cvelistv5 - cve-2017-5155

CVE-2017-5155 (GCVE-0-2017-5155)

Vulnerability from cvelistv5 – Published: 2017-02-13 21:00 – Updated: 2024-08-05 14:55

Summary

Severity ?

No CVSS data available.

CWE

Schneider Electric Wonderware Historian default passwords

Assigner

icscert

References

URL

Tags

	https://ics-cert.us-cert.gov/advisories/ICSA-17-024-01	x_refsource_MISC
	http://www.securitytracker.com/id/1037808	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/95766	vdb-entryx_refsource_BID
	http://software.schneider-electric.com/pdf/securi…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier	Affected: Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:55:35.780Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-024-01"
          },
          {
            "name": "1037808",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037808"
          },
          {
            "name": "95766",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95766"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier"
            }
          ]
        }
      ],
      "datePublic": "2017-02-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Schneider Electric Wonderware Historian default passwords",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-24T12:57:01",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-024-01"
        },
        {
          "name": "1037808",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037808"
        },
        {
          "name": "95766",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95766"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-5155",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Schneider Electric Wonderware Historian default passwords"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-024-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-024-01"
            },
            {
              "name": "1037808",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037808"
            },
            {
              "name": "95766",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95766"
            },
            {
              "name": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115/",
              "refsource": "CONFIRM",
              "url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2017-5155",
    "datePublished": "2017-02-13T21:00:00",
    "dateReserved": "2017-01-03T00:00:00",
    "dateUpdated": "2024-08-05T14:55:35.780Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:schneider-electric:wonderware_historian:2014_r2_sp1_p01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E563B308-C7FF-428B-A6E8-4528FD27E8B7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well.\"}, {\"lang\": \"es\", \"value\": \"Ha sido descubierto un problema en Schneider Electric Wonderware Historian 2014 R2 SP1 P01 y versiones anteriores. Wonderware Historian crea inicios de sesi\\u00f3n con contrase\\u00f1as predeterminadas, lo que puede permitir que una entidad maliciosa comprometer las bases de datos de Historian. En algunos escenarios de instalaci\\u00f3n, los recursos adem\\u00e1s de los creados por Wonderware Historian tambi\\u00e9n pueden verse comprometidos.\"}]",
      "id": "CVE-2017-5155",
      "lastModified": "2024-11-21T03:27:09.980",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"baseScore\": 7.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-02-13T21:59:02.737",
      "references": "[{\"url\": \"http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115/\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/95766\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037808\", \"source\": \"ics-cert@hq.dhs.gov\"}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-17-024-01\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Mitigation\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/95766\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037808\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-17-024-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1188\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-5155\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2017-02-13T21:59:02.737\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well.\"},{\"lang\":\"es\",\"value\":\"Ha sido descubierto un problema en Schneider Electric Wonderware Historian 2014 R2 SP1 P01 y versiones anteriores. Wonderware Historian crea inicios de sesi\u00f3n con contrase\u00f1as predeterminadas, lo que puede permitir que una entidad maliciosa comprometer las bases de datos de Historian. En algunos escenarios de instalaci\u00f3n, los recursos adem\u00e1s de los creados por Wonderware Historian tambi\u00e9n pueden verse comprometidos.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1188\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:wonderware_historian:2014_r2_sp1_p01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E563B308-C7FF-428B-A6E8-4528FD27E8B7\"}]}]}],\"references\":[{\"url\":\"http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115/\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/95766\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037808\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-17-024-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/95766\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037808\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-17-024-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

ICSA-17-024-01

Vulnerability from csaf_cisa - Published: 2017-01-24 00:00 - Updated: 2017-01-24 00:00

Summary

Schneider Electric Wonderware Historian

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

ATTENTION: Remotely exploitable/Low skill level to exploit

Recommended Practices

NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:

Recommended Practices

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.

