VAR-201710-0790
Vulnerability from variot - Updated: 2023-12-18 13:38An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions. An uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system. This vulnerability does not affect the connected blood glucose monitor and would not impact delivery of therapy to the patient. SmartLog Diabetes Management Software is software for tracking and monitoring individual blood glucose levels by connecting a blood glucose meter to a computer via USB. i-SENS SmartLog Diabetes Management Software has a code execution vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0790",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smartlog diabetes management software",
"scope": "lte",
"trust": 1.8,
"vendor": "i sens",
"version": "2.4.0"
},
{
"model": "smartlog diabetes management software",
"scope": "eq",
"trust": 0.9,
"vendor": "i sens",
"version": "2.4.0"
},
{
"model": "smartlog diabetes management software",
"scope": "lte",
"trust": 0.6,
"vendor": "i sens",
"version": "\u003c=2.4.0"
},
{
"model": "smartlog diabetes management software",
"scope": "ne",
"trust": 0.3,
"vendor": "i sens",
"version": "2.4.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "smartlog diabetes management",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "78f2231c-fb79-43f8-9428-2a4daaeb1954"
},
{
"db": "CNVD",
"id": "CNVD-2017-25724"
},
{
"db": "BID",
"id": "100659"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009405"
},
{
"db": "NVD",
"id": "CVE-2017-13993"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-527"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:i-sens:smartlog_diabetes_management_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13993"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mark Cross",
"sources": [
{
"db": "BID",
"id": "100659"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-527"
}
],
"trust": 0.9
},
"cve": "CVE-2017-13993",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-13993",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-25724",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "78f2231c-fb79-43f8-9428-2a4daaeb1954",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-13993",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-13993",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-25724",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-527",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "78f2231c-fb79-43f8-9428-2a4daaeb1954",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "78f2231c-fb79-43f8-9428-2a4daaeb1954"
},
{
"db": "CNVD",
"id": "CNVD-2017-25724"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009405"
},
{
"db": "NVD",
"id": "CVE-2017-13993"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-527"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions. An uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system. This vulnerability does not affect the connected blood glucose monitor and would not impact delivery of therapy to the patient. SmartLog Diabetes Management Software is software for tracking and monitoring individual blood glucose levels by connecting a blood glucose meter to a computer via USB. i-SENS SmartLog Diabetes Management Software has a code execution vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13993"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009405"
},
{
"db": "CNVD",
"id": "CNVD-2017-25724"
},
{
"db": "BID",
"id": "100659"
},
{
"db": "IVD",
"id": "78f2231c-fb79-43f8-9428-2a4daaeb1954"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-13993",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSMA-17-250-01",
"trust": 3.3
},
{
"db": "BID",
"id": "100659",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-25724",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-527",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009405",
"trust": 0.8
},
{
"db": "IVD",
"id": "78F2231C-FB79-43F8-9428-2A4DAAEB1954",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "78f2231c-fb79-43f8-9428-2a4daaeb1954"
},
{
"db": "CNVD",
"id": "CNVD-2017-25724"
},
{
"db": "BID",
"id": "100659"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009405"
},
{
"db": "NVD",
"id": "CVE-2017-13993"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-527"
}
]
},
"id": "VAR-201710-0790",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "78f2231c-fb79-43f8-9428-2a4daaeb1954"
},
{
"db": "CNVD",
"id": "CNVD-2017-25724"
}
],
"trust": 1.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "78f2231c-fb79-43f8-9428-2a4daaeb1954"
},
{
"db": "CNVD",
"id": "CNVD-2017-25724"
}
]
},
"last_update_date": "2023-12-18T13:38:51.887000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SmartLog",
"trust": 0.8,
"url": "http://www.caresens.com.au/products/software/smartlog"
},
{
"title": "Patch for i-SENS SmartLog Diabetes Management Software Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/101788"
},
{
"title": "i-SENS SmartLog Diabetes Management Software Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74734"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-25724"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009405"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-527"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009405"
},
{
"db": "NVD",
"id": "CVE-2017-13993"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-17-250-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100659"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13993"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13993"
},
{
"trust": 0.3,
"url": "http://www.caresens.com.au/products/software/smartlog"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-25724"
},
{
"db": "BID",
"id": "100659"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009405"
},
{
"db": "NVD",
"id": "CVE-2017-13993"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-527"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "78f2231c-fb79-43f8-9428-2a4daaeb1954"
},
{
"db": "CNVD",
"id": "CNVD-2017-25724"
},
{
"db": "BID",
"id": "100659"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009405"
},
{
"db": "NVD",
"id": "CVE-2017-13993"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-527"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-08T00:00:00",
"db": "IVD",
"id": "78f2231c-fb79-43f8-9428-2a4daaeb1954"
},
{
"date": "2017-09-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-25724"
},
{
"date": "2017-09-07T00:00:00",
"db": "BID",
"id": "100659"
},
{
"date": "2017-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009405"
},
{
"date": "2017-10-05T01:29:05.197000",
"db": "NVD",
"id": "CVE-2017-13993"
},
{
"date": "2017-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-527"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-25724"
},
{
"date": "2017-09-07T00:00:00",
"db": "BID",
"id": "100659"
},
{
"date": "2017-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009405"
},
{
"date": "2019-10-09T23:23:41.343000",
"db": "NVD",
"id": "CVE-2017-13993"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-527"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "100659"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-527"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "i-SENS SmartLog Diabetes Management Software Code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "78f2231c-fb79-43f8-9428-2a4daaeb1954"
},
{
"db": "CNVD",
"id": "CNVD-2017-25724"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "78f2231c-fb79-43f8-9428-2a4daaeb1954"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-527"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…