cvelistv5 - cve-2017-12709

CVE-2017-12709 (GCVE-0-2017-12709)

Vulnerability from cvelistv5 – Published: 2017-08-25 16:00 – Updated: 2024-08-05 18:43

Summary

Severity ?

No CVSS data available.

CWE

CWE-798

Assigner

icscert

References

URL

	Vendor	Product	Version
	n/a	Westermo MRD-305-DIN, MRD-315, MRD-355, and MRD-455	Affected: Westermo MRD-305-DIN, MRD-315, MRD-355, and MRD-455

FKIE_CVE-2017-12709

Vulnerability from fkie_nvd - Published: 2017-08-25 16:29 - Updated: 2025-04-20 01:37

Severity ?

5.3 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/100470	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100470	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
westermo	mrd-305-din_firmware	-
westermo	mrd-305-din	-
westermo	mrd-315-din_firmware	-
westermo	mrd-315-din	-
westermo	mrd-355-din_firmware	-
westermo	mrd-355-din	-
westermo	mrd-455-din_firmware	-
westermo	mrd-455-din	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westermo:mrd-305-din_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12D52093-D913-47EA-80F1-927355BB543F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westermo:mrd-305-din:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9962B99-63CF-489E-95B4-A26F851F64E6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westermo:mrd-315-din_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "53BB09CA-7887-4422-BB7F-2B6FEFDD81A4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westermo:mrd-315-din:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7E32165-E272-4ADD-B14F-585950E25A7C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westermo:mrd-355-din_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED01C8B2-2A75-4420-8156-F7B53C50E269",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westermo:mrd-355-din:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5305D4F0-10A0-4B6A-97B2-C49EE527088E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westermo:mrd-455-din_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7777DED-BF73-4512-813E-2F858D787DB9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westermo:mrd-455-din:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B043DE84-41F2-4AE2-8254-275FDED1ED77",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema de uso de credenciales codificadas de forma r\u00edgida en MRD-305-DIN en versiones anteriores a la 1.7.5.0, y MRD-315, MRD-355, MRD-455 en versiones anteriores a la 1.7.5.0. El dispositivo emplea credenciales codificadas de forma r\u00edgida, lo que podr\u00eda permitir el acceso local sin autorizaci\u00f3n y con pocos privilegios al dispositivo."
    }
  ],
  "id": "CVE-2017-12709",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-25T16:29:00.270",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100470"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100470"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-GC73-922G-765G

Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37

Details

Severity ?

5.3 (Medium)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-12709"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-25T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device.",
  "id": "GHSA-gc73-922g-765g",
  "modified": "2022-05-13T01:37:46Z",
  "published": "2022-05-13T01:37:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12709"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100470"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2017-23003

Vulnerability from cnvd - Published: 2017-08-26

Title

多款Westermo路由器硬编码未授权访问漏洞

Description

RD-305-DIN、MRD-315、MRD-355、MRD-455都是Westermo的路由器设备。多款Westermo路由器存在硬编码未授权访问漏洞，该设备使用硬编码凭据，允许本地攻击者利用漏洞未授权访问设备。

Severity

中

Patch Name

多款Westermo路由器硬编码未授权访问漏洞的补丁

Patch Description

RD-305-DIN、MRD-315、MRD-355、MRD-455都是Westermo的路由器设备。多款Westermo路由器存在硬编码未授权访问漏洞，该设备使用硬编码凭据，允许本地攻击者利用漏洞未授权访问设备。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁已修复这个安全问题，请到厂商的主页下载： http://www.westermo.com

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01 http://www.securityfocus.com/bid/100470

Impacted products

Name
['Westermo MRD-305-DIN <1.7.5.0', 'Westermo MRD-315 <1.7.5.0', 'Westermo MRD-355 <1.7.5.0', 'Westermo MRD-455 <1.7.5.0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "100470"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-12709"
    }
  },
  "description": "RD-305-DIN\u3001MRD-315\u3001MRD-355\u3001MRD-455\u90fd\u662fWestermo\u7684\u8def\u7531\u5668\u8bbe\u5907\u3002\r\n\r\n\u591a\u6b3eWestermo\u8def\u7531\u5668\u5b58\u5728\u786c\u7f16\u7801\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\uff0c\u8be5\u8bbe\u5907\u4f7f\u7528\u786c\u7f16\u7801\u51ed\u636e\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u672a\u6388\u6743\u8bbf\u95ee\u8bbe\u5907\u3002",
  "discovererName": "Mandar Jadhav from Qualys Security",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u5df2\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://www.westermo.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-23003",
  "openTime": "2017-08-26",
  "patchDescription": "RD-305-DIN\u3001MRD-315\u3001MRD-355\u3001MRD-455\u90fd\u662fWestermo\u7684\u8def\u7531\u5668\u8bbe\u5907\u3002\r\n\r\n\u591a\u6b3eWestermo\u8def\u7531\u5668\u5b58\u5728\u786c\u7f16\u7801\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\uff0c\u8be5\u8bbe\u5907\u4f7f\u7528\u786c\u7f16\u7801\u51ed\u636e\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u672a\u6388\u6743\u8bbf\u95ee\u8bbe\u5907\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eWestermo\u8def\u7531\u5668\u786c\u7f16\u7801\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Westermo MRD-305-DIN \u003c1.7.5.0",
      "Westermo MRD-315 \u003c1.7.5.0",
      "Westermo MRD-355 \u003c1.7.5.0",
      "Westermo MRD-455 \u003c1.7.5.0"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01\r\nhttp://www.securityfocus.com/bid/100470",
  "serverity": "\u4e2d",
  "submitTime": "2017-08-25",
  "title": "\u591a\u6b3eWestermo\u8def\u7531\u5668\u786c\u7f16\u7801\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e"
}

