VAR-201709-1004
Vulnerability from variot - Updated: 2023-12-18 13:57An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones. AzeoTech DAQFactory Contains a permission vulnerability.Information may be obtained and information may be altered. AzeoTech DAQFactory is an HMI/SCADA software. AzeoTech DAQFactory has an unauthorized modification vulnerability that can be replaced or modified by a local non-administrative user. AzeoTech DAQFactory is prone to multiple security vulnerabilities. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications or bypass certain security restrictions and perform unauthorized actions. Versions prior to DAQFactory 17.1 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-1004",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "daqfactory",
"scope": "lt",
"trust": 1.4,
"vendor": "azeotech",
"version": "17.1"
},
{
"model": "daqfactory",
"scope": "lte",
"trust": 1.0,
"vendor": "azeotech",
"version": "16.3"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.9,
"vendor": "azeotech",
"version": "16.3"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.3,
"vendor": "azeotech",
"version": "5.91"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.3,
"vendor": "azeotech",
"version": "5.90"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.3,
"vendor": "azeotech",
"version": "5.86"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.3,
"vendor": "azeotech",
"version": "5.85"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.3,
"vendor": "azeotech",
"version": "5.84"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.3,
"vendor": "azeotech",
"version": "5.83"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.3,
"vendor": "azeotech",
"version": "16.2"
},
{
"model": "daqfactory",
"scope": "eq",
"trust": 0.3,
"vendor": "azeotech",
"version": "16.1"
},
{
"model": "daqfactory",
"scope": "ne",
"trust": 0.3,
"vendor": "azeotech",
"version": "17.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "daqfactory",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "3eb14e05-8b6e-4072-b09a-1fa9b86f3b73"
},
{
"db": "CNVD",
"id": "CNVD-2017-23889"
},
{
"db": "BID",
"id": "100522"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007995"
},
{
"db": "NVD",
"id": "CVE-2017-12699"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-087"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:azeotech:daqfactory:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12699"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "100522"
}
],
"trust": 0.3
},
"cve": "CVE-2017-12699",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-12699",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-23889",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "3eb14e05-8b6e-4072-b09a-1fa9b86f3b73",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12699",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12699",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-23889",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-087",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "3eb14e05-8b6e-4072-b09a-1fa9b86f3b73",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "3eb14e05-8b6e-4072-b09a-1fa9b86f3b73"
},
{
"db": "CNVD",
"id": "CNVD-2017-23889"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007995"
},
{
"db": "NVD",
"id": "CVE-2017-12699"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-087"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones. AzeoTech DAQFactory Contains a permission vulnerability.Information may be obtained and information may be altered. AzeoTech DAQFactory is an HMI/SCADA software. AzeoTech DAQFactory has an unauthorized modification vulnerability that can be replaced or modified by a local non-administrative user. AzeoTech DAQFactory is prone to multiple security vulnerabilities. \nAttackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications or bypass certain security restrictions and perform unauthorized actions. \nVersions prior to DAQFactory 17.1 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12699"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007995"
},
{
"db": "CNVD",
"id": "CNVD-2017-23889"
},
{
"db": "BID",
"id": "100522"
},
{
"db": "IVD",
"id": "3eb14e05-8b6e-4072-b09a-1fa9b86f3b73"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12699",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-241-01",
"trust": 3.3
},
{
"db": "BID",
"id": "100522",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-23889",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-087",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007995",
"trust": 0.8
},
{
"db": "IVD",
"id": "3EB14E05-8B6E-4072-B09A-1FA9B86F3B73",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "3eb14e05-8b6e-4072-b09a-1fa9b86f3b73"
},
{
"db": "CNVD",
"id": "CNVD-2017-23889"
},
{
"db": "BID",
"id": "100522"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007995"
},
{
"db": "NVD",
"id": "CVE-2017-12699"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-087"
}
]
},
"id": "VAR-201709-1004",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "3eb14e05-8b6e-4072-b09a-1fa9b86f3b73"
},
{
"db": "CNVD",
"id": "CNVD-2017-23889"
}
],
"trust": 1.35734766
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "3eb14e05-8b6e-4072-b09a-1fa9b86f3b73"
},
{
"db": "CNVD",
"id": "CNVD-2017-23889"
}
]
},
"last_update_date": "2023-12-18T13:57:16.200000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.azeotech.com/daqfactory.php"
},
{
"title": "AzeoTech DAQFactory is not authorized to modify the patch for the vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/101184"
},
{
"title": "AzeoTech DAQFactory Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74542"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23889"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007995"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-087"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.0
},
{
"problemtype": "CWE-275",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007995"
},
{
"db": "NVD",
"id": "CVE-2017-12699"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-241-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100522"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12699"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12699"
},
{
"trust": 0.3,
"url": "http://www.azeotech.com/index.php"
},
{
"trust": 0.3,
"url": "https://www.azeotech.com/j/revision-history.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23889"
},
{
"db": "BID",
"id": "100522"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007995"
},
{
"db": "NVD",
"id": "CVE-2017-12699"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-087"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "3eb14e05-8b6e-4072-b09a-1fa9b86f3b73"
},
{
"db": "CNVD",
"id": "CNVD-2017-23889"
},
{
"db": "BID",
"id": "100522"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007995"
},
{
"db": "NVD",
"id": "CVE-2017-12699"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-087"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-30T00:00:00",
"db": "IVD",
"id": "3eb14e05-8b6e-4072-b09a-1fa9b86f3b73"
},
{
"date": "2017-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23889"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100522"
},
{
"date": "2017-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007995"
},
{
"date": "2017-09-09T01:29:02.363000",
"db": "NVD",
"id": "CVE-2017-12699"
},
{
"date": "2017-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-087"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23889"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100522"
},
{
"date": "2017-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007995"
},
{
"date": "2019-10-09T23:23:09.810000",
"db": "NVD",
"id": "CVE-2017-12699"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-087"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-087"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AzeoTech DAQFactory Permissions vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007995"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-087"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…