnerability from variot - Updated: 2023-12-18 13:08In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information. Ice Qube Thermal Management Center Contains an authentication vulnerability.Information may be obtained. The program includes email notifications, remote management, LCD display and temperature alarms. Attackers may exploit these issues to gain unauthorized access to the affected device or to obtain sensitive information that may aid in launching further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0055",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thermal management center",
"scope": "lt",
"trust": 1.0,
"vendor": "iceqube",
"version": "4.13"
},
{
"model": "thermal management center",
"scope": "lt",
"trust": 0.8,
"vendor": "ice qube",
"version": "4.13"
},
{
"model": "qube thermal management center",
"scope": "lt",
"trust": 0.6,
"vendor": "ice",
"version": "4.13"
},
{
"model": "qube thermal management center",
"scope": "eq",
"trust": 0.3,
"vendor": "ice",
"version": "0"
},
{
"model": "qube thermal management center",
"scope": "ne",
"trust": 0.3,
"vendor": "ice",
"version": "4.13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "thermal management center",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f971a2-39ab-11e9-9f8b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18145"
},
{
"db": "BID",
"id": "105303"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014267"
},
{
"db": "NVD",
"id": "CVE-2017-14026"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iceqube:thermal_management_center_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.13",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iceqube:thermal_management_center:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14026"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Rupp",
"sources": [
{
"db": "BID",
"id": "105303"
}
],
"trust": 0.3
},
"cve": "CVE-2017-14026",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-14026",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-18145",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2f971a2-39ab-11e9-9f8b-000c29342cb1",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14026",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14026",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-18145",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1249",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2f971a2-39ab-11e9-9f8b-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f971a2-39ab-11e9-9f8b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18145"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014267"
},
{
"db": "NVD",
"id": "CVE-2017-14026"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1249"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information. Ice Qube Thermal Management Center Contains an authentication vulnerability.Information may be obtained. The program includes email notifications, remote management, LCD display and temperature alarms. \nAttackers may exploit these issues to gain unauthorized access to the affected device or to obtain sensitive information that may aid in launching further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14026"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014267"
},
{
"db": "CNVD",
"id": "CNVD-2018-18145"
},
{
"db": "BID",
"id": "105303"
},
{
"db": "IVD",
"id": "e2f971a2-39ab-11e9-9f8b-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14026",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-249-01",
"trust": 2.7
},
{
"db": "BID",
"id": "105303",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2018-18145",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1249",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014267",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F971A2-39AB-11E9-9F8B-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f971a2-39ab-11e9-9f8b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18145"
},
{
"db": "BID",
"id": "105303"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014267"
},
{
"db": "NVD",
"id": "CVE-2017-14026"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1249"
}
]
},
"id": "VAR-201809-0055",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f971a2-39ab-11e9-9f8b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18145"
}
],
"trust": 1.6333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f971a2-39ab-11e9-9f8b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18145"
}
]
},
"last_update_date": "2023-12-18T13:08:22.071000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Thermal Management",
"trust": 0.8,
"url": "https://www.iceqube.com/options-accessories/thermal-management/"
},
{
"title": "Ice Qube Thermal Management Center authentication bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/139787"
},
{
"title": "Ice Qube Thermal Management Center Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100012"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18145"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014267"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1249"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014267"
},
{
"db": "NVD",
"id": "CVE-2017-14026"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-249-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105303"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14026"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14026"
},
{
"trust": 0.3,
"url": "https://www.iceqube.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18145"
},
{
"db": "BID",
"id": "105303"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014267"
},
{
"db": "NVD",
"id": "CVE-2017-14026"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1249"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f971a2-39ab-11e9-9f8b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18145"
},
{
"db": "BID",
"id": "105303"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014267"
},
{
"db": "NVD",
"id": "CVE-2017-14026"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1249"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-10T00:00:00",
"db": "IVD",
"id": "e2f971a2-39ab-11e9-9f8b-000c29342cb1"
},
{
"date": "2018-10-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18145"
},
{
"date": "2018-09-06T00:00:00",
"db": "BID",
"id": "105303"
},
{
"date": "2018-12-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014267"
},
{
"date": "2018-09-06T19:29:00.253000",
"db": "NVD",
"id": "CVE-2017-14026"
},
{
"date": "2017-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1249"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18145"
},
{
"date": "2018-09-06T00:00:00",
"db": "BID",
"id": "105303"
},
{
"date": "2018-12-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014267"
},
{
"date": "2019-10-09T23:23:45.483000",
"db": "NVD",
"id": "CVE-2017-14026"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1249"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1249"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ice Qube Thermal Management Center Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014267"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1249"
}
],
"trust": 0.6
}
}
CVE-2017-16714 (GCVE-0-2017-16714)
Vulnerability from cvelistv5 – Published: 2018-09-06 19:00 – Updated: 2024-09-17 01:51
VLAI?