ICSA-17-236-01

Vulnerability from csaf_cisa - Published: 2017-08-24 00:00 - Updated: 2017-08-24 00:00

Summary

ICSA-17-236-01_Westermo MRD-305-DIN, MRD-315, MRD-355, and MRD-455

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Summary

Mandar Jadhav from Qualys Security has identified the vulnerabilities.

Exploitability

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Mandar Jadhav"
        ],
        "organization": "Qualys Security",
        "summary": "identifying the vulnerabilities"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "summary",
        "text": "Mandar Jadhav from Qualys Security has identified the vulnerabilities.",
        "title": "Summary"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "CISAservicedesk@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-236-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-236-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-236-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-236-01"
      }
    ],
    "title": "ICSA-17-236-01_Westermo MRD-305-DIN, MRD-315, MRD-355, and MRD-455",
    "tracking": {
      "current_release_date": "2017-08-24T00:00:00.000000Z",
      "generator": {
        "date": "2023-01-12T21:45:38.727Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.0.0"
        }
      },
      "id": "ICSA-17-236-01",
      "initial_release_date": "2017-08-24T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-08-24T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-17-236-01 Westermo ADSL-350, MRD-305-DIN, MRD-315, MRD-355, and MRD-455"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e 1.7.5.0",
                "product": {
                  "name": "MRD-305-DIN: versions older than 1.7.5.0",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "MRD-305-DIN"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e 1.7.5.0",
                "product": {
                  "name": "MRD-315 MRD-355 MRD-455: versions older than 1.7.5.0",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "MRD-315 MRD-355 MRD-455"
          }
        ],
        "category": "vendor",
        "name": "Westermo"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-12703",
      "cwe": {
        "id": "CWE-352",
        "name": "Cross-Site Request Forgery (CSRF)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The application does not verify whether a request was intentionally provided by the user, making it possible for an attacker to trick a user into making a malicious request to the server.CVE-2017-12703 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Westermo recommends that users update to the latest firmware version 1.7.7.0. The new version can be downloaded at:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "http://www.westermo.com/"
        },
        {
          "category": "mitigation",
          "details": "Westermo has also released a security advisory that can be found at:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "http://www.westermo.com/solutions/cyber-security/resource-centre"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ],
      "title": "CVE-2017-12703"
    },
    {
      "cve": "CVE-2017-12709",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The device utilizes hard-coded credentials, which could allow for unauthorized local low privileged access to the device.\n\nCVE-2017-12709 has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
          "title": "summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Westermo recommends that users update to the latest firmware version 1.7.7.0. The new version can be downloaded at:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "http://www.westermo.com/"
        },
        {
          "category": "mitigation",
          "details": "Westermo has also released a security advisory that can be found at:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "http://www.westermo.com/solutions/cyber-security/resource-centre"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ],
      "title": "CVE-2017-12709"
    },
    {
      "cve": "CVE-2016-5816",
      "cwe": {
        "id": "CWE-321",
        "name": "Use of Hard-coded Cryptographic Key"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source. CVE-2016-5816 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N).",
          "title": "summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Westermo recommends that users update to the latest firmware version 1.7.7.0. The new version can be downloaded at:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "http://www.westermo.com/"
        },
        {
          "category": "mitigation",
          "details": "Westermo has also released a security advisory that can be found at:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "http://www.westermo.com/solutions/cyber-security/resource-centre"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ],
      "title": "CVE-2016-5816"
    }
  ]
}

