VAR-201709-1008
Vulnerability from variot - Updated: 2023-12-18 13:24A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An attacker may create an application user account to gain administrative privileges. Multiple OPW Products are prone to an SQL-injection vulnerability and an authentication-bypass vulnerability. An attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions, modify the logic of SQL queries, compromise the software, retrieve information, or modify data; other consequences are possible as well. The following products and versions are vulnerable: SiteSentinel Integra 100 Console prior to 175, 175 through 189, 191 through 195 and 16Q3.1 SiteSentinel Integra 500 Console prior to 175, 175 through 189, 191 through 195 and 16Q3.1 SiteSentinel iSite ATG Console prior to 175, 175 through 189, 191 through 195 and 16Q3.1. Several OPW products have authentication bypass vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-1008",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sitesentinel integra 100",
"scope": "eq",
"trust": 1.6,
"vendor": "opwglobal",
"version": "195"
},
{
"model": "sitesentinel integra 500",
"scope": "eq",
"trust": 1.6,
"vendor": "opwglobal",
"version": "189"
},
{
"model": "sitesentinel integra 100",
"scope": "eq",
"trust": 1.6,
"vendor": "opwglobal",
"version": "16q3.1"
},
{
"model": "sitesentinel integra 500",
"scope": "eq",
"trust": 1.6,
"vendor": "opwglobal",
"version": "16q3.1"
},
{
"model": "sitesentinel integra 100",
"scope": "eq",
"trust": 1.6,
"vendor": "opwglobal",
"version": "189"
},
{
"model": "sitesentinel integra 500",
"scope": "eq",
"trust": 1.6,
"vendor": "opwglobal",
"version": "195"
},
{
"model": "sitesentinel integra 500",
"scope": "eq",
"trust": 1.6,
"vendor": "opwglobal",
"version": "191"
},
{
"model": "sitesentinel integra 100",
"scope": "eq",
"trust": 1.6,
"vendor": "opwglobal",
"version": "191"
},
{
"model": "sitesentinel integra 100",
"scope": "lte",
"trust": 1.0,
"vendor": "opwglobal",
"version": "175"
},
{
"model": "sitesentinel integra 500",
"scope": "lte",
"trust": 1.0,
"vendor": "opwglobal",
"version": "175"
},
{
"model": "sitesentinel isite atg",
"scope": "eq",
"trust": 1.0,
"vendor": "opwglobal",
"version": "189"
},
{
"model": "sitesentinel isite atg",
"scope": "eq",
"trust": 1.0,
"vendor": "opwglobal",
"version": "16q3.1"
},
{
"model": "sitesentinel isite atg",
"scope": "eq",
"trust": 1.0,
"vendor": "opwglobal",
"version": "195"
},
{
"model": "sitesentinel isite atg",
"scope": "eq",
"trust": 1.0,
"vendor": "opwglobal",
"version": "191"
},
{
"model": "sitesentinel isite atg",
"scope": "lte",
"trust": 1.0,
"vendor": "opwglobal",
"version": "175"
},
{
"model": "sitesentinel integra 100",
"scope": "eq",
"trust": 0.8,
"vendor": "opw fuel management",
"version": "v16q3.1"
},
{
"model": "sitesentinel integra 100",
"scope": "lt",
"trust": 0.8,
"vendor": "opw fuel management",
"version": "v175"
},
{
"model": "sitesentinel integra 100",
"scope": "eq",
"trust": 0.8,
"vendor": "opw fuel management",
"version": "v175-v189"
},
{
"model": "sitesentinel integra 100",
"scope": "eq",
"trust": 0.8,
"vendor": "opw fuel management",
"version": "v191-v195"
},
{
"model": "sitesentinel integra 500",
"scope": "eq",
"trust": 0.8,
"vendor": "opw fuel management",
"version": "v16q3.1"
},
{
"model": "sitesentinel integra 500",
"scope": "lt",
"trust": 0.8,
"vendor": "opw fuel management",
"version": "v175"
},
{
"model": "sitesentinel integra 500",
"scope": "eq",
"trust": 0.8,
"vendor": "opw fuel management",
"version": "v175-v189"
},
{
"model": "sitesentinel integra 500",
"scope": "eq",
"trust": 0.8,
"vendor": "opw fuel management",
"version": "v191-v195"
},
{
"model": "sitesentinel isite atg",
"scope": "eq",
"trust": 0.8,
"vendor": "opw fuel management",
"version": "v16q3.1"
},
{
"model": "sitesentinel isite atg",
"scope": "lt",
"trust": 0.8,
"vendor": "opw fuel management",
"version": "v175"
},
{
"model": "sitesentinel isite atg",
"scope": "eq",
"trust": 0.8,
"vendor": "opw fuel management",
"version": "v175-v189"
},
{
"model": "sitesentinel isite atg",
"scope": "eq",
"trust": 0.8,
"vendor": "opw fuel management",
"version": "v191-v195"
},
{
"model": "fuel management systems sitesentinel isite atg",
"scope": "lt",
"trust": 0.6,
"vendor": "opw",
"version": "v175"
},
{
"model": "fuel management systems sitesentinel isite atg",
"scope": "eq",
"trust": 0.6,
"vendor": "opw",
"version": "v175-v189"
},
{
"model": "fuel management systems sitesentinel isite atg",
"scope": "eq",
"trust": 0.6,
"vendor": "opw",
"version": "v191-v195"
},
{
"model": "fuel management systems sitesentinel isite atg v16q3.1",
"scope": null,
"trust": 0.6,
"vendor": "opw",
"version": null
},
{
"model": "fuel management systems sitesentinel integra",
"scope": "eq",
"trust": 0.6,
"vendor": "opw",