Recommended Practices

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target this vulnerability. This vulnerability is not remotely exploitable. Low skill level is needed to exploit.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Ruslan Habalov",
          "Jan Bee"
        ],
        "organization": "the Google ISA Assessments Team",
        "summary": "discovering this vulnerability"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "ATTENTION: Remotely exploitable/Low skill level to exploit",
        "title": "Risk evaluation"
      },
      {
        "category": "general",
        "text": "NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability. This vulnerability is not remotely exploitable. Low skill level is needed to exploit.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-024-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-024-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-024-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-024-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-024-01"
      }
    ],
    "title": "Schneider Electric Wonderware Historian",
    "tracking": {
      "current_release_date": "2017-01-24T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-17-024-01",
      "initial_release_date": "2017-01-24T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-01-24T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-17-024-01 Schneider Electric Wonderware Historian "
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c SP1 P01",
                "product": {
                  "name": "Wonderware Historian 2014 R2: SP1 P01 and earlier",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Wonderware Historian 2014 R2"
          }
        ],
        "category": "vendor",
        "name": "Schneider Electric Software, LLC"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-5155",
      "cwe": {
        "id": "CWE-118",
        "name": "Incorrect Access of Indexable Resource (\u0027Range Error\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well.CVE-2017-5155 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5155"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Identify where the logins are used. Some likely places for the logins to have been used are: Wonderware Historian Client, Wonderware InTouch and Application Object scripts, Wonderware Information Server configuration, and Custom applications not supplied by Schneider Electric that interact with Historian data.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "Logins that are not used should be disabled from the SQL Server Management Studio.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For logins that are still in use, the passwords should be changed from the default.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "mitigation",
          "details": "For an increased level of security, Schneider Electric and Microsoft further advise that connectivity to SQL Server be accomplished with Windows Integrated Security as opposed to using native SQL logins.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

VAR-201702-0676

Vulnerability from variot - Updated: 2023-12-18 13:19

An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well. Schneider Electric Wonderware Historian is a set of industrial data management software from Schneider Electric that combines high-speed data acquisition storage systems with traditional relational database management systems. A remote attacker could exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. The vulnerability is caused by the program using insecure default passwords

