CNVD-2017-24367

Vulnerability from cnvd - Published: 2017-09-01
VLAI Severity ?
Title
OPW Fuel Management Systems SiteSentinel Integra和SiteSentinel iSite权限提升漏洞
Description
SiteSentinel Integra 100、SiteSentinel Integra 500和SiteSentinel iSite ATG都是为OPW燃料管理系统提供油罐监控功能的产品。 OPW Fuel Management Systems SiteSentinel Integra和SiteSentinel iSite存在权限提升漏洞,攻击者可通过创建一个应用程序的用户帐户利用漏洞获取管理权限。
Severity
Patch Name
OPW Fuel Management Systems SiteSentinel Integra和SiteSentinel iSite权限提升漏洞的补丁
Patch Description
SiteSentinel Integra 100、SiteSentinel Integra 500和SiteSentinel iSite ATG都是为OPW燃料管理系统提供油罐监控功能的产品。 OPW Fuel Management Systems SiteSentinel Integra和SiteSentinel iSite存在权限提升漏洞,攻击者可通过创建一个应用程序的用户帐户利用漏洞获取管理权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞: http://www.opwglobal.com/docs/libraries/manuals/electronic-systems/opw-fms-manuals/m00-20-4438-integra-software-upgrade.pdf?sfvrsn=14

Reference
https://ics-cert.us-cert.gov/advisories/ICSA-17-243-04
Impacted products
Name
['OPW Fuel Management Systems SiteSentinel iSite ATG <V175', 'OPW Fuel Management Systems SiteSentinel iSite ATG V175-V189', 'OPW Fuel Management Systems SiteSentinel iSite ATG V191-V195', 'OPW Fuel Management Systems SiteSentinel iSite ATG V16Q3.1', 'OPW Fuel Management Systems SiteSentinel Integra 100 <V175', 'OPW Fuel Management Systems SiteSentinel Integra 100 V175-V189', 'OPW Fuel Management Systems SiteSentinel Integra 100 V191-V195', 'OPW Fuel Management Systems SiteSentinel Integra 100 V16Q3.1', 'OPW Fuel Management Systems SiteSentinel Integra 500 <V175', 'OPW Fuel Management Systems SiteSentinel Integra 500 V175-V189', 'OPW Fuel Management Systems SiteSentinel Integra 500 V191-V195', 'OPW Fuel Management Systems SiteSentinel Integra 500 V16Q3.1']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-12733"
    }
  },
  "description": "SiteSentinel Integra 100\u3001SiteSentinel Integra 500\u548cSiteSentinel iSite ATG\u90fd\u662f\u4e3aOPW\u71c3\u6599\u7ba1\u7406\u7cfb\u7edf\u63d0\u4f9b\u6cb9\u7f50\u76d1\u63a7\u529f\u80fd\u7684\u4ea7\u54c1\u3002\r\n\r\nOPW Fuel Management Systems SiteSentinel Integra\u548cSiteSentinel iSite\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u521b\u5efa\u4e00\u4e2a\u5e94\u7528\u7a0b\u5e8f\u7684\u7528\u6237\u5e10\u6237\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u7ba1\u7406\u6743\u9650\u3002",
  "discovererName": "Semen Rozhkov of Kaspersky Lab",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.opwglobal.com/docs/libraries/manuals/electronic-systems/opw-fms-manuals/m00-20-4438-integra-software-upgrade.pdf?sfvrsn=14",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-24367",
  "openTime": "2017-09-01",
  "patchDescription": "SiteSentinel Integra 100\u3001SiteSentinel Integra 500\u548cSiteSentinel iSite ATG\u90fd\u662f\u4e3aOPW\u71c3\u6599\u7ba1\u7406\u7cfb\u7edf\u63d0\u4f9b\u6cb9\u7f50\u76d1\u63a7\u529f\u80fd\u7684\u4ea7\u54c1\u3002\r\n\r\nOPW Fuel Management Systems SiteSentinel Integra\u548cSiteSentinel iSite\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u521b\u5efa\u4e00\u4e2a\u5e94\u7528\u7a0b\u5e8f\u7684\u7528\u6237\u5e10\u6237\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u7ba1\u7406\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "OPW Fuel Management Systems SiteSentinel Integra\u548cSiteSentinel iSite\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "OPW Fuel Management Systems SiteSentinel iSite ATG \u003cV175",
      "OPW Fuel Management Systems SiteSentinel iSite ATG V175-V189",
      "OPW Fuel Management Systems SiteSentinel iSite ATG V191-V195",
      "OPW Fuel Management Systems SiteSentinel iSite ATG V16Q3.1",
      "OPW Fuel Management Systems SiteSentinel Integra 100 \u003cV175",
      "OPW Fuel Management Systems SiteSentinel Integra 100 V175-V189",
      "OPW Fuel Management Systems SiteSentinel Integra 100 V191-V195",
      "OPW Fuel Management Systems SiteSentinel Integra 100 V16Q3.1",
      "OPW Fuel Management Systems SiteSentinel Integra 500 \u003cV175",
      "OPW Fuel Management Systems SiteSentinel Integra 500 V175-V189",
      "OPW Fuel Management Systems SiteSentinel Integra 500 V191-V195",
      "OPW Fuel Management Systems SiteSentinel Integra 500 V16Q3.1"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-17-243-04",
  "serverity": "\u9ad8",
  "submitTime": "2017-09-01",
  "title": "OPW Fuel Management Systems SiteSentinel Integra\u548cSiteSentinel iSite\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.