"version": "100\u003cv175"
},
{
"model": "fuel management systems sitesentinel integra",
"scope": "eq",
"trust": 0.6,
"vendor": "opw",
"version": "100v175-v189"
},
{
"model": "fuel management systems sitesentinel integra",
"scope": "eq",
"trust": 0.6,
"vendor": "opw",
"version": "100v191-v195"
},
{
"model": "fuel management systems sitesentinel integra v16q3.1",
"scope": "eq",
"trust": 0.6,
"vendor": "opw",
"version": "100"
},
{
"model": "fuel management systems sitesentinel integra",
"scope": "eq",
"trust": 0.6,
"vendor": "opw",
"version": "500\u003cv175"
},
{
"model": "fuel management systems sitesentinel integra",
"scope": "eq",
"trust": 0.6,
"vendor": "opw",
"version": "500v175-v189"
},
{
"model": "fuel management systems sitesentinel integra",
"scope": "eq",
"trust": 0.6,
"vendor": "opw",
"version": "500v191-v195"
},
{
"model": "fuel management systems sitesentinel integra v16q3.1",
"scope": "eq",
"trust": 0.6,
"vendor": "opw",
"version": "500"
},
{
"model": "sitesentinel integra 500",
"scope": "eq",
"trust": 0.6,
"vendor": "opwglobal",
"version": "175"
},
{
"model": "sitesentinel integra 100",
"scope": "eq",
"trust": 0.6,
"vendor": "opwglobal",
"version": "175"
},
{
"model": "sitesentinel isite atg console",
"scope": "eq",
"trust": 0.3,
"vendor": "opw",
"version": "195"
},
{
"model": "sitesentinel isite atg console",
"scope": "eq",
"trust": 0.3,
"vendor": "opw",
"version": "191"
},
{
"model": "sitesentinel isite atg console",
"scope": "eq",
"trust": 0.3,
"vendor": "opw",
"version": "189"
},
{
"model": "sitesentinel isite atg console",
"scope": "eq",
"trust": 0.3,
"vendor": "opw",
"version": "175"
},
{
"model": "sitesentinel isite atg console",
"scope": "eq",
"trust": 0.3,
"vendor": "opw",
"version": "170"
},
{
"model": "sitesentinel isite atg console 16q3.1",
"scope": null,
"trust": 0.3,
"vendor": "opw",
"version": null
},
{
"model": "sitesentinel integra console",
"scope": "eq",
"trust": 0.3,
"vendor": "opw",
"version": "500195"
},
{
"model": "sitesentinel integra console",
"scope": "eq",
"trust": 0.3,
"vendor": "opw",
"version": "500191"
},
{
"model": "sitesentinel integra console",
"scope": "eq",
"trust": 0.3,
"vendor": "opw",
"version": "500189"
},
{
"model": "sitesentinel integra console",
"scope": "eq",
"trust": 0.3,
"vendor": "opw",
"version": "500175"
},
{
"model": "sitesentinel integra console",
"scope": "eq",
"trust": 0.3,
"vendor": "opw",
"version": "500170"
},
{
"model": "sitesentinel integra console 16q3.1",
"scope": "eq",
"trust": 0.3,
"vendor": "opw",
"version": "500"
},
{
"model": "sitesentinel integra console",
"scope": "eq",
"trust": 0.3,
"vendor": "opw",
"version": "100195"
},
{
"model": "sitesentinel integra console",
"scope": "eq",
"trust": 0.3,
"vendor": "opw",
"version": "100191"
},
{
"model": "sitesentinel integra console",
"scope": "eq",
"trust": 0.3,
"vendor": "opw",
"version": "100189"
},
{
"model": "sitesentinel integra console",
"scope": "eq",
"trust": 0.3,
"vendor": "opw",
"version": "100175"
},
{
"model": "sitesentinel integra console",
"scope": "eq",
"trust": 0.3,
"vendor": "opw",
"version": "100170"
},
{
"model": "sitesentinel integra console 16q3.1",
"scope": "eq",
"trust": 0.3,
"vendor": "opw",
"version": "100"
},
{
"model": "sitesentinel isite atg console 17q2.1",
"scope": "ne",
"trust": 0.3,
"vendor": "opw",
"version": null
},
{
"model": "sitesentinel integra console 17q2.1",
"scope": "ne",
"trust": 0.3,
"vendor": "opw",
"version": "500"
},
{
"model": "sitesentinel integra console 17q2.1",
"scope": "ne",
"trust": 0.3,
"vendor": "opw",
"version": "100"
},
{
"model": "16q3.1",
"scope": null,
"trust": 0.2,
"vendor": "sitesentinel isite atg",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sitesentinel isite atg",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sitesentinel isite atg",
"version": "189"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sitesentinel isite atg",
"version": "191"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sitesentinel isite atg",
"version": "195"
},
{
"model": "16q3.1",
"scope": null,
"trust": 0.2,
"vendor": "sitesentinel integra 500",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sitesentinel integra 500",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sitesentinel integra 500",
"version": "189"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sitesentinel integra 500",
"version": "191"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sitesentinel integra 500",
"version": "195"
},
{
"model": "16q3.1",
"scope": null,
"trust": 0.2,
"vendor": "sitesentinel integra 100",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sitesentinel integra 100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sitesentinel integra 100",
"version": "189"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sitesentinel integra 100",