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0676",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wonderware historian",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "schneider electric",
        "version": "2014_r2_sp1_p01"
      },
      {
        "model": "wonderware historian",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": "2014 r2 sp1 p01"
      },
      {
        "model": "wonderware historian r2 sp1 p01",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "schneider electric",
        "version": "\u003c=2014"
      },
      {
        "model": "wonderware historian r2 sp1 p01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "2014"
      },
      {
        "model": "wonderware historian",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "0"
      },
      {
        "model": "2014 r2 sp1 p01",
        "scope": null,
        "trust": 0.2,
        "vendor": "wonderware historian",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "195abc78-1252-4e75-8ed2-fea0f775fa46"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-01759"
      },
      {
        "db": "BID",
        "id": "95766"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002220"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5155"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-272"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:wonderware_historian:2014_r2_sp1_p01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-5155"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ruslan Habalov and Jan Bee of the Google ISA Assessments Team.",
    "sources": [
      {
        "db": "BID",
        "id": "95766"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-272"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-5155",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-5155",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-01759",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "195abc78-1252-4e75-8ed2-fea0f775fa46",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-113358",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "impactScore": 3.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 7.3,
            "baseSeverity": "High",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2017-5155",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-5155",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-01759",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201702-272",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "195abc78-1252-4e75-8ed2-fea0f775fa46",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-113358",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "195abc78-1252-4e75-8ed2-fea0f775fa46"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-01759"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113358"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002220"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5155"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-272"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well. Schneider Electric Wonderware Historian is a set of industrial data management software from Schneider Electric that combines high-speed data acquisition storage systems with traditional relational database management systems. A remote attacker could exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. The vulnerability is caused by the program using insecure default passwords",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-5155"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002220"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-01759"
      },
      {
        "db": "BID",
        "id": "95766"
      },
      {
        "db": "IVD",
        "id": "195abc78-1252-4e75-8ed2-fea0f775fa46"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113358"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-5155",
        "trust": 3.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-024-01",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "95766",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1037808",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-272",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-01759",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002220",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "195ABC78-1252-4E75-8ED2-FEA0F775FA46",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-113358",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "195abc78-1252-4e75-8ed2-fea0f775fa46"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-01759"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113358"
      },
      {
        "db": "BID",
        "id": "95766"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002220"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5155"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-272"
      }
    ]
  },
  "id": "VAR-201702-0676",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "195abc78-1252-4e75-8ed2-fea0f775fa46"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-01759"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113358"
      }
    ],
    "trust": 1.7333333
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "195abc78-1252-4e75-8ed2-fea0f775fa46"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-01759"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:19:37.270000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "LFSEC00000115",
        "trust": 0.8,
        "url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115/"
      },
      {
        "title": "Schneider Electric Wonderware Historian Unauthorized Access Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/89596"
      },
      {
        "title": "Schneider Electric Wonderware Historian Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67557"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-01759"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002220"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-272"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-1188",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-255",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-113358"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002220"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5155"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-024-01"
      },
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/95766"
      },
      {
        "trust": 1.7,
        "url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115/"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1037808"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5155"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5155"
      },
      {
        "trust": 0.3,
        "url": "www.controlmicrosystems.com"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-01759"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113358"
      },
      {
        "db": "BID",
        "id": "95766"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002220"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5155"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-272"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "195abc78-1252-4e75-8ed2-fea0f775fa46"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-01759"
      },
      {
        "db": "VULHUB",
        "id": "VHN-113358"
      },
      {
        "db": "BID",
        "id": "95766"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002220"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-5155"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-272"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-02-22T00:00:00",
        "db": "IVD",
        "id": "195abc78-1252-4e75-8ed2-fea0f775fa46"
      },
      {
        "date": "2017-02-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-01759"
      },
      {
        "date": "2017-02-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-113358"
      },
      {
        "date": "2017-01-24T00:00:00",
        "db": "BID",
        "id": "95766"
      },
      {
        "date": "2017-04-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-002220"
      },
      {
        "date": "2017-02-13T21:59:02.737000",
        "db": "NVD",
        "id": "CVE-2017-5155"
      },
      {
        "date": "2017-01-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-272"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-02-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-01759"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-113358"
      },
      {
        "date": "2017-02-02T01:01:00",
        "db": "BID",
        "id": "95766"
      },
      {
        "date": "2017-04-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-002220"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2017-5155"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-272"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-272"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Schneider Electric Wonderware Historian Unauthorized Access Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "195abc78-1252-4e75-8ed2-fea0f775fa46"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-01759"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-272"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2017-5155

Vulnerability from fkie_nvd - Published: 2017-02-13 21:59 - Updated: 2025-04-20 01:37

Severity ?

7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115/	Vendor Advisory
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/95766	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	http://www.securitytracker.com/id/1037808
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-17-024-01	Mitigation, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/95766	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037808
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-17-024-01	Mitigation, Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	schneider-electric	wonderware_historian	2014_r2_sp1_p01

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:wonderware_historian:2014_r2_sp1_p01:*:*:*:*:*:*:*",
              "matchCriteriaId": "E563B308-C7FF-428B-A6E8-4528FD27E8B7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well."
    },
    {
      "lang": "es",
      "value": "Ha sido descubierto un problema en Schneider Electric Wonderware Historian 2014 R2 SP1 P01 y versiones anteriores. Wonderware Historian crea inicios de sesi\u00f3n con contrase\u00f1as predeterminadas, lo que puede permitir que una entidad maliciosa comprometer las bases de datos de Historian. En algunos escenarios de instalaci\u00f3n, los recursos adem\u00e1s de los creados por Wonderware Historian tambi\u00e9n pueden verse comprometidos."
    }
  ],
  "id": "CVE-2017-5155",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-13T21:59:02.737",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115/"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95766"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "http://www.securitytracker.com/id/1037808"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-024-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95766"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037808"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-024-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1188"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2017-5155

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-5155

Aliases

CVE-2017-5155

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-5155",
    "description": "An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well.",
    "id": "GSD-2017-5155"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-5155"
      ],
      "details": "An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well.",
      "id": "GSD-2017-5155",
      "modified": "2023-12-13T01:21:13.505072Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2017-5155",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Schneider Electric Wonderware Historian default passwords"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-024-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-024-01"
          },
          {
            "name": "1037808",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037808"
          },
          {
            "name": "95766",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/95766"
          },
          {
            "name": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115/",
            "refsource": "CONFIRM",
            "url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:wonderware_historian:2014_r2_sp1_p01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-5155"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-1188"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-024-01",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-024-01"
            },
            {
              "name": "95766",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/95766"
            },
            {
              "name": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115/"
            },
            {
              "name": "1037808",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1037808"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.4
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-02-13T21:59Z"
    }
  }
}

GHSA-M6F8-WJ73-MHFJ

Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2025-04-20 03:32

Details

Severity ?

