cvelistv5 - CVE-2017-16714

CVE-2017-16714 (GCVE-0-2017-16714)

Vulnerability from cvelistv5 – Published: 2018-09-06 19:00 – Updated: 2024-09-17 01:51

Summary

In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication.

Severity ?

No CVSS data available.

CWE

CWE-256 - UNPROTECTED STORAGE OF CREDENTIALS CWE-256

Assigner

icscert

References

URL

	Vendor	Product	Version
	Ice Qube	Thermal Management Center	Affected: All versions prior to version 4.13

CNVD-2018-18113

Vulnerability from cnvd - Published: 2018-09-10

Title

Ice Qube Thermal Management Center信息泄露漏洞

Description

Ice Qube Thermal Management Center是美国Ice Qube公司的一款热管理应用程序。该程序包括电子邮件通知、远程管理、液晶显示和温度报警等功能。 Ice Qube Thermal Management Center 4.13之前版本中存在信息泄露漏洞，该漏洞源于程序将密码以明文的形式存储在无需身份验证便可访问的文件中。攻击者可利用该漏洞获取敏感信息。

Severity

中

Patch Name

Ice Qube Thermal Management Center信息泄露漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.iceqube.com/

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01

Impacted products

Name
Ice Qube Thermal Management Center <4.13

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-16714"
    }
  },
  "description": "Ice Qube Thermal Management Center\u662f\u7f8e\u56fdIce Qube\u516c\u53f8\u7684\u4e00\u6b3e\u70ed\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u3002\u8be5\u7a0b\u5e8f\u5305\u62ec\u7535\u5b50\u90ae\u4ef6\u901a\u77e5\u3001\u8fdc\u7a0b\u7ba1\u7406\u3001\u6db2\u6676\u663e\u793a\u548c\u6e29\u5ea6\u62a5\u8b66\u7b49\u529f\u80fd\u3002\r\n\r\nIce Qube Thermal Management Center 4.13\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5c06\u5bc6\u7801\u4ee5\u660e\u6587\u7684\u5f62\u5f0f\u5b58\u50a8\u5728\u65e0\u9700\u8eab\u4efd\u9a8c\u8bc1\u4fbf\u53ef\u8bbf\u95ee\u7684\u6587\u4ef6\u4e2d\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Maxim Rupp",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.iceqube.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-18113",
  "openTime": "2018-09-10",
  "patchDescription": "Ice Qube Thermal Management Center\u662f\u7f8e\u56fdIce Qube\u516c\u53f8\u7684\u4e00\u6b3e\u70ed\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u3002\u8be5\u7a0b\u5e8f\u5305\u62ec\u7535\u5b50\u90ae\u4ef6\u901a\u77e5\u3001\u8fdc\u7a0b\u7ba1\u7406\u3001\u6db2\u6676\u663e\u793a\u548c\u6e29\u5ea6\u62a5\u8b66\u7b49\u529f\u80fd\u3002\r\n\r\nIce Qube Thermal Management Center 4.13\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5c06\u5bc6\u7801\u4ee5\u660e\u6587\u7684\u5f62\u5f0f\u5b58\u50a8\u5728\u65e0\u9700\u8eab\u4efd\u9a8c\u8bc1\u4fbf\u53ef\u8bbf\u95ee\u7684\u6587\u4ef6\u4e2d\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Ice Qube Thermal Management Center\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Ice Qube Thermal Management Center \u003c4.13"
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01",
  "serverity": "\u4e2d",
  "submitTime": "2018-09-10",
  "title": "Ice Qube Thermal Management Center\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

VAR-201809-0032

Vulnerability from variot - Updated: 2023-12-18 13:08

In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication. Ice Qube Thermal Management Center Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Ice Qube Thermal Management Center is a thermal management application from Ice Qube, USA. The program includes email notifications, remote management, LCD display and temperature alarms. An attacker could exploit this vulnerability to obtain sensitive information