VAR-201708-1123

Vulnerability from variot - Updated: 2023-12-18 12:02

A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device. plural Westermo The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The RD-305-DIN, MRD-315, MRD-355, and MRD-455 are all Westermo router devices. A number of Westermo routers have a hard-coded password vulnerability, and the device uses a hard-coded private key that allows an attacker to decrypt traffic from any other source. Multiple Westermo Routers are prone to the following security vulnerabilities: 1. A hard-coded credentials vulnerability 2. A cross-site request forgery vulnerability 3. Westermo MRD-305-DIN etc. The following products and versions are affected: Westermo MRD-305-DIN prior to 1.7.5.0, MRD-315 prior to 1.7.5.0, MRD-355 prior to 1.7.5.0, MRD-455 prior to 1.7.5.0

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1123",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mrd-315-din",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "westermo",
        "version": null
      },
      {
        "model": "mrd-455-din",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "westermo",
        "version": null
      },
      {
        "model": "mrd-355-din",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "westermo",
        "version": null
      },
      {
        "model": "mrd-305-din",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "westermo",
        "version": null
      },
      {
        "model": "mrd-305-din",
        "scope": "lt",
        "trust": 1.2,
        "vendor": "westermo",
        "version": "1.7.5.0"
      },
      {
        "model": "mrd-315",
        "scope": "lt",
        "trust": 1.2,
        "vendor": "westermo",
        "version": "1.7.5.0"
      },
      {
        "model": "mrd-355",
        "scope": "lt",
        "trust": 1.2,
        "vendor": "westermo",
        "version": "1.7.5.0"
      },
      {
        "model": "mrd-455",
        "scope": "lt",
        "trust": 1.2,
        "vendor": "westermo",
        "version": "1.7.5.0"
      },
      {
        "model": "mrd-305-din",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "westermo",
        "version": "1.7.5.0"
      },
      {
        "model": "mrd-315",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "westermo",
        "version": "1.7.5.0"
      },
      {
        "model": "mrd-355",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "westermo",
        "version": "1.7.5.0"
      },
      {
        "model": "mrd-455",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "westermo",
        "version": "1.7.5.0"
      },
      {
        "model": "mrd-455",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "westermo",
        "version": "1.7.5.0"
      },
      {
        "model": "mrd-355",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "westermo",
        "version": "1.7.5.0"
      },
      {
        "model": "mrd-315",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "westermo",
        "version": "1.7.5.0"
      },
      {
        "model": "mrd-305-din",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "westermo",
        "version": "1.7.5.0"
      },
      {
        "model": "mrd-455",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "westermo",
        "version": "1.7.7.0"
      },
      {
        "model": "mrd-355",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "westermo",
        "version": "1.7.7.0"
      },
      {
        "model": "mrd-315",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "westermo",
        "version": "1.7.7.0"
      },
      {
        "model": "mrd-305-din",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "westermo",
        "version": "1.7.7.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "mrd 305 din",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "mrd 315 din",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "mrd 355 din",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "mrd 455 din",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b092bd69-deb6-4923-9672-099597dfec25"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23002"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23003"
      },
      {
        "db": "BID",
        "id": "100470"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007382"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12709"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1140"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:westermo:mrd-305-din_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:westermo:mrd-305-din:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:westermo:mrd-315-din_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:westermo:mrd-315-din:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:westermo:mrd-355-din_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:westermo:mrd-355-din:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:westermo:mrd-455-din_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:westermo:mrd-455-din:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-12709"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mandar Jadhav from Qualys Security",
    "sources": [
      {
        "db": "BID",
        "id": "100470"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1140"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-12709",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.1,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-12709",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 9.4,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-23002",
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2017-23003",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "b092bd69-deb6-4923-9672-099597dfec25",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-103258",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.8,
            "impactScore": 3.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2017-12709",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-12709",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-23002",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-23003",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201708-1140",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "b092bd69-deb6-4923-9672-099597dfec25",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-103258",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b092bd69-deb6-4923-9672-099597dfec25"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23002"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23003"
      },
      {
        "db": "VULHUB",
        "id": "VHN-103258"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007382"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12709"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1140"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device. plural Westermo The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The RD-305-DIN, MRD-315, MRD-355, and MRD-455 are all Westermo router devices. A number of Westermo routers have a hard-coded password vulnerability, and the device uses a hard-coded private key that allows an attacker to decrypt traffic from any other source. Multiple Westermo Routers are prone to the following security vulnerabilities:\n1. A hard-coded credentials vulnerability\n2. A cross-site request forgery vulnerability\n3. Westermo MRD-305-DIN etc. The following products and versions are affected: Westermo MRD-305-DIN prior to 1.7.5.0, MRD-315 prior to 1.7.5.0, MRD-355 prior to 1.7.5.0, MRD-455 prior to 1.7.5.0",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-12709"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007382"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23002"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23003"
      },
      {
        "db": "BID",
        "id": "100470"
      },
      {
        "db": "IVD",
        "id": "b092bd69-deb6-4923-9672-099597dfec25"
      },
      {
        "db": "VULHUB",
        "id": "VHN-103258"
      }
    ],
    "trust": 3.24
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "ICS CERT",
        "id": "ICSA-17-236-01",
        "trust": 4.0
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12709",
        "trust": 3.6
      },
      {
        "db": "BID",
        "id": "100470",
        "trust": 3.2
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1140",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23003",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007382",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23002",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "B092BD69-DEB6-4923-9672-099597DFEC25",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-103258",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b092bd69-deb6-4923-9672-099597dfec25"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23002"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23003"
      },
      {
        "db": "VULHUB",
        "id": "VHN-103258"
      },
      {
        "db": "BID",
        "id": "100470"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007382"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12709"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1140"
      }
    ]
  },
  "id": "VAR-201708-1123",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "b092bd69-deb6-4923-9672-099597dfec25"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23002"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23003"
      },
      {
        "db": "VULHUB",
        "id": "VHN-103258"
      }
    ],
    "trust": 2.243055575
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 1.2
      },
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "b092bd69-deb6-4923-9672-099597dfec25"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23002"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23003"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:02:37.719000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Wireless routers",
        "trust": 0.8,
        "url": "http://www.westermo.us/web/web_en_idc_us.nsf/alldocuments/b84901de5cc4368dc12578930031f1bc"
      },
      {
        "title": "Patches for several Westermo router hardcoded password vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/100885"
      },
      {
        "title": "Multiple Westermo routers hardcode patches for unauthorized access vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/100886"
      },
      {
        "title": "Multiple Westermo Repair measures for device security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74298"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-23002"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23003"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007382"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1140"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-798",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-103258"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007382"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12709"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 4.0,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-236-01"
      },
      {
        "trust": 2.9,
        "url": "http://www.securityfocus.com/bid/100470"
      },
      {
        "trust": 0.9,
        "url": "http://www.westermo.com/"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12709"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12709"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-23002"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23003"
      },
      {
        "db": "VULHUB",
        "id": "VHN-103258"
      },
      {
        "db": "BID",
        "id": "100470"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007382"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12709"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1140"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "b092bd69-deb6-4923-9672-099597dfec25"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23002"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23003"
      },
      {
        "db": "VULHUB",
        "id": "VHN-103258"
      },
      {
        "db": "BID",
        "id": "100470"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007382"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12709"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1140"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-26T00:00:00",
        "db": "IVD",
        "id": "b092bd69-deb6-4923-9672-099597dfec25"
      },
      {
        "date": "2017-08-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-23002"
      },
      {
        "date": "2017-08-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-23003"
      },
      {
        "date": "2017-08-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-103258"
      },
      {
        "date": "2017-08-24T00:00:00",
        "db": "BID",
        "id": "100470"
      },
      {
        "date": "2017-09-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-007382"
      },
      {
        "date": "2017-08-25T16:29:00.270000",
        "db": "NVD",
        "id": "CVE-2017-12709"
      },
      {
        "date": "2017-08-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201708-1140"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-23002"
      },
      {
        "date": "2017-08-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-23003"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-103258"
      },
      {
        "date": "2019-04-15T18:00:00",
        "db": "BID",
        "id": "100470"
      },
      {
        "date": "2017-09-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-007382"
      },
      {
        "date": "2019-10-09T23:23:10.777000",
        "db": "NVD",
        "id": "CVE-2017-12709"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201708-1140"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1140"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Westermo Vulnerabilities related to the use of hard-coded credentials in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-007382"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1140"
      }
    ],
    "trust": 0.6
  }
}