Summary
In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication.
Severity ?
No CVSS data available.
CWE
- CWE-256 - UNPROTECTED STORAGE OF CREDENTIALS CWE-256
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ice Qube | Thermal Management Center |
Affected:
All versions prior to version 4.13
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:20.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01"
},
{
"name": "105303",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105303"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thermal Management Center",
"vendor": "Ice Qube",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.13"
}
]
}
],
"datePublic": "2018-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "UNPROTECTED STORAGE OF CREDENTIALS CWE-256",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-11T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01"
},
{
"name": "105303",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105303"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-06T00:00:00",
"ID": "CVE-2017-16714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thermal Management Center",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.13"
}
]
}
}
]
},
"vendor_name": "Ice Qube"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNPROTECTED STORAGE OF CREDENTIALS CWE-256"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01"
},
{
"name": "105303",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105303"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-16714",
"datePublished": "2018-09-06T19:00:00Z",
"dateReserved": "2017-11-09T00:00:00",
"dateUpdated": "2024-09-17T01:51:12.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14026 (GCVE-0-2017-14026)
Vulnerability from cvelistv5 – Published: 2018-09-06 19:00 – Updated: 2024-09-16 23:55
VLAI?
Summary
In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information.
Severity ?
No CVSS data available.
CWE
- CWE-287 - IMPROPER AUTHENTICATION CWE-287
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ice Qube | Thermal Management Center |
Affected:
All versions prior to version 4.13
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:13:41.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01"
},
{
"name": "105303",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105303"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thermal Management Center",
"vendor": "Ice Qube",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.13"
}
]
}
],
"datePublic": "2018-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "IMPROPER AUTHENTICATION CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-11T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01"
},
{
"name": "105303",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105303"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-06T00:00:00",
"ID": "CVE-2017-14026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thermal Management Center",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.13"
}
]
}
}
]
},
"vendor_name": "Ice Qube"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER AUTHENTICATION CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01"
},
{
"name": "105303",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105303"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-14026",
"datePublished": "2018-09-06T19:00:00Z",
"dateReserved": "2017-08-30T00:00:00",
"dateUpdated": "2024-09-16T23:55:57.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16714 (GCVE-0-2017-16714)
Vulnerability from nvd – Published: 2018-09-06 19:00 – Updated: 2024-09-17 01:51
VLAI?
Summary
In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication.
Severity ?
No CVSS data available.
CWE
- CWE-256 - UNPROTECTED STORAGE OF CREDENTIALS CWE-256
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ice Qube | Thermal Management Center |
Affected:
All versions prior to version 4.13
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:20.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01"
},
{
"name": "105303",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105303"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thermal Management Center",
"vendor": "Ice Qube",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.13"
}
]
}
],
"datePublic": "2018-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "UNPROTECTED STORAGE OF CREDENTIALS CWE-256",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-11T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01"
},
{
"name": "105303",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105303"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-06T00:00:00",
"ID": "CVE-2017-16714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thermal Management Center",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.13"
}
]
}
}
]
},
"vendor_name": "Ice Qube"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNPROTECTED STORAGE OF CREDENTIALS CWE-256"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01"
},
{
"name": "105303",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105303"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-16714",
"datePublished": "2018-09-06T19:00:00Z",
"dateReserved": "2017-11-09T00:00:00",
"dateUpdated": "2024-09-17T01:51:12.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14026 (GCVE-0-2017-14026)
Vulnerability from nvd – Published: 2018-09-06 19:00 – Updated: 2024-09-16 23:55
VLAI?
Summary
In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information.
Severity ?
No CVSS data available.
CWE
- CWE-287 - IMPROPER AUTHENTICATION CWE-287
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ice Qube | Thermal Management Center |
Affected:
All versions prior to version 4.13
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:13:41.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01"
},
{
"name": "105303",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105303"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thermal Management Center",
"vendor": "Ice Qube",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.13"
}
]
}
],
"datePublic": "2018-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "IMPROPER AUTHENTICATION CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-11T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01"
},
{
"name": "105303",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105303"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-06T00:00:00",
"ID": "CVE-2017-14026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thermal Management Center",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.13"
}
]
}
}
]
},
"vendor_name": "Ice Qube"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER AUTHENTICATION CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01"
},
{
"name": "105303",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105303"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-14026",
"datePublished": "2018-09-06T19:00:00Z",
"dateReserved": "2017-08-30T00:00:00",
"dateUpdated": "2024-09-16T23:55:57.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}