ID
VAR-E-201710-0369
CVE
| cve_id: | CVE-2017-14013 | Trust: 0.3 |
| cve_id: | CVE-2017-14005 | Trust: 0.3 |
| cve_id: | CVE-2017-14009 | Trust: 0.3 |
| cve_id: | CVE-2017-14007 | Trust: 0.3 |
| cve_id: | CVE-2017-14011 | Trust: 0.3 |
TITLE
MultiFLEX M10a Controller Multiple Security Vulnerabilities
Trust: 0.3
DESCRIPTION
MultiFLEX M10a Controller is prone to the following multiple security vulnerabilities:
1. Multiple security-bypass vulnerabilities
2. An information-disclosure vulnerability
3. A cross-site request-forgery vulnerability
Exploiting these issues may allow a remote attacker to perform certain administrative actions, bypass certain security restrictions, gaining unauthorized access to the affected device and obtaining sensitive information; other attacks are also possible.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | prominent | model: | multiflex m10a controller | scope: | eq | version: | 0 | Trust: 0.3 |
EXPLOIT
An attacker can exploit these issues through a browser or readily available tools. To exploit the cross-site request-forgery issue, the attacker must entice an unsuspecting victim into following a malicious URI.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Unknown
Trust: 0.3
CREDITS
Maxim Rupp
Trust: 0.3
EXTERNAL IDS
| db: | ICS CERT | id: | ICSA-17-285-01 | Trust: 0.3 |
| db: | NVD | id: | CVE-2017-14013 | Trust: 0.3 |
| db: | NVD | id: | CVE-2017-14005 | Trust: 0.3 |
| db: | NVD | id: | CVE-2017-14009 | Trust: 0.3 |
| db: | NVD | id: | CVE-2017-14007 | Trust: 0.3 |
| db: | NVD | id: | CVE-2017-14011 | Trust: 0.3 |
| db: | BID | id: | 101259 | Trust: 0.3 |
REFERENCES
| url: | https://www.prominent.us/ | Trust: 0.3 |
| url: | https://ics-cert.us-cert.gov/advisories/icsa-17-285-01 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 101259 |
LAST UPDATE DATE
2022-07-27T09:44:43.382000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 101259 | date: | 2017-10-13T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 101259 | date: | 2017-10-13T00:00:00 |