7.3 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-5155"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-13T21:59:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well.",
  "id": "GHSA-m6f8-wj73-mhfj",
  "modified": "2025-04-20T03:32:49Z",
  "published": "2022-05-13T01:46:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5155"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-024-01"
    },
    {
      "type": "WEB",
      "url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95766"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037808"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2017-01759

Vulnerability from cnvd - Published: 2017-02-22

Title

Schneider Electric Wonderware Historian未授权访问漏洞

Description

Schneider Electric Wonderware Historian是法国施耐德电气（Schneider Electric）公司的一套用于将高速数据采集存储系统与传统的关系数据库管理系统相结合的工业数据管理软件。 Schneider Electric Wonderware Historian 2014 R2 SP1 P01及之前的版本中存在未授权访问漏洞，由于程序使用不安全的默认密码。远程攻击者可利用该漏洞获取未授权的访问权限，执行未授权操作。

Severity

中

Patch Name

Schneider Electric Wonderware Historian未授权访问漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，详情请关注厂商主页： http://www.schneider-electric.com/

Reference

http://www.securityfocus.com/bid/95766

Impacted products

Name
Schneider-Electric Wonderware Historian <=2014 R2 SP1 P01

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "95766"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-5155",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5155"
    }
  },
  "description": "Schneider Electric Wonderware Historian\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u5c06\u9ad8\u901f\u6570\u636e\u91c7\u96c6\u5b58\u50a8\u7cfb\u7edf\u4e0e\u4f20\u7edf\u7684\u5173\u7cfb\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u76f8\u7ed3\u5408\u7684\u5de5\u4e1a\u6570\u636e\u7ba1\u7406\u8f6f\u4ef6\u3002\r\n\r\nSchneider Electric Wonderware Historian 2014 R2 SP1 P01\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\uff0c\u7531\u4e8e\u7a0b\u5e8f\u4f7f\u7528\u4e0d\u5b89\u5168\u7684\u9ed8\u8ba4\u5bc6\u7801\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u672a\u6388\u6743\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002",
  "discovererName": "Ruslan Habalov and Jan Bee of the Google ISA Assessments Team",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://www.schneider-electric.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-01759",
  "openTime": "2017-02-22",
  "patchDescription": "Schneider Electric Wonderware Historian\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u5c06\u9ad8\u901f\u6570\u636e\u91c7\u96c6\u5b58\u50a8\u7cfb\u7edf\u4e0e\u4f20\u7edf\u7684\u5173\u7cfb\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u76f8\u7ed3\u5408\u7684\u5de5\u4e1a\u6570\u636e\u7ba1\u7406\u8f6f\u4ef6\u3002 \r\n\r\nSchneider Electric Wonderware Historian 2014 R2 SP1 P01\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\uff0c\u7531\u4e8e\u7a0b\u5e8f\u4f7f\u7528\u4e0d\u5b89\u5168\u7684\u9ed8\u8ba4\u5bc6\u7801\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u672a\u6388\u6743\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002",
  "patchName": "Schneider Electric Wonderware Historian\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Schneider-Electric Wonderware Historian \u003c=2014 R2 SP1 P01"
  },
  "referenceLink": "http://www.securityfocus.com/bid/95766",
  "serverity": "\u4e2d",
  "submitTime": "2017-02-14",
  "title": "Schneider Electric Wonderware Historian\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-5155 (GCVE-0-2017-5155)

ICSA-17-024-01

VAR-201702-0676

FKIE_CVE-2017-5155

GSD-2017-5155

GHSA-M6F8-WJ73-MHFJ

CNVD-2017-01759

Tags

Sightings

Nomenclature