cvelistv5 - cve-2017-9625

CVE-2017-9625 (GCVE-0-2017-9625)

Vulnerability from cvelistv5 – Published: 2017-10-17 22:00 – Updated: 2024-08-05 17:11

Summary

Severity ?

No CVSS data available.

CWE

CWE-287

Assigner

icscert

References

URL

	Vendor	Product	Version
	n/a	Envitech Ltd. EnviDAS Ultimate	Affected: Envitech Ltd. EnviDAS Ultimate

ICSA-17-285-03

Vulnerability from csaf_cisa - Published: 2017-10-12 00:00 - Updated: 2017-10-12 00:00

Summary

Envitech Ltd. EnviDAS Ultimate

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

ATTENTION: Remotely exploitable/low skill level to exploit.

Critical infrastructure sectors

Commercial Facilities, Communications, Water and Wastewater Systems

Countries/areas deployed

Worldwide

Company headquarters location

Israel

Recommended Practices

NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.

Recommended Practices

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Can Demirel",
          "Deniz \u00c7evik"
        ],
        "organization": "Biznet Bilisim",
        "summary": "discovering the vulnerability and testing the patch"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "ATTENTION: Remotely exploitable/low skill level to exploit.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Commercial Facilities, Communications, Water and Wastewater Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Israel",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-285-03 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-285-03.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-285-03 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-285-03"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-285-03"
      }
    ],
    "title": "Envitech Ltd. EnviDAS Ultimate",
    "tracking": {
      "current_release_date": "2017-10-12T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-17-285-03",
      "initial_release_date": "2017-10-12T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-10-12T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-17-285-03 Envitech Ltd. EnviDAS Ultimate"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 1.0.0.5",
                "product": {
                  "name": "EnviDAS Ultimate: Versions prior to v1.0.0.5",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "EnviDAS Ultimate"
          }
        ],
        "category": "vendor",
        "name": "Envitech Ltd"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-9625",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely.CVE-2017-9625 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9625"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Envitech Ltd., recommends that users of affected versions update to the latest version of v1.0.0.5 or newer. The update can be obtained by contacting Envitech Ltd., support at the following email: mailto:david.farhi@envitech.co.il",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

GSD-2017-9625

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-9625

Aliases

CVE-2017-9625

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-9625",
    "description": "An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely.",
    "id": "GSD-2017-9625"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-9625"
      ],
      "details": "An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely.",
      "id": "GSD-2017-9625",
      "modified": "2023-12-13T01:21:07.624757Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2017-9625",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Envitech Ltd. EnviDAS Ultimate",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Envitech Ltd. EnviDAS Ultimate"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-287"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "101249",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/101249"
          },
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:envitech:envidas_ultimate:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.0.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-9625"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource",
                "VDB Entry"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03"
            },
            {
              "name": "101249",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/101249"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 4.2
        }
      },
      "lastModifiedDate": "2019-10-09T23:30Z",
      "publishedDate": "2017-10-17T22:29Z"
    }
  }
}