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0032",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "thermal management center",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "iceqube",
        "version": "4.13"
      },
      {
        "model": "thermal management center",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ice qube",
        "version": "4.13"
      },
      {
        "model": "qube thermal management center",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "ice",
        "version": "4.13"
      },
      {
        "model": "qube thermal management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ice",
        "version": "0"
      },
      {
        "model": "qube thermal management center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ice",
        "version": "4.13"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "thermal management center",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2f92381-39ab-11e9-89b7-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-18113"
      },
      {
        "db": "BID",
        "id": "105303"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014266"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-16714"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:iceqube:thermal_management_center_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.13",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:iceqube:thermal_management_center:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-16714"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Maxim Rupp",
    "sources": [
      {
        "db": "BID",
        "id": "105303"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-16714",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-16714",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-18113",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "e2f92381-39ab-11e9-89b7-000c29342cb1",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-16714",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-16714",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-18113",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201809-308",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "e2f92381-39ab-11e9-89b7-000c29342cb1",
            "trust": 0.2,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2f92381-39ab-11e9-89b7-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-18113"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014266"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-16714"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-308"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication. Ice Qube Thermal Management Center Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Ice Qube Thermal Management Center is a thermal management application from Ice Qube, USA. The program includes email notifications, remote management, LCD display and temperature alarms. An attacker could exploit this vulnerability to obtain sensitive information",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-16714"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014266"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-18113"
      },
      {
        "db": "BID",
        "id": "105303"
      },
      {
        "db": "IVD",
        "id": "e2f92381-39ab-11e9-89b7-000c29342cb1"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-16714",
        "trust": 3.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-249-01",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "105303",
        "trust": 1.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-18113",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-308",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014266",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "E2F92381-39AB-11E9-89B7-000C29342CB1",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2f92381-39ab-11e9-89b7-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-18113"
      },
      {
        "db": "BID",
        "id": "105303"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014266"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-16714"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-308"
      }
    ]
  },
  "id": "VAR-201809-0032",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "e2f92381-39ab-11e9-89b7-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-18113"
      }
    ],
    "trust": 1.6333333
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2f92381-39ab-11e9-89b7-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-18113"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:08:22.037000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Thermal Management",
        "trust": 0.8,
        "url": "https://www.iceqube.com/options-accessories/thermal-management/"
      },
      {
        "title": "Ice Qube Thermal Management Center Information Disclosure Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/139771"
      },
      {
        "title": "Ice Qube Thermal Management Center Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84629"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-18113"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014266"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-308"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-522",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-255",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014266"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-16714"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-249-01"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/105303"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16714"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16714"
      },
      {
        "trust": 0.3,
        "url": "https://www.iceqube.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-18113"
      },
      {
        "db": "BID",
        "id": "105303"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014266"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-16714"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-308"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "e2f92381-39ab-11e9-89b7-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-18113"
      },
      {
        "db": "BID",
        "id": "105303"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014266"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-16714"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-308"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-10T00:00:00",
        "db": "IVD",
        "id": "e2f92381-39ab-11e9-89b7-000c29342cb1"
      },
      {
        "date": "2018-09-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-18113"
      },
      {
        "date": "2018-09-06T00:00:00",
        "db": "BID",
        "id": "105303"
      },
      {
        "date": "2018-12-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-014266"
      },
      {
        "date": "2018-09-06T19:29:00.377000",
        "db": "NVD",
        "id": "CVE-2017-16714"
      },
      {
        "date": "2018-09-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-308"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-18113"
      },
      {
        "date": "2018-09-06T00:00:00",
        "db": "BID",
        "id": "105303"
      },
      {
        "date": "2018-12-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-014266"
      },
      {
        "date": "2019-10-09T23:25:13.643000",
        "db": "NVD",
        "id": "CVE-2017-16714"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-308"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-308"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ice Qube Thermal Management Center Information Disclosure Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "e2f92381-39ab-11e9-89b7-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-18113"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-308"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2017-16714

Vulnerability from fkie_nvd - Published: 2018-09-06 19:29 - Updated: 2024-11-21 03:16

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication.

