VAR-201704-1294
Vulnerability from variot - Updated: 2023-12-18 14:05Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors. Schneider Electric StruxureWare Data Center is a data center automation system of Schneider Electric (France). Successfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-1294",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "struxureware data center expert",
"scope": "lte",
"trust": 1.0,
"vendor": "schneider electric",
"version": "7.3.1"
},
{
"model": "struxureware data center expert",
"scope": "eq",
"trust": 0.9,
"vendor": "schneider electric",
"version": "7.3.1"
},
{
"model": "struxureware data center expert",
"scope": "lt",
"trust": 0.8,
"vendor": "schneider electric",
"version": "7.4.0"
},
{
"model": "electric struxureware data center",
"scope": "lt",
"trust": 0.6,
"vendor": "schneider",
"version": "7.4.0"
},
{
"model": "struxureware data center expert",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "7.2.4"
},
{
"model": "struxureware data center expert",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "7.3.1.114"
},
{
"model": "struxureware data center expert",
"scope": "ne",
"trust": 0.3,
"vendor": "schneider electric",
"version": "7.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07260"
},
{
"db": "BID",
"id": "98399"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003699"
},
{
"db": "NVD",
"id": "CVE-2017-8371"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-046"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.3.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8371"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ilya Karpov of Positive Technologies.",
"sources": [
{
"db": "BID",
"id": "98399"
}
],
"trust": 0.3
},
"cve": "CVE-2017-8371",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-8371",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-07260",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-8371",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-8371",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-07260",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-046",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-8371",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07260"
},
{
"db": "VULMON",
"id": "CVE-2017-8371"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003699"
},
{
"db": "NVD",
"id": "CVE-2017-8371"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-046"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors. Schneider Electric StruxureWare Data Center is a data center automation system of Schneider Electric (France). \nSuccessfully exploiting this issue may allow an attacker to obtain sensitive information that may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8371"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003699"
},
{
"db": "CNVD",
"id": "CNVD-2017-07260"
},
{
"db": "BID",
"id": "98399"
},
{
"db": "VULMON",
"id": "CVE-2017-8371"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-8371",
"trust": 3.4
},
{
"db": "SCHNEIDER",
"id": "SEVD-2016-343-01",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003699",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-07260",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201705-046",
"trust": 0.6
},
{
"db": "BID",
"id": "98399",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2017-8371",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07260"
},
{
"db": "VULMON",
"id": "CVE-2017-8371"
},
{
"db": "BID",
"id": "98399"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003699"
},
{
"db": "NVD",
"id": "CVE-2017-8371"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-046"
}
]
},
"id": "VAR-201704-1294",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07260"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07260"
}
]
},
"last_update_date": "2023-12-18T14:05:49.277000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2016-343-01",
"trust": 0.8,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2016-343-01"
},
{
"title": "Patch for Schneider Electric StruxureWare Data Center Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/94149"
},
{
"title": "Schneider Electric StruxureWare Data Center Expert Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69752"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07260"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003699"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-046"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003699"
},
{
"db": "NVD",
"id": "CVE-2017-8371"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.datacenterdynamics.com/content-tracks/security-risk/schneider-patches-critical-vulnerability-in-struxureware-dcim/97738.fullarticle"
},
{
"trust": 2.0,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd-2016-343-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8371"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8371"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/522.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/98399"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07260"
},
{
"db": "VULMON",
"id": "CVE-2017-8371"
},
{
"db": "BID",
"id": "98399"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003699"
},
{
"db": "NVD",
"id": "CVE-2017-8371"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-046"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-07260"
},
{
"db": "VULMON",
"id": "CVE-2017-8371"
},
{
"db": "BID",
"id": "98399"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003699"
},
{
"db": "NVD",
"id": "CVE-2017-8371"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-046"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07260"
},
{
"date": "2017-04-30T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8371"
},
{
"date": "2017-01-20T00:00:00",
"db": "BID",
"id": "98399"
},
{
"date": "2017-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003699"
},
{
"date": "2017-04-30T20:59:00.167000",
"db": "NVD",
"id": "CVE-2017-8371"
},
{
"date": "2017-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-046"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07260"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8371"
},
{
"date": "2017-05-23T16:25:00",
"db": "BID",
"id": "98399"
},
{
"date": "2017-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003699"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-8371"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-046"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-046"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric StruxureWare Data Center Expert Vulnerability in which important information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003699"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-046"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…