cvelistv5 - cve-2017-12729

CVE-2017-12729 (GCVE-0-2017-12729)

Vulnerability from cvelistv5 – Published: 2018-01-18 19:00 – Updated: 2024-08-05 18:43

Summary

Severity ?

No CVSS data available.

CWE

CWE-89

Assigner

icscert

References

URL

	Vendor	Product	Version
	n/a	Moxa SoftCMS Live Viewer	Affected: Moxa SoftCMS Live Viewer

GHSA-3QHW-5546-2W2P

Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-12729"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-18T19:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutralization of special elements used in an SQL command (\u0027SQL Injection\u0027) vulnerability has been identified. Attackers can exploit this vulnerability to access SoftCMS without knowing the user\u0027s password.",
  "id": "GHSA-3qhw-5546-2w2p",
  "modified": "2022-05-13T01:37:44Z",
  "published": "2022-05-13T01:37:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12729"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-243-05"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201801-0962

Vulnerability from variot - Updated: 2023-12-18 13:24

A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability has been identified. Attackers can exploit this vulnerability to access SoftCMS without knowing the user's password. Moxa SoftCMS Live Viewer is a set of data remote monitoring and debugging software developed by Moxa for industrial automation systems

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201801-0962",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "softcms lab view",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "moxa",
        "version": "1.6"
      },
      {
        "model": "softcms",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "moxa",
        "version": "1.6"
      },
      {
        "model": "softcms live viewer",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "moxa",
        "version": "0"
      },
      {
        "model": "softcms lab view",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "moxa",
        "version": "1.6"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "softcms lab view",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "19328f7f-6b4f-4c90-afb2-2a70e0cb7352"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-32444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012106"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12729"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-179"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:moxa:softcms_lab_view:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-12729"
      }
    ]
  },
  "cve": "CVE-2017-12729",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-12729",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-32444",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "19328f7f-6b4f-4c90-afb2-2a70e0cb7352",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-103280",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-12729",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-12729",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-32444",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201709-179",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "19328f7f-6b4f-4c90-afb2-2a70e0cb7352",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-103280",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "19328f7f-6b4f-4c90-afb2-2a70e0cb7352"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-32444"
      },
      {
        "db": "VULHUB",
        "id": "VHN-103280"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012106"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12729"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-179"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutralization of special elements used in an SQL command (\u0027SQL Injection\u0027) vulnerability has been identified. Attackers can exploit this vulnerability to access SoftCMS without knowing the user\u0027s password. Moxa SoftCMS Live Viewer is a set of data remote monitoring and debugging software developed by Moxa for industrial automation systems",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-12729"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012106"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-32444"
      },
      {
        "db": "IVD",
        "id": "19328f7f-6b4f-4c90-afb2-2a70e0cb7352"
      },
      {
        "db": "VULHUB",
        "id": "VHN-103280"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-12729",
        "trust": 3.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-243-05",
        "trust": 3.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-179",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-32444",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012106",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "19328F7F-6B4F-4C90-AFB2-2A70E0CB7352",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-103280",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "19328f7f-6b4f-4c90-afb2-2a70e0cb7352"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-32444"
      },
      {
        "db": "VULHUB",
        "id": "VHN-103280"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012106"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12729"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-179"
      }
    ]
  },
  "id": "VAR-201801-0962",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "19328f7f-6b4f-4c90-afb2-2a70e0cb7352"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-32444"
      },
      {
        "db": "VULHUB",
        "id": "VHN-103280"
      }
    ],
    "trust": 1.6954545300000001
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "19328f7f-6b4f-4c90-afb2-2a70e0cb7352"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-32444"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:24:12.031000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SoftCMS",
        "trust": 0.8,
        "url": "https://www.moxa.com/product/softcms.htm"
      },
      {
        "title": "Moxa SoftCMS Live Viewer SQL Injection Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/105233"
      },
      {
        "title": "Moxa SoftCMS Live Viewer SQL Repair measures for injecting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74556"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-32444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012106"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-179"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-89",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-103280"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012106"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12729"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-243-05"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12729"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12729"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-32444"
      },
      {
        "db": "VULHUB",
        "id": "VHN-103280"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012106"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12729"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-179"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "19328f7f-6b4f-4c90-afb2-2a70e0cb7352"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-32444"
      },
      {
        "db": "VULHUB",
        "id": "VHN-103280"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012106"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12729"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-179"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-02T00:00:00",
        "db": "IVD",
        "id": "19328f7f-6b4f-4c90-afb2-2a70e0cb7352"
      },
      {
        "date": "2017-11-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-32444"
      },
      {
        "date": "2018-01-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-103280"
      },
      {
        "date": "2018-02-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-012106"
      },
      {
        "date": "2018-01-18T19:29:00.237000",
        "db": "NVD",
        "id": "CVE-2017-12729"
      },
      {
        "date": "2017-09-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201709-179"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-32444"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-103280"
      },
      {
        "date": "2018-02-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-012106"
      },
      {
        "date": "2019-10-09T23:23:12.793000",
        "db": "NVD",
        "id": "CVE-2017-12729"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201709-179"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-179"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Moxa SoftCMS Live Viewer SQL Injection Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-32444"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-179"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SQL injection",
    "sources": [
      {
        "db": "IVD",
        "id": "19328f7f-6b4f-4c90-afb2-2a70e0cb7352"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-179"
      }
    ],
    "trust": 0.8
  }
}