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/105303	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105303	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	iceqube	thermal_management_center_firmware	*
	iceqube	thermal_management_center	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:iceqube:thermal_management_center_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2C1BBB5-8DE9-4092-A744-1DFD8F2FB1DA",
              "versionEndExcluding": "4.13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:iceqube:thermal_management_center:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24A23450-45E8-4184-B7C0-8E39924E1B38",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication."
    },
    {
      "lang": "es",
      "value": "En versiones anteriores a la 4.13 de Ice Qube Thermal Management Center, las contrase\u00f1as se almacenan en texto plano en un archivo accesible sin autenticaci\u00f3n."
    }
  ],
  "id": "CVE-2017-16714",
  "lastModified": "2024-11-21T03:16:50.333",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-09-06T19:29:00.377",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105303"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105303"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-256"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2017-16714

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication.

Aliases

CVE-2017-16714

Aliases

CVE-2017-16714

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-16714",
    "description": "In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication.",
    "id": "GSD-2017-16714"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-16714"
      ],
      "details": "In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication.",
      "id": "GSD-2017-16714",
      "modified": "2023-12-13T01:21:00.461824Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "DATE_PUBLIC": "2018-09-06T00:00:00",
        "ID": "CVE-2017-16714",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Thermal Management Center",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions prior to version 4.13"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Ice Qube"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "UNPROTECTED STORAGE OF CREDENTIALS CWE-256"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01"
          },
          {
            "name": "105303",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105303"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:iceqube:thermal_management_center_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.13",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:iceqube:thermal_management_center:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-16714"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-522"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01"
            },
            {
              "name": "105303",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105303"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:25Z",
      "publishedDate": "2018-09-06T19:29Z"
    }
  }
}

GHSA-35C8-928H-RVFQ

Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37

Details

In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication.

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-16714"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-522"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-06T19:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication.",
  "id": "GHSA-35c8-928h-rvfq",
  "modified": "2022-05-13T01:37:22Z",
  "published": "2022-05-13T01:37:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16714"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105303"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

ICSA-18-249-01

Vulnerability from csaf_cisa - Published: 2018-09-06 00:00 - Updated: 2018-09-06 00:00

Summary

Ice Qube Thermal Management Center

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to configuration files or obtain sensitive information.

Critical infrastructure sectors

Commercial Facilities, Critical Manufacturing, Energy, Water

Countries/areas deployed

Worldwide

Company headquarters location

United States

Recommended Practices

NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Maxim Rupp"
        ],
        "summary": "reporting these vulnerabilities to NCCIC"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to configuration files or obtain sensitive information.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Commercial Facilities, Critical Manufacturing, Energy, Water",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-249-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsa-18-249-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-249-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-249-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Ice Qube Thermal Management Center",
    "tracking": {
      "current_release_date": "2018-09-06T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-18-249-01",
      "initial_release_date": "2018-09-06T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2018-09-06T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-18-249-01 Ice Qube Thermal Management Center "
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 4.13",
                "product": {
                  "name": "Thermal Management Center: all versions prior to 4.13",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Thermal Management Center"
          }
        ],
        "category": "vendor",
        "name": "Ice Qube"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-14026",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The web application does not properly authenticate users, which may allow an attacker to gain access to sensitive information.CVE-2017-14026 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14026"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Ice Qube recommends that users of affected versions upgrade to the latest version of Thermal Management Center v4.13 or newer, which can be obtained by contacting Technical Support at the following email: service@iceqube.com or by calling Technical Support at: 724-837-7600.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "mailto:service@iceqube.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2017-16714",
      "cwe": {
        "id": "CWE-256",
        "name": "Plaintext Storage of a Password"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Passwords are stored in plaintext in a file that is accessible without authentication.CVE-2017-16714 has been assigned to this vulnerability. A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16714"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Ice Qube recommends that users of affected versions upgrade to the latest version of Thermal Management Center v4.13 or newer, which can be obtained by contacting Technical Support at the following email: service@iceqube.com or by calling Technical Support at: 724-837-7600.",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "mailto:service@iceqube.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-16714 (GCVE-0-2017-16714)

CNVD-2018-18113

VAR-201809-0032

FKIE_CVE-2017-16714

GSD-2017-16714

GHSA-35C8-928H-RVFQ

ICSA-18-249-01

Tags

Sightings

Nomenclature