GSD-2017-12709

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-12709

Aliases

CVE-2017-12709

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-12709",
    "description": "A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device.",
    "id": "GSD-2017-12709"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-12709"
      ],
      "details": "A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device.",
      "id": "GSD-2017-12709",
      "modified": "2023-12-13T01:21:03.578897Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2017-12709",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Westermo MRD-305-DIN, MRD-315, MRD-355, and MRD-455",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Westermo MRD-305-DIN, MRD-315, MRD-355, and MRD-455"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-798"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01"
          },
          {
            "name": "100470",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/100470"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:westermo:mrd-305-din_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:westermo:mrd-305-din:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:westermo:mrd-315-din_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:westermo:mrd-315-din:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:westermo:mrd-355-din_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:westermo:mrd-355-din:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:westermo:mrd-455-din_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:westermo:mrd-455-din:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-12709"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-798"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01"
            },
            {
              "name": "100470",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/100470"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.4
        }
      },
      "lastModifiedDate": "2019-10-09T23:23Z",
      "publishedDate": "2017-08-25T16:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-12709 (GCVE-0-2017-12709)

FKIE_CVE-2017-12709

GHSA-GC73-922G-765G

CNVD-2017-23003

ICSA-17-236-01

VAR-201708-1123

GSD-2017-12709

Tags

Sightings

Nomenclature