cvelistv5 - cve-2017-6054

CVE-2017-6054 (GCVE-0-2017-6054)

Vulnerability from cvelistv5 – Published: 2017-04-26 14:00 – Updated: 2024-08-05 15:18

Summary

Severity ?

No CVSS data available.

CWE

CWE-321

Assigner

icscert

References

URL

	Vendor	Product	Version
	n/a	Hyundai Motor America Blue Link	Affected: Hyundai Motor America Blue Link

ICSA-17-115-03

Vulnerability from csaf_cisa - Published: 2017-04-25 00:00 - Updated: 2017-04-25 00:00

Summary

Hyundai Motor America Blue Link

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

ATTENTION: Remotely exploitable

Countries/areas deployed

United States

Company headquarters location

Fountain Valley, California

Recommended Practices

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.

Recommended Practices

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target these vulnerabilities. High skill level is needed to exploit.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Will Hatzer",
          "Arjun Kumar"
        ],
        "organization": "Rapid7",
        "summary": "discovering these vulnerabilities"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "ATTENTION: Remotely exploitable",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Fountain Valley, California",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities. High skill level is needed to exploit.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-115-03 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-115-03.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-115-03 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-115-03"
      }
    ],
    "title": "Hyundai Motor America Blue Link",
    "tracking": {
      "current_release_date": "2017-04-25T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-17-115-03",
      "initial_release_date": "2017-04-25T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-04-25T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-17-115-03 Hyundai Motor America Blue Link"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.9.4",
                "product": {
                  "name": "Blue Link: Version 3.9.4",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Blue Link"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.9.5",
                "product": {
                  "name": "Blue Link: Version 3.9.5",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "Blue Link"
          }
        ],
        "category": "vendor",
        "name": "Hyundai Motor America"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-6052",
      "cwe": {
        "id": "CWE-300",
        "name": "Channel Accessible by Non-Endpoint"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints.CVE-2017-6052 has been assigned to this vulnerability. A CVSS v3 base score of 4.6 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6052"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Hyundai Motor America released Blue Link, Version 3.9.6, a mandatory update to the application, which mitigates the aforementioned vulnerabilities on March 6, 2017, for Android devices and March 8, 2017, for iOS devices.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Rapid7 has released a security advisory that can be found at https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2017-6054",
      "cwe": {
        "id": "CWE-321",
        "name": "Use of Hard-coded Cryptographic Key"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The application uses a hard-coded decryption password to protect sensitive user information.CVE-2017-6054 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6054"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Hyundai Motor America released Blue Link, Version 3.9.6, a mandatory update to the application, which mitigates the aforementioned vulnerabilities on March 6, 2017, for Android devices and March 8, 2017, for iOS devices.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "mitigation",
          "details": "Rapid7 has released a security advisory that can be found at https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    }
  ]
}

GSD-2017-6054

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-6054

Aliases

CVE-2017-6054

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6054",
    "description": "A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information.",
    "id": "GSD-2017-6054"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6054"
      ],
      "details": "A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information.",
      "id": "GSD-2017-6054",
      "modified": "2023-12-13T01:21:09.264188Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2017-6054",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Hyundai Motor America Blue Link",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Hyundai Motor America Blue Link"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-321"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
          },
          {
            "name": "98033",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/98033"
          },
          {
            "name": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed",
            "refsource": "MISC",
            "url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hyundaiusa:blue_link:3.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hyundaiusa:blue_link:3.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-6054"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-798"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
            },
            {
              "name": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
            },
            {
              "name": "98033",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/98033"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-09T23:28Z",
      "publishedDate": "2017-04-26T14:59Z"
    }
  }
}

VAR-201704-1011

Vulnerability from variot - Updated: 2023-12-18 13:34

A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information. HyundaiMotorAmericaBlueLink is a remote wireless remote control device for use in cars. An attacker could exploit this vulnerability to obtain sensitive information