VAR-201710-1319

Vulnerability from variot - Updated: 2023-12-18 13:02

An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely. Envidas Ultimate is Envitech Ltd's intelligent, versatile, multi-site continuous emissions monitoring and data acquisition system. Envitech EnviDAS Ultimate is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201710-1319",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "envidas ultimate",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "envitech",
        "version": "1.0.0.4"
      },
      {
        "model": "envidas ultimate",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "envitech",
        "version": "1.0.0.5"
      },
      {
        "model": "envidas ultimate",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "envitech",
        "version": "v1.0.0.5"
      },
      {
        "model": "envidas ultimate",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "envitech",
        "version": "1.0.0.4"
      },
      {
        "model": "ltd envidas ultimate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "envitech",
        "version": "1.0.0.4"
      },
      {
        "model": "ltd envidas ultimate",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "envitech",
        "version": "1.0.0.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "envidas ultimate",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29974"
      },
      {
        "db": "BID",
        "id": "101249"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009513"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9625"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-577"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:envitech:envidas_ultimate:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.0.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-9625"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Can Demirel and Deniz ?evik of Biznet Bilisim",
    "sources": [
      {
        "db": "BID",
        "id": "101249"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-9625",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-9625",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 8.5,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-29974",
            "impactScore": 7.8,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 8.5,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7",
            "impactScore": 7.8,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:N",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 4.2,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 8.2,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-9625",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-9625",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-29974",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201710-577",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7",
            "trust": 0.2,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29974"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009513"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9625"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-577"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely. Envidas Ultimate is Envitech Ltd\u0027s intelligent, versatile, multi-site continuous emissions monitoring and data acquisition system. Envitech EnviDAS Ultimate is prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-9625"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009513"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29974"
      },
      {
        "db": "BID",
        "id": "101249"
      },
      {
        "db": "IVD",
        "id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-9625",
        "trust": 3.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-285-03",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "101249",
        "trust": 1.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29974",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-577",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009513",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "3A32BA24-6E0F-4236-9CC1-A3BF2668DDE7",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29974"
      },
      {
        "db": "BID",
        "id": "101249"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009513"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9625"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-577"
      }
    ]
  },
  "id": "VAR-201710-1319",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29974"
      }
    ],
    "trust": 1.425
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29974"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:02:52.382000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.envitech.co.il/"
      },
      {
        "title": "Envitech Ltd EnviDAS Ultimate authentication bypass vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/103555"
      },
      {
        "title": "Envitech EnviDAS Ultimate Remediation measures for authorization problem vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100113"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-29974"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009513"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-577"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009513"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9625"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-285-03"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/101249"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9625"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9625"
      },
      {
        "trust": 0.3,
        "url": "http://envitech.co.il/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-29974"
      },
      {
        "db": "BID",
        "id": "101249"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009513"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9625"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-577"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29974"
      },
      {
        "db": "BID",
        "id": "101249"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009513"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9625"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-577"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-10-13T00:00:00",
        "db": "IVD",
        "id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
      },
      {
        "date": "2017-10-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-29974"
      },
      {
        "date": "2017-10-12T00:00:00",
        "db": "BID",
        "id": "101249"
      },
      {
        "date": "2017-11-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-009513"
      },
      {
        "date": "2017-10-17T22:29:00.463000",
        "db": "NVD",
        "id": "CVE-2017-9625"
      },
      {
        "date": "2017-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201710-577"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-10-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-29974"
      },
      {
        "date": "2017-10-12T00:00:00",
        "db": "BID",
        "id": "101249"
      },
      {
        "date": "2017-11-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-009513"
      },
      {
        "date": "2019-10-09T23:30:43.143000",
        "db": "NVD",
        "id": "CVE-2017-9625"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201710-577"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-577"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Envitech Ltd EnviDAS Ultimate Authentication Bypass Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29974"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-577"
      }
    ],
    "trust": 0.6
  }
}

GHSA-6CCC-WMJW-6QWC

Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36

Details

Severity ?

8.2 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-9625"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-17T22:29:00Z",
    "severity": "HIGH"
  },
  "details": "An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely.",
  "id": "GHSA-6ccc-wmjw-6qwc",
  "modified": "2022-05-13T01:36:07Z",
  "published": "2022-05-13T01:36:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9625"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101249"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2017-29974

Vulnerability from cnvd - Published: 2017-10-13

Title

Envitech Ltd EnviDAS Ultimate身份验证绕过漏洞

Description

Envidas Ultimate是Envitech Ltd的一个智能、多功能、多站点的连续排放监测和数据采集系统。 Envitech Ltd EnviDAS Ultimate存在身份验证绕过漏洞，由于Web应用程序未进行正确的身份验证，攻击者可查看信息并修改设置或远程执行代码。

