Sign-up

ID

VAR-201704-1571


CVE

CVE-2017-7689


TITLE

Schneider Electric homeLYnk Controller Command injection vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2017-003127 // CNNVD: CNNVD-201704-582

DESCRIPTION

A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0. A remote attacker exploited the vulnerability to obtain sensitive information. An attacker can exploit this issue to execute arbitrary commands on the affected system with root privileges. This may aid in further attacks

Trust: 2.7

sources: NVD: CVE-2017-7689 // JVNDB: JVNDB-2017-003127 // CNVD: CNVD-2017-05430 // BID: 97585 // IVD: 83db2f2c-242f-45c9-a939-69b381e4a177 // VULHUB: VHN-115892

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 83db2f2c-242f-45c9-a939-69b381e4a177 // CNVD: CNVD-2017-05430

AFFECTED PRODUCTS

vendor:schneider electricmodel:homelynk controller lss100100scope:ltversion:1.5.0

Trust: 1.8

vendor:schneidermodel:electric homelynk controllerscope:ltversion:1.5.0

Trust: 0.6

vendor:schneider electricmodel:homelynk controller lss100100scope:eqversion:1.3.0

Trust: 0.6

vendor:schneider electricmodel:homelynk controllerscope:eqversion:1.2

Trust: 0.3

vendor:schneider electricmodel:homelynk controllerscope:eqversion:1.0

Trust: 0.3

vendor:schneider electricmodel:homelynk controllerscope:neversion:1.5

Trust: 0.3

vendor:homelynk controller lss100100model: - scope:eqversion:*

Trust: 0.2

sources: IVD: 83db2f2c-242f-45c9-a939-69b381e4a177 // CNVD: CNVD-2017-05430 // BID: 97585 // JVNDB: JVNDB-2017-003127 // NVD: CVE-2017-7689 // CNNVD: CNNVD-201704-582

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2017-7689
value: CRITICAL

Trust: 1.8

CNVD: CNVD-2017-05430
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201704-582
value: CRITICAL

Trust: 0.6

IVD: 83db2f2c-242f-45c9-a939-69b381e4a177
value: CRITICAL

Trust: 0.2

VULHUB: VHN-115892
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2017-7689
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2017-05430
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 83db2f2c-242f-45c9-a939-69b381e4a177
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-115892
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2017-7689
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 83db2f2c-242f-45c9-a939-69b381e4a177 // CNVD: CNVD-2017-05430 // VULHUB: VHN-115892 // JVNDB: JVNDB-2017-003127 // NVD: CVE-2017-7689 // CNNVD: CNNVD-201704-582

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

sources: VULHUB: VHN-115892 // JVNDB: JVNDB-2017-003127 // NVD: CVE-2017-7689

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-582

TYPE

Command injection

Trust: 0.8

sources: IVD: 83db2f2c-242f-45c9-a939-69b381e4a177 // CNNVD: CNNVD-201704-582

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2017-7689

PATCH
title:SEVD-2017-052-02url:http://download.schneider-electric.com/files?p_doc_ref=sevd-2017-052-02
Trust: 0.8
title:Schneider Electric homeLYnk Controller security bypass vulnerability patchurl:https://www.cnvd.org.cn/patchinfo/show/92793
Trust: 0.6
title:Schneider Electric homeLYnk Controller Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70173
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-05430 // 
            
            
            
            JVNDB: JVNDB-2017-003127 // 
            
            
            
            CNNVD: CNNVD-201704-582

EXTERNAL IDS
db:NVDid:CVE-2017-7689
Trust: 3.6
db:SCHNEIDERid:SEVD-2017-052-02
Trust: 2.6
db:ICS CERTid:ICSA-17-019-01A
Trust: 2.5
db:BIDid:97585
Trust: 2.0
db:CNNVDid:CNNVD-201704-582
Trust: 0.9
db:CNVDid:CNVD-2017-05430
Trust: 0.8
db:JVNDBid:JVNDB-2017-003127
Trust: 