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201704-1011",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "blue link",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hyundaiusa",
        "version": "3.9.4"
      },
      {
        "model": "blue link",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hyundaiusa",
        "version": "3.9.5"
      },
      {
        "model": "blue link",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hyundai motor america",
        "version": "3.9.4"
      },
      {
        "model": "blue link",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hyundai motor america",
        "version": "3.9.5"
      },
      {
        "model": "motor america blue link",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hyundai",
        "version": "3.9.5"
      },
      {
        "model": "motor america blue link",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hyundai",
        "version": "3.9.4"
      },
      {
        "model": "blue link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hyundai",
        "version": "3.9.5"
      },
      {
        "model": "blue link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hyundai",
        "version": "3.9.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "blue link",
        "version": "3.9.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "blue link",
        "version": "3.9.5"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05788"
      },
      {
        "db": "BID",
        "id": "98033"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003615"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6054"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1450"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hyundaiusa:blue_link:3.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hyundaiusa:blue_link:3.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6054"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Will Hatzer and Arjun Kumar working with Rapid7.",
    "sources": [
      {
        "db": "BID",
        "id": "98033"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-6054",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-6054",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-05788",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-6054",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-6054",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-05788",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201704-1450",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44",
            "trust": 0.2,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05788"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003615"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6054"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1450"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information. HyundaiMotorAmericaBlueLink is a remote wireless remote control device for use in cars. An attacker could exploit this vulnerability to obtain sensitive information",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6054"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003615"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05788"
      },
      {
        "db": "BID",
        "id": "98033"
      },
      {
        "db": "IVD",
        "id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6054",
        "trust": 3.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-115-03",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "98033",
        "trust": 2.5
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05788",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1450",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003615",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "7EE1BC97-3498-4BD2-9FF2-84847959EE44",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05788"
      },
      {
        "db": "BID",
        "id": "98033"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003615"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6054"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1450"
      }
    ]
  },
  "id": "VAR-201704-1011",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05788"
      }
    ],
    "trust": 1.8
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      },
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05788"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:34:17.891000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Blue Link",
        "trust": 0.8,
        "url": "https://www.hyundaiusa.com/bluelink/index.aspx"
      },
      {
        "title": "HyundaiMotorAmericaBlueLink Patch for Sensitive Information Disclosure Vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/93017"
      },
      {
        "title": "Hyundai Motor America Blue Link Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69679"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05788"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003615"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1450"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-798",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003615"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6054"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-115-03"
      },
      {
        "trust": 2.2,
        "url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
      },
      {
        "trust": 2.2,
        "url": "http://www.securityfocus.com/bid/98033"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6054"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6054"
      },
      {
        "trust": 0.3,
        "url": "https://www.hyundaiusa.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-05788"
      },
      {
        "db": "BID",
        "id": "98033"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003615"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6054"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1450"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05788"
      },
      {
        "db": "BID",
        "id": "98033"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-003615"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6054"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1450"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-02T00:00:00",
        "db": "IVD",
        "id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
      },
      {
        "date": "2017-05-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-05788"
      },
      {
        "date": "2017-04-25T00:00:00",
        "db": "BID",
        "id": "98033"
      },
      {
        "date": "2017-05-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-003615"
      },
      {
        "date": "2017-04-26T14:59:00.207000",
        "db": "NVD",
        "id": "CVE-2017-6054"
      },
      {
        "date": "2017-04-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-1450"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-05788"
      },
      {
        "date": "2017-05-02T00:10:00",
        "db": "BID",
        "id": "98033"
      },
      {
        "date": "2017-05-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-003615"
      },
      {
        "date": "2019-10-09T23:28:39.090000",
        "db": "NVD",
        "id": "CVE-2017-6054"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201704-1450"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1450"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Hyundai Motor America Blue Link Sensitive Information Disclosure Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-05788"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201704-1450"
      }
    ],
    "trust": 0.6
  }
}

GHSA-FMXW-52W5-JC84

Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6054"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-321",
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-26T14:59:00Z",
    "severity": "HIGH"
  },
  "details": "A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information.",
  "id": "GHSA-fmxw-52w5-jc84",
  "modified": "2022-05-13T01:36:33Z",
  "published": "2022-05-13T01:36:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6054"
    },
    {
      "type": "WEB",
      "url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98033"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2017-05788