GSD-2017-12729

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-12729

Aliases

CVE-2017-12729

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-12729",
    "description": "A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutralization of special elements used in an SQL command (\u0027SQL Injection\u0027) vulnerability has been identified. Attackers can exploit this vulnerability to access SoftCMS without knowing the user\u0027s password.",
    "id": "GSD-2017-12729"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-12729"
      ],
      "details": "A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutralization of special elements used in an SQL command (\u0027SQL Injection\u0027) vulnerability has been identified. Attackers can exploit this vulnerability to access SoftCMS without knowing the user\u0027s password.",
      "id": "GSD-2017-12729",
      "modified": "2023-12-13T01:21:04.012189Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2017-12729",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Moxa SoftCMS Live Viewer",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Moxa SoftCMS Live Viewer"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutralization of special elements used in an SQL command (\u0027SQL Injection\u0027) vulnerability has been identified. Attackers can exploit this vulnerability to access SoftCMS without knowing the user\u0027s password."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-89"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-243-05",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-243-05"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:moxa:softcms_lab_view:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-12729"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutralization of special elements used in an SQL command (\u0027SQL Injection\u0027) vulnerability has been identified. Attackers can exploit this vulnerability to access SoftCMS without knowing the user\u0027s password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-243-05",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-243-05"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:23Z",
      "publishedDate": "2018-01-18T19:29Z"
    }
  }
}

ICSA-17-243-05

Vulnerability from csaf_cisa - Published: 2017-08-31 00:00 - Updated: 2017-08-31 00:00

Summary

Moxa SoftCMS Live Viewer

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

AFFECTED PRODUCTS

Critical infrastructure sectors

Critical Manufacturing, Energy, Transportation Systems.

Countries/areas deployed

Worldwide

Company headquarters location

Taiwan

Recommended Practices

NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.

Recommended Practices

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Ziqiang Gu"
        ],
        "organization": "Huawei WeiRan Labs",
        "summary": "identifying this vulnerability"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "AFFECTED PRODUCTS",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing, Energy, Transportation Systems.",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Taiwan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-243-05 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-243-05.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-243-05 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-243-05"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-243-05"
      }
    ],
    "title": "Moxa SoftCMS Live Viewer",
    "tracking": {
      "current_release_date": "2017-08-31T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-17-243-05",
      "initial_release_date": "2017-08-31T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-08-31T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-17-243-05 Moxa SoftCMS Live Viewer"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.6",
                "product": {
                  "name": "SoftCMS Live Viewer: Version 1.6 and prior versions",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "SoftCMS Live Viewer"
          }
        ],
        "category": "vendor",
        "name": "Moxa"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-12729",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An improper neutralization of special elements used in an SQL command (\u0027SQL Injection\u0027) vulnerability has been identified. Attackers can exploit this vulnerability to access SoftCMS without knowing the user \u0027s password.CVE-2017-12729has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12729"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Moxa has provided software update Version 1.7 for SoftCMS Live Viewer which fixes this vulnerability. Moxa recommends users update to the new version, which is available at the following location:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.moxa.com/support/download.aspx?type=support\u0026id=11362"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

