VAR-201710-1319
Vulnerability from variot - Updated: 2023-12-18 13:02An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely. Envidas Ultimate is Envitech Ltd's intelligent, versatile, multi-site continuous emissions monitoring and data acquisition system. Envitech EnviDAS Ultimate is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-1319",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "envidas ultimate",
"scope": "lte",
"trust": 1.0,
"vendor": "envitech",
"version": "1.0.0.4"
},
{
"model": "envidas ultimate",
"scope": "lt",
"trust": 0.8,
"vendor": "envitech",
"version": "1.0.0.5"
},
{
"model": "envidas ultimate",
"scope": "lt",
"trust": 0.6,
"vendor": "envitech",
"version": "v1.0.0.5"
},
{
"model": "envidas ultimate",
"scope": "eq",
"trust": 0.6,
"vendor": "envitech",
"version": "1.0.0.4"
},
{
"model": "ltd envidas ultimate",
"scope": "eq",
"trust": 0.3,
"vendor": "envitech",
"version": "1.0.0.4"
},
{
"model": "ltd envidas ultimate",
"scope": "ne",
"trust": 0.3,
"vendor": "envitech",
"version": "1.0.0.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "envidas ultimate",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
},
{
"db": "CNVD",
"id": "CNVD-2017-29974"
},
{
"db": "BID",
"id": "101249"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009513"
},
{
"db": "NVD",
"id": "CVE-2017-9625"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-577"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:envitech:envidas_ultimate:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.0.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9625"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Can Demirel and Deniz ?evik of Biznet Bilisim",
"sources": [
{
"db": "BID",
"id": "101249"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9625",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-9625",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-29974",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 8.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-9625",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9625",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-29974",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-577",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
},
{
"db": "CNVD",
"id": "CNVD-2017-29974"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009513"
},
{
"db": "NVD",
"id": "CVE-2017-9625"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-577"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely. Envidas Ultimate is Envitech Ltd\u0027s intelligent, versatile, multi-site continuous emissions monitoring and data acquisition system. Envitech EnviDAS Ultimate is prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9625"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009513"
},
{
"db": "CNVD",
"id": "CNVD-2017-29974"
},
{
"db": "BID",
"id": "101249"
},
{
"db": "IVD",
"id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9625",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-285-03",
"trust": 3.3
},
{
"db": "BID",
"id": "101249",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-29974",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-577",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009513",
"trust": 0.8
},
{
"db": "IVD",
"id": "3A32BA24-6E0F-4236-9CC1-A3BF2668DDE7",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
},
{
"db": "CNVD",
"id": "CNVD-2017-29974"
},
{
"db": "BID",
"id": "101249"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009513"
},
{
"db": "NVD",
"id": "CVE-2017-9625"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-577"
}
]
},
"id": "VAR-201710-1319",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
},
{
"db": "CNVD",
"id": "CNVD-2017-29974"
}
],
"trust": 1.425
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
},
{
"db": "CNVD",
"id": "CNVD-2017-29974"
}
]
},
"last_update_date": "2023-12-18T13:02:52.382000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.envitech.co.il/"
},
{
"title": "Envitech Ltd EnviDAS Ultimate authentication bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/103555"
},
{
"title": "Envitech EnviDAS Ultimate Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100113"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29974"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009513"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-577"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009513"
},
{
"db": "NVD",
"id": "CVE-2017-9625"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-285-03"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/101249"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9625"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9625"
},
{
"trust": 0.3,
"url": "http://envitech.co.il/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29974"
},
{
"db": "BID",
"id": "101249"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009513"
},
{
"db": "NVD",
"id": "CVE-2017-9625"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-577"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
},
{
"db": "CNVD",
"id": "CNVD-2017-29974"
},
{
"db": "BID",
"id": "101249"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009513"
},
{
"db": "NVD",
"id": "CVE-2017-9625"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-577"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-13T00:00:00",
"db": "IVD",
"id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
},
{
"date": "2017-10-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-29974"
},
{
"date": "2017-10-12T00:00:00",
"db": "BID",
"id": "101249"
},
{
"date": "2017-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009513"
},
{
"date": "2017-10-17T22:29:00.463000",
"db": "NVD",
"id": "CVE-2017-9625"
},
{
"date": "2017-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-577"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-29974"
},
{
"date": "2017-10-12T00:00:00",
"db": "BID",
"id": "101249"
},
{
"date": "2017-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009513"
},
{
"date": "2019-10-09T23:30:43.143000",
"db": "NVD",
"id": "CVE-2017-9625"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-577"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-577"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Envitech Ltd EnviDAS Ultimate Authentication Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
},
{
"db": "CNVD",
"id": "CNVD-2017-29974"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-577"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…