VAR-201802-0616
Vulnerability from variot - Updated: 2023-12-18 13:19An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information. Schneider Electric IGSS Mobile is a set of mobile application for managing IGSS (Shared Services Platform) by Schneider Electric of France. An attacker could use this vulnerability to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-0616",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "igss mobile",
"scope": "lte",
"trust": 1.8,
"vendor": "schneider electric",
"version": "3.01"
},
{
"model": "electric igss mobile app",
"scope": "lte",
"trust": 0.6,
"vendor": "schneider",
"version": "\u003c=3.01"
},
{
"model": "igss mobile",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "3.01"
},
{
"model": "igss mobile for ios",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "3.01"
},
{
"model": "igss mobile for android",
"scope": "eq",
"trust": 0.3,
"vendor": "schneider electric",
"version": "3.01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05675"
},
{
"db": "BID",
"id": "103046"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012625"
},
{
"db": "NVD",
"id": "CVE-2017-9969"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1079"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:igss_mobile:*:*:*:*:*:iphone_os:*:*",
"cpe_name": [],
"versionEndIncluding": "3.01",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:schneider-electric:igss_mobile:*:*:*:*:*:android:*:*",
"cpe_name": [],
"versionEndIncluding": "3.01",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9969"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexander Bolshev (IOActive) and Ivan Yushkevich (Embedi)",
"sources": [
{
"db": "BID",
"id": "103046"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9969",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-9969",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-05675",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-9969",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9969",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-05675",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-1079",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-9969",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05675"
},
{
"db": "VULMON",
"id": "CVE-2017-9969"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012625"
},
{
"db": "NVD",
"id": "CVE-2017-9969"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1079"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An information disclosure vulnerability exists in Schneider Electric\u0027s IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information. Schneider Electric IGSS Mobile is a set of mobile application for managing IGSS (Shared Services Platform) by Schneider Electric of France. An attacker could use this vulnerability to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9969"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012625"
},
{
"db": "CNVD",
"id": "CNVD-2018-05675"
},
{
"db": "BID",
"id": "103046"
},
{
"db": "VULMON",
"id": "CVE-2017-9969"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9969",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-18-046-03",
"trust": 2.8
},
{
"db": "BID",
"id": "103046",
"trust": 2.6
},
{
"db": "SCHNEIDER",
"id": "SEVD-2018-039-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012625",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-05675",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1079",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-9969",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05675"
},
{
"db": "VULMON",
"id": "CVE-2017-9969"
},
{
"db": "BID",
"id": "103046"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012625"
},
{
"db": "NVD",
"id": "CVE-2017-9969"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1079"
}
]
},
"id": "VAR-201802-0616",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05675"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05675"
}
]
},
"last_update_date": "2023-12-18T13:19:15.760000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2018-039-02",
"trust": 0.8,
"url": "https://download.schneider-electric.com/files?p_endoctype=technical+leaflet\u0026p_file_id=9561605997\u0026p_file_name=sevd-2018-039-02+igss+mobile.pdf\u0026p_reference=sevd-2018-039-02"
},
{
"title": "Patch for Schneider Electric IGSS Mobile Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/122057"
},
{
"title": "Schneider Electric IGSS Mobile Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99877"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/zzzteph/zzzteph "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05675"
},
{
"db": "VULMON",
"id": "CVE-2017-9969"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012625"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1079"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012625"
},
{
"db": "NVD",
"id": "CVE-2017-9969"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-046-03"
},
{
"trust": 1.7,
"url": "https://www.schneider-electric.com/en/download/document/sevd-2018-039-02/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103046"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9969"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9969"
},
{
"trust": 0.3,
"url": "http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true"
},
{
"trust": 0.3,
"url": "https://download.schneider-electric.com/files?p_endoctype=technical+leaflet\u0026p_file_id=9111551123\u0026p_file_name=sevd-2018-039-02+igss+mobile.pdf\u0026p_reference=sevd-2018-039-02"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/522.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=56857"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05675"
},
{
"db": "VULMON",
"id": "CVE-2017-9969"
},
{
"db": "BID",
"id": "103046"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012625"
},
{
"db": "NVD",
"id": "CVE-2017-9969"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1079"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-05675"
},
{
"db": "VULMON",
"id": "CVE-2017-9969"
},
{
"db": "BID",
"id": "103046"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012625"
},
{
"db": "NVD",
"id": "CVE-2017-9969"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1079"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05675"
},
{
"date": "2018-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9969"
},
{
"date": "2018-02-08T00:00:00",
"db": "BID",
"id": "103046"
},
{
"date": "2018-03-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012625"
},
{
"date": "2018-02-12T23:29:00.403000",
"db": "NVD",
"id": "CVE-2017-9969"
},
{
"date": "2017-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1079"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05675"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9969"
},
{
"date": "2018-02-08T00:00:00",
"db": "BID",
"id": "103046"
},
{
"date": "2018-03-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012625"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-9969"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1079"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "103046"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1079"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric IGSS Mobile Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05675"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1079"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1079"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…