FKIE_CVE-2017-12729

Vulnerability from fkie_nvd - Published: 2018-01-18 19:29 - Updated: 2024-11-21 03:10

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-17-243-05	Mitigation, Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-17-243-05	Mitigation, Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	moxa	softcms_lab_view	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:moxa:softcms_lab_view:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD892AF4-0CA2-49FA-8E36-AF25E2504604",
              "versionEndIncluding": "1.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutralization of special elements used in an SQL command (\u0027SQL Injection\u0027) vulnerability has been identified. Attackers can exploit this vulnerability to access SoftCMS without knowing the user\u0027s password."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema de inyecci\u00f3n SQL en Moxa SoftCMS Live Viewer hasta la versi\u00f3n 1.6. Se ha identificado una vulnerabilidad de neutralizaci\u00f3n indebida de elementos especiales usada en un comando SQL (\"inyecci\u00f3n SQL\"). Los atacantes pueden explotar esta vulnerabilidad para acceder a SoftCMS sin conocer la contrase\u00f1a de usuario."
    }
  ],
  "id": "CVE-2017-12729",
  "lastModified": "2024-11-21T03:10:06.533",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-18T19:29:00.237",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-243-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-243-05"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2017-32444

Vulnerability from cnvd - Published: 2017-11-02

Title

Moxa SoftCMS Live Viewer SQL注入漏洞

Description

Moxa SoftCMS Live Viewer是摩莎（Moxa）公司开发的一套用于工业自动化系统的数据远程监控调试软件。 Moxa SoftCMS Live Viewer 1.6及之前的版本中存在SQL注入漏洞。远程攻击者可利用该漏洞访问SoftCMS Live Viewer。

Severity

高

Patch Name

Moxa SoftCMS Live Viewer SQL注入漏洞的补丁

Patch Description

Moxa SoftCMS Live Viewer是摩莎（Moxa）公司开发的一套用于工业自动化系统的数据远程监控调试软件。 Moxa SoftCMS Live Viewer 1.6及之前的版本中存在SQL注入漏洞。远程攻击者可利用该漏洞访问SoftCMS Live Viewer。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.moxa.com/support/download.aspx?type=support&id;=11362

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-17-243-05

Impacted products

Name
Moxa SoftCMS Live Viewer 0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-12729"
    }
  },
  "description": "Moxa SoftCMS Live Viewer\u662f\u6469\u838e\uff08Moxa\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u5957\u7528\u4e8e\u5de5\u4e1a\u81ea\u52a8\u5316\u7cfb\u7edf\u7684\u6570\u636e\u8fdc\u7a0b\u76d1\u63a7\u8c03\u8bd5\u8f6f\u4ef6\u3002\r\n\r\nMoxa SoftCMS Live Viewer 1.6\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95eeSoftCMS Live Viewer\u3002",
  "discovererName": "Critical Manufacturing, Energy, Transportation Systems",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.moxa.com/support/download.aspx?type=support\u0026id;=11362",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-32444",
  "openTime": "2017-11-02",
  "patchDescription": "Moxa SoftCMS Live Viewer\u662f\u6469\u838e\uff08Moxa\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u5957\u7528\u4e8e\u5de5\u4e1a\u81ea\u52a8\u5316\u7cfb\u7edf\u7684\u6570\u636e\u8fdc\u7a0b\u76d1\u63a7\u8c03\u8bd5\u8f6f\u4ef6\u3002\r\n\r\nMoxa SoftCMS Live Viewer 1.6\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95eeSoftCMS Live Viewer\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Moxa SoftCMS Live Viewer SQL\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Moxa SoftCMS Live Viewer 0"
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-17-243-05",
  "serverity": "\u9ad8",
  "submitTime": "2017-09-08",
  "title": "Moxa SoftCMS Live Viewer SQL\u6ce8\u5165\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-12729 (GCVE-0-2017-12729)

GHSA-3QHW-5546-2W2P

VAR-201801-0962

GSD-2017-12729

ICSA-17-243-05

FKIE_CVE-2017-12729

CNVD-2017-32444

Tags

Sightings

Nomenclature