Vulnerability from cnvd - Published: 2017-05-02

Title

Hyundai Motor America Blue Link敏感信息泄露漏洞

Description

Hyundai Motor America Blue Link是一款应用在汽车上的远程无线遥控设备。 Hyundai Motor America Blue Link 3.9.5版本和3.9.4版本中存在敏感信息泄露漏洞，该漏洞源于程序使用硬编码密码。攻击者可利用该漏洞获取敏感信息。

Severity

中

Patch Name

Hyundai Motor America Blue Link敏感信息泄露漏洞的补丁

Patch Description

Hyundai Motor America Blue Link是一款应用在汽车上的远程无线遥控设备。 Hyundai Motor America Blue Link 3.9.5版本和3.9.4版本中存在敏感信息泄露漏洞，该漏洞源于程序使用硬编码密码。攻击者可利用该漏洞获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞: https://www.hyundaiusa.com/

Reference

https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed http://www.securityfocus.com/bid/98033

Impacted products

Name
['Hyundai Motor America Blue Link 3.9.5', 'Hyundai Motor America Blue Link 3.9.4']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "98033"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6054",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6054"
    }
  },
  "description": "Hyundai Motor America Blue Link\u662f\u4e00\u6b3e\u5e94\u7528\u5728\u6c7d\u8f66\u4e0a\u7684\u8fdc\u7a0b\u65e0\u7ebf\u9065\u63a7\u8bbe\u5907\u3002\r\n\r\nHyundai Motor America Blue Link 3.9.5\u7248\u672c\u548c3.9.4\u7248\u672c\u4e2d\u5b58\u5728\u654f\u611f\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4f7f\u7528\u786c\u7f16\u7801\u5bc6\u7801\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Will Hatzer and Arjun Kumar working with Rapid7",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e:\r\nhttps://www.hyundaiusa.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-05788",
  "openTime": "2017-05-02",
  "patchDescription": "Hyundai Motor America Blue Link\u662f\u4e00\u6b3e\u5e94\u7528\u5728\u6c7d\u8f66\u4e0a\u7684\u8fdc\u7a0b\u65e0\u7ebf\u9065\u63a7\u8bbe\u5907\u3002\r\n\r\nHyundai Motor America Blue Link 3.9.5\u7248\u672c\u548c3.9.4\u7248\u672c\u4e2d\u5b58\u5728\u654f\u611f\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4f7f\u7528\u786c\u7f16\u7801\u5bc6\u7801\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Hyundai Motor America Blue Link\u654f\u611f\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Hyundai Motor America Blue Link 3.9.5",
      "Hyundai Motor America Blue Link 3.9.4"
    ]
  },
  "referenceLink": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed\r\nhttp://www.securityfocus.com/bid/98033",
  "serverity": "\u4e2d",
  "submitTime": "2017-04-28",
  "title": "Hyundai Motor America Blue Link\u654f\u611f\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

FKIE_CVE-2017-6054

Vulnerability from fkie_nvd - Published: 2017-04-26 14:59 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/98033	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed	Third Party Advisory
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/98033	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	hyundaiusa	blue_link	3.9.4
	hyundaiusa	blue_link	3.9.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hyundaiusa:blue_link:3.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "311E002C-207A-428E-984A-EF4D30E30654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hyundaiusa:blue_link:3.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "638386D0-BB98-4B19-9969-4D5E74C4FAE9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto el uso de una clave criptogr\u00e1fica embebida en las versions 3.9.5 y 3.9.4 de America Blue Link de Hyundai Motor America. La aplicaci\u00f3n contendr\u00eda una clave de descifrado embebida utilizada para proteger informaci\u00f3n sensible del usuario."
    }
  ],
  "id": "CVE-2017-6054",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-26T14:59:00.207",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98033"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98033"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-321"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-6054 (GCVE-0-2017-6054)

ICSA-17-115-03

GSD-2017-6054

VAR-201704-1011

GHSA-FMXW-52W5-JC84

CNVD-2017-05788

FKIE_CVE-2017-6054

Tags

Sightings

Nomenclature