Severity

高

Patch Name

Envitech Ltd EnviDAS Ultimate身份验证绕过漏洞的补丁

Patch Description

Envidas Ultimate是Envitech Ltd的一个智能、多功能、多站点的连续排放监测和数据采集系统。 Envitech Ltd EnviDAS Ultimate存在身份验证绕过漏洞，由于Web应用程序未进行正确的身份验证，攻击者可查看信息并修改设置或远程执行代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可联系供应商获得补丁信息： https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03

Impacted products

Name
Envitech EnviDAS Ultimate <v1.0.0.5

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-9625"
    }
  },
  "description": "Envidas Ultimate\u662fEnvitech Ltd\u7684\u4e00\u4e2a\u667a\u80fd\u3001\u591a\u529f\u80fd\u3001\u591a\u7ad9\u70b9\u7684\u8fde\u7eed\u6392\u653e\u76d1\u6d4b\u548c\u6570\u636e\u91c7\u96c6\u7cfb\u7edf\u3002\r\n\r\nEnvitech Ltd EnviDAS Ultimate\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u7531\u4e8eWeb\u5e94\u7528\u7a0b\u5e8f\u672a\u8fdb\u884c\u6b63\u786e\u7684\u8eab\u4efd\u9a8c\u8bc1\uff0c\u653b\u51fb\u8005\u53ef\u67e5\u770b\u4fe1\u606f\u5e76\u4fee\u6539\u8bbe\u7f6e\u6216\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u3002",
  "discovererName": "Can Demirel and Deniz \u00c7evik of Biznet Bilisim",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://ics-cert.us-cert.gov/advisories/ICSA-17-285-03",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-29974",
  "openTime": "2017-10-13",
  "patchDescription": "Envidas Ultimate\u662fEnvitech Ltd\u7684\u4e00\u4e2a\u667a\u80fd\u3001\u591a\u529f\u80fd\u3001\u591a\u7ad9\u70b9\u7684\u8fde\u7eed\u6392\u653e\u76d1\u6d4b\u548c\u6570\u636e\u91c7\u96c6\u7cfb\u7edf\u3002\r\n\r\nEnvitech Ltd EnviDAS Ultimate\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u7531\u4e8eWeb\u5e94\u7528\u7a0b\u5e8f\u672a\u8fdb\u884c\u6b63\u786e\u7684\u8eab\u4efd\u9a8c\u8bc1\uff0c\u653b\u51fb\u8005\u53ef\u67e5\u770b\u4fe1\u606f\u5e76\u4fee\u6539\u8bbe\u7f6e\u6216\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Envitech Ltd EnviDAS Ultimate\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Envitech EnviDAS Ultimate \u003cv1.0.0.5"
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03",
  "serverity": "\u9ad8",
  "submitTime": "2017-10-13",
  "title": "Envitech Ltd EnviDAS Ultimate\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}

FKIE_CVE-2017-9625

Vulnerability from fkie_nvd - Published: 2017-10-17 22:29 - Updated: 2025-04-20 01:37

Severity ?

8.2 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/101249	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03	Third Party Advisory, US Government Resource, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/101249	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03	Third Party Advisory, US Government Resource, VDB Entry

Impacted products

	Vendor	Product	Version
	envitech	envidas_ultimate	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:envitech:envidas_ultimate:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4959666A-4E1D-45B2-854F-95DB0D84A2A3",
              "versionEndIncluding": "1.0.0.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema de autenticaci\u00f3n incorrecta en Envitech EnviDAS Ultimate en versiones anteriores a la v1.0.0.5. La aplicaci\u00f3n web carece de autenticaci\u00f3n correcta, lo que puede permitir que un atacante visualice informaci\u00f3n y modifique configuraciones o ejecute c\u00f3digo remotamente."
    }
  ],
  "id": "CVE-2017-9625",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-17T22:29:00.463",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101249"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource",
        "VDB Entry"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101249"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource",
        "VDB Entry"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-9625 (GCVE-0-2017-9625)

ICSA-17-285-03

GSD-2017-9625

VAR-201710-1319

GHSA-6CCC-WMJW-6QWC

CNVD-2017-29974

FKIE_CVE-2017-9625

Tags

Sightings

Nomenclature