"version": "191"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sitesentinel integra 100",
"version": "195"
}
],
"sources": [
{
"db": "IVD",
"id": "ed1d7081-51f5-4c7d-9067-973dbf8e3b1f"
},
{
"db": "CNVD",
"id": "CNVD-2017-24367"
},
{
"db": "BID",
"id": "100563"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007911"
},
{
"db": "NVD",
"id": "CVE-2017-12733"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-082"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:191:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:16q3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:189:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:195:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "175",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:opwglobal:sitesentinel_isite_atg:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:16q3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:189:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:191:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:195:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "175",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:opwglobal:sitesentinel_integra_500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opwglobal:sitesentinel_integra_100_firmware:189:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opwglobal:sitesentinel_integra_100_firmware:191:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opwglobal:sitesentinel_integra_100_firmware:16q3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opwglobal:sitesentinel_integra_100_firmware:195:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opwglobal:sitesentinel_integra_100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "175",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:opwglobal:sitesentinel_integra_100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12733"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OPW",
"sources": [
{
"db": "BID",
"id": "100563"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-082"
}
],
"trust": 0.9
},
"cve": "CVE-2017-12733",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-12733",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-24367",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "ed1d7081-51f5-4c7d-9067-973dbf8e3b1f",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-103285",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12733",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12733",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-24367",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-082",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "ed1d7081-51f5-4c7d-9067-973dbf8e3b1f",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-103285",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-12733",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ed1d7081-51f5-4c7d-9067-973dbf8e3b1f"
},
{
"db": "CNVD",
"id": "CNVD-2017-24367"
},
{
"db": "VULHUB",
"id": "VHN-103285"
},
{
"db": "VULMON",
"id": "CVE-2017-12733"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007911"
},
{
"db": "NVD",
"id": "CVE-2017-12733"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-082"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An attacker may create an application user account to gain administrative privileges. Multiple OPW Products are prone to an SQL-injection vulnerability and an authentication-bypass vulnerability. \nAn attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions, modify the logic of SQL queries, compromise the software, retrieve information, or modify data; other consequences are possible as well. \nThe following products and versions are vulnerable:\nSiteSentinel Integra 100 Console prior to 175, 175 through 189, 191 through 195 and 16Q3.1\nSiteSentinel Integra 500 Console prior to 175, 175 through 189, 191 through 195 and 16Q3.1\nSiteSentinel iSite ATG Console prior to 175, 175 through 189, 191 through 195 and 16Q3.1. Several OPW products have authentication bypass vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12733"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007911"
},
{
"db": "CNVD",
"id": "CNVD-2017-24367"
},
{
"db": "BID",
"id": "100563"
},
{
"db": "IVD",
"id": "ed1d7081-51f5-4c7d-9067-973dbf8e3b1f"
},
{
"db": "VULHUB",
"id": "VHN-103285"
},
{
"db": "VULMON",
"id": "CVE-2017-12733"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12733",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-243-04",
"trust": 3.5
},
{
"db": "BID",
"id": "100563",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201709-082",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-24367",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007911",
"trust": 0.8
},
{
"db": "IVD",
