cvelistv5 - cve-2017-9969

CVE-2017-9969 (GCVE-0-2017-9969)

Vulnerability from cvelistv5 – Published: 2018-02-12 23:00 – Updated: 2024-09-16 20:37

Summary

Severity ?

No CVSS data available.

CWE

Assigner

schneider

References

URL

CNVD-2018-05675

Vulnerability from cnvd - Published: 2018-03-20

Title

Schneider Electric IGSS Mobile信息泄露漏洞

Description

Schneider Electric IGSS Mobile是法国施耐德电气（Schneider Electric）公司的一套用于管理IGSS（共享服务平台）的移动端应用程序。 Schneider Electric IGSS Mobile 3.01及之前版本中存在信息泄露漏洞，该漏洞源于程序将密码以明文的形式储存在配置文件中。攻击者可利用该漏洞获取敏感信息。

Severity

低

Patch Name

Schneider Electric IGSS Mobile信息泄露漏洞的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=9111551123&p_File_Name=SEVD-2018-039-02+IGSS+Mobile.pdf&p_Reference=SEVD-2018-039-02

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-9969

Impacted products

Name
Schneider Electric IGSS Mobile App <=3.01

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "103046"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-9969"
    }
  },
  "description": "Schneider Electric IGSS Mobile\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u7ba1\u7406IGSS\uff08\u5171\u4eab\u670d\u52a1\u5e73\u53f0\uff09\u7684\u79fb\u52a8\u7aef\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nSchneider Electric IGSS Mobile 3.01\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5c06\u5bc6\u7801\u4ee5\u660e\u6587\u7684\u5f62\u5f0f\u50a8\u5b58\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Alexander Bolshev (IOActive) and Ivan Yushkevich (Embedi)",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Id=9111551123\u0026p_File_Name=SEVD-2018-039-02+IGSS+Mobile.pdf\u0026p_Reference=SEVD-2018-039-02",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-05675",
  "openTime": "2018-03-20",
  "patchDescription": "Schneider Electric IGSS Mobile\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u7ba1\u7406IGSS\uff08\u5171\u4eab\u670d\u52a1\u5e73\u53f0\uff09\u7684\u79fb\u52a8\u7aef\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nSchneider Electric IGSS Mobile 3.01\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5c06\u5bc6\u7801\u4ee5\u660e\u6587\u7684\u5f62\u5f0f\u50a8\u5b58\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Schneider Electric IGSS Mobile\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Schneider Electric IGSS Mobile App \u003c=3.01"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-9969",
  "serverity": "\u4f4e",
  "submitTime": "2018-02-13",
  "title": "Schneider Electric IGSS Mobile\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

GSD-2017-9969

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-9969

Aliases

CVE-2017-9969

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-9969",
    "description": "An information disclosure vulnerability exists in Schneider Electric\u0027s IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information.",
    "id": "GSD-2017-9969"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-9969"
      ],
      "details": "An information disclosure vulnerability exists in Schneider Electric\u0027s IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information.",
      "id": "GSD-2017-9969",
      "modified": "2023-12-13T01:21:07.393627Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@schneider-electric.com",
        "DATE_PUBLIC": "2018-02-12T00:00:00",
        "ID": "CVE-2017-9969",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An information disclosure vulnerability exists in Schneider Electric\u0027s IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "103046",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/103046"
          },
          {
            "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/",
            "refsource": "CONFIRM",
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/"
          },
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:igss_mobile:*:*:*:*:*:iphone_os:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.01",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:igss_mobile:*:*:*:*:*:android:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.01",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2017-9969"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability exists in Schneider Electric\u0027s IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-522"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03"
            },
            {
              "name": "103046",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry",
                "Vendor Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/103046"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 0.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2018-02-12T23:29Z"
    }
  }
}

ICSA-18-046-03

Vulnerability from csaf_cisa - Published: 2018-02-15 00:00 - Updated: 2018-02-15 00:00

Summary

Schneider Electric IGSS Mobile

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

ATTENTION: Locally exploitable/low skill level to exploit.

Critical infrastructure sectors

Commercial Facilities, Critical Manufacturing, Energy

Countries/areas deployed

Worldwide

Company headquarters location

France

Recommended Practices

NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available in the NCCIC Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT website.

Recommended Practices

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.

Recommended Practices

In addition, NCCIC recommends that users take the following measures to protect themselves from social engineering attacks: Do not click web links or open unsolicited attachments in email messages; Refer to Recognizing and Avoiding Email Scams (https://www.cisa.gov/reading_room/emailscams_0905.pdf) for more information on avoiding email scams; Refer to Avoiding Social Engineering and Phishing Attacks (https://www.cisa.gov/cas/tips/ST04-014.html) for more information on social engineering attacks.

Exploitability

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Alexander Bolshev"
        ],
        "organization": "IOActive",
        "summary": "reporting these vulnerabilities to Schneider Electric"
      },
      {
        "names": [
          "Ivan Yushkevich"
        ],
        "organization": "Embedi",
        "summary": "reporting these vulnerabilities to Schneider Electric"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "ATTENTION: Locally exploitable/low skill level to exploit.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Commercial Facilities, Critical Manufacturing, Energy",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "France",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the NCCIC Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT website.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "In addition, NCCIC recommends that users take the following measures to protect themselves from social engineering attacks: Do not click web links or open unsolicited attachments in email messages; Refer to Recognizing and Avoiding Email Scams (https://www.cisa.gov/reading_room/emailscams_0905.pdf) for more information on avoiding email scams; Refer to Avoiding Social Engineering and Phishing Attacks (https://www.cisa.gov/cas/tips/ST04-014.html) for more information on social engineering attacks.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-046-03 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsa-18-046-03.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-046-03 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-046-03"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/"
      }
    ],
    "title": "Schneider Electric IGSS Mobile",
    "tracking": {
      "current_release_date": "2018-02-15T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-18-046-03",
      "initial_release_date": "2018-02-15T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2018-02-15T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-18-046-03 Schneider Electric IGSS Mobile"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=3.01",
                "product": {
                  "name": "IGSS Mobile for iOS: version 3.01 and all versions prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "IGSS Mobile for iOS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=3.01",
                "product": {
                  "name": "IGSS Mobile for Android: version 3.01 and all versions prior",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "IGSS Mobile for Android"
          }
        ],
        "category": "vendor",
        "name": "Schneider Electric Software, LLC"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-9968",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "IGSS Mobile app lacks certificate pinning during the TLS/SSL connection establishing process. This issue could allow an attacker to execute a man-in-the-middle attack. CVE-2017-9968 has been assigned to this vulnerability. A CVSS v3 base score of 6.4 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9968"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "An update for Android with the fix for these vulnerabilities is available for download on Google Play",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://play.google.com/store/apps/details?id=dk.schneiderelectric.igssmobile"
        },
        {
          "category": "vendor_fix",
          "details": "An update for iOS with the fix for these vulnerabilities is available on Apple Store",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://itunes.apple.com/dk/app/igss-mobile/id871698051"
        },
        {
          "category": "mitigation",
          "details": "For more information on these vulnerabilities and associated patch, please see Schneider Electric\u0027s security notification SEVD-2018-039-02 on their website",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2017-9969",
      "cwe": {
        "id": "CWE-256",
        "name": "Plaintext Storage of a Password"
      },
      "notes": [
        {
          "category": "summary",
          "text": "IGSS Mobile app passwords are stored in clear-text in the configuration file. CVE-2017-9969 has been assigned to this vulnerability. A CVSS v3 base score of 6.0 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9969"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "An update for Android with the fix for these vulnerabilities is available for download on Google Play",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://play.google.com/store/apps/details?id=dk.schneiderelectric.igssmobile"
        },
        {
          "category": "vendor_fix",
          "details": "An update for iOS with the fix for these vulnerabilities is available on Apple Store",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://itunes.apple.com/dk/app/igss-mobile/id871698051"
        },
        {
          "category": "mitigation",
          "details": "For more information on these vulnerabilities and associated patch, please see Schneider Electric\u0027s security notification SEVD-2018-039-02 on their website",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.0,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    }
  ]
}

GHSA-RQ73-574J-8G3V

Vulnerability from github – Published: 2022-05-13 01:48 – Updated: 2022-05-13 01:48

Details

Severity ?

6.7 (Medium)


                  
                    CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-9969"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-522"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-12T23:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An information disclosure vulnerability exists in Schneider Electric\u0027s IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information.",
  "id": "GHSA-rq73-574j-8g3v",
  "modified": "2022-05-13T01:48:16Z",
  "published": "2022-05-13T01:48:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9969"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03"
    },
    {
      "type": "WEB",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/103046"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201802-0616

Vulnerability from variot - Updated: 2023-12-18 13:19

An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information. Schneider Electric IGSS Mobile is a set of mobile application for managing IGSS (Shared Services Platform) by Schneider Electric of France. An attacker could use this vulnerability to obtain sensitive information

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201802-0616",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "igss mobile",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "schneider electric",
        "version": "3.01"
      },
      {
        "model": "electric igss mobile app",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "\u003c=3.01"
      },
      {
        "model": "igss mobile",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider electric",
        "version": "3.01"
      },
      {
        "model": "igss mobile for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "3.01"
      },
      {
        "model": "igss mobile for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "schneider electric",
        "version": "3.01"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-05675"
      },
      {
        "db": "BID",
        "id": "103046"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012625"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9969"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1079"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:igss_mobile:*:*:*:*:*:iphone_os:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.01",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:igss_mobile:*:*:*:*:*:android:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.01",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-9969"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Alexander Bolshev (IOActive) and Ivan Yushkevich (Embedi)",
    "sources": [
      {
        "db": "BID",
        "id": "103046"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-9969",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.1,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-9969",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2018-05675",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.7,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-9969",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-9969",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-05675",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201706-1079",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-9969",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-05675"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9969"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012625"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9969"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1079"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An information disclosure vulnerability exists in Schneider Electric\u0027s IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information. Schneider Electric IGSS Mobile is a set of mobile application for managing IGSS (Shared Services Platform) by Schneider Electric of France. An attacker could use this vulnerability to obtain sensitive information",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-9969"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012625"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-05675"
      },
      {
        "db": "BID",
        "id": "103046"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9969"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-9969",
        "trust": 3.4
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-046-03",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "103046",
        "trust": 2.6
      },
      {
        "db": "SCHNEIDER",
        "id": "SEVD-2018-039-02",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012625",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-05675",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1079",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9969",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-05675"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9969"
      },
      {
        "db": "BID",
        "id": "103046"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012625"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9969"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1079"
      }
    ]
  },
  "id": "VAR-201802-0616",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-05675"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-05675"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:19:15.760000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SEVD-2018-039-02",
        "trust": 0.8,
        "url": "https://download.schneider-electric.com/files?p_endoctype=technical+leaflet\u0026p_file_id=9561605997\u0026p_file_name=sevd-2018-039-02+igss+mobile.pdf\u0026p_reference=sevd-2018-039-02"
      },
      {
        "title": "Patch for Schneider Electric IGSS Mobile Information Disclosure Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/122057"
      },
      {
        "title": "Schneider Electric IGSS Mobile Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99877"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/zzzteph/zzzteph "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-05675"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9969"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012625"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1079"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-522",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012625"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9969"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-046-03"
      },
      {
        "trust": 1.7,
        "url": "https://www.schneider-electric.com/en/download/document/sevd-2018-039-02/"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/103046"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9969"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9969"
      },
      {
        "trust": 0.3,
        "url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
      },
      {
        "trust": 0.3,
        "url": "https://download.schneider-electric.com/files?p_endoctype=technical+leaflet\u0026p_file_id=9111551123\u0026p_file_name=sevd-2018-039-02+igss+mobile.pdf\u0026p_reference=sevd-2018-039-02"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/522.html"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=56857"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-05675"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9969"
      },
      {
        "db": "BID",
        "id": "103046"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012625"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9969"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1079"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-05675"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9969"
      },
      {
        "db": "BID",
        "id": "103046"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012625"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9969"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1079"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-20T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-05675"
      },
      {
        "date": "2018-02-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-9969"
      },
      {
        "date": "2018-02-08T00:00:00",
        "db": "BID",
        "id": "103046"
      },
      {
        "date": "2018-03-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-012625"
      },
      {
        "date": "2018-02-12T23:29:00.403000",
        "db": "NVD",
        "id": "CVE-2017-9969"
      },
      {
        "date": "2017-06-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-1079"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-20T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-05675"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-9969"
      },
      {
        "date": "2018-02-08T00:00:00",
        "db": "BID",
        "id": "103046"
      },
      {
        "date": "2018-03-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-012625"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2017-9969"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-1079"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "103046"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1079"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Schneider Electric IGSS Mobile Information Disclosure Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-05675"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1079"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1079"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2017-9969

Vulnerability from fkie_nvd - Published: 2018-02-12 23:29 - Updated: 2024-11-21 03:37

Severity ?

6.7 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cybersecurity@se.com	http://www.securityfocus.com/bid/103046	Third Party Advisory, VDB Entry, Vendor Advisory
cybersecurity@se.com	https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03	Third Party Advisory, US Government Resource
cybersecurity@se.com	https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/103046	Third Party Advisory, VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/	Vendor Advisory

Impacted products

	Vendor	Product	Version
	schneider-electric	igss_mobile	*
	schneider-electric	igss_mobile	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:igss_mobile:*:*:*:*:*:android:*:*",
              "matchCriteriaId": "813AC34A-B612-4B5F-A372-2F3EED3E3129",
              "versionEndIncluding": "3.01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:schneider-electric:igss_mobile:*:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "EDF8B4C6-943B-426A-A53A-D1E41A1C596F",
              "versionEndIncluding": "3.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An information disclosure vulnerability exists in Schneider Electric\u0027s IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la aplicaci\u00f3n Schneider Electric\u0027s IGSS Mobile, en versiones 3.01 y anteriores. Las contrase\u00f1as se almacenan en texto claro en la configuraci\u00f3n, lo que puede resultar en la exposici\u00f3n de informaci\u00f3n sensible."
    }
  ],
  "id": "CVE-2017-9969",
  "lastModified": "2024-11-21T03:37:16.493",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-02-12T23:29:00.403",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/103046"
    },
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03"
    },
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/103046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-9969 (GCVE-0-2017-9969)

CNVD-2018-05675

GSD-2017-9969

ICSA-18-046-03

GHSA-RQ73-574J-8G3V

VAR-201802-0616

FKIE_CVE-2017-9969

Tags

Sightings

Nomenclature