"id": "ED1D7081-51F5-4C7D-9067-973DBF8E3B1F",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-103285",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-12733",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ed1d7081-51f5-4c7d-9067-973dbf8e3b1f"
},
{
"db": "CNVD",
"id": "CNVD-2017-24367"
},
{
"db": "VULHUB",
"id": "VHN-103285"
},
{
"db": "VULMON",
"id": "CVE-2017-12733"
},
{
"db": "BID",
"id": "100563"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007911"
},
{
"db": "NVD",
"id": "CVE-2017-12733"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-082"
}
]
},
"id": "VAR-201709-1008",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ed1d7081-51f5-4c7d-9067-973dbf8e3b1f"
},
{
"db": "CNVD",
"id": "CNVD-2017-24367"
},
{
"db": "VULHUB",
"id": "VHN-103285"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ed1d7081-51f5-4c7d-9067-973dbf8e3b1f"
},
{
"db": "CNVD",
"id": "CNVD-2017-24367"
}
]
},
"last_update_date": "2023-12-18T13:24:19.600000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "M00-20-4438 - SiteSentinel Integra and iSite Software Upgrade Procedure",
"trust": 0.8,
"url": "http://www.opwglobal.com/docs/libraries/manuals/electronic-systems/opw-fms-manuals/m00-20-4438-integra-software-upgrade.pdf?sfvrsn=14"
},
{
"title": "Patch for OPW Fuel Management Systems SiteSentinel Integra and SiteSentinel iSite Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/101385"
},
{
"title": "Multiple OPW Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74537"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24367"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007911"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-082"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-103285"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007911"
},
{
"db": "NVD",
"id": "CVE-2017-12733"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-243-04"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/100563"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12733"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12733"
},
{
"trust": 0.3,
"url": "http://www.opwglobal.com/"
},
{
"trust": 0.3,
"url": "http://www.opwglobal.com/docs/libraries/manuals/electronic-systems/opw-fms-manuals/m00-20-4438-integra-software-upgrade.pdf?sfvrsn=14"
},
{
"trust": 0.3,
"url": "http://www.opwglobal.com/docs/libraries/technical-bulletins/electronic-systems/fuel-control-and-tank-gauging/service-bulletins/sb-ofms-462.pdf"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24367"
},
{
"db": "VULHUB",
"id": "VHN-103285"
},
{
"db": "VULMON",
"id": "CVE-2017-12733"
},
{
"db": "BID",
"id": "100563"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007911"
},
{
"db": "NVD",
"id": "CVE-2017-12733"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-082"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ed1d7081-51f5-4c7d-9067-973dbf8e3b1f"
},
{
"db": "CNVD",
"id": "CNVD-2017-24367"
},
{
"db": "VULHUB",
"id": "VHN-103285"
},
{
"db": "VULMON",
"id": "CVE-2017-12733"
},
{
"db": "BID",
"id": "100563"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007911"
},
{
"db": "NVD",
"id": "CVE-2017-12733"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-082"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-02T00:00:00",
"db": "IVD",
"id": "ed1d7081-51f5-4c7d-9067-973dbf8e3b1f"
},
{
"date": "2017-09-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-24367"
},
{
"date": "2017-09-09T00:00:00",
"db": "VULHUB",
"id": "VHN-103285"
},
{
"date": "2017-09-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-12733"
},
{
"date": "2017-08-30T00:00:00",
"db": "BID",
"id": "100563"
},
{
"date": "2017-10-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007911"
},
{
"date": "2017-09-09T01:29:02.423000",
"db": "NVD",
"id": "CVE-2017-12733"
},
{
"date": "2017-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-082"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-24367"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-103285"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-12733"
},
{
"date": "2017-08-30T00:00:00",
"db": "BID",
"id": "100563"
},
{
"date": "2017-10-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007911"
},
{
"date": "2019-10-09T23:23:13.373000",
"db": "NVD",
"id": "CVE-2017-12733"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-082"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-082"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural OPW Fuel Management Systems SiteSentinel Vulnerability related to lack of certification for critical functions in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007911"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "ed1d7081-51f5-4c7d-9067-973dbf8e3b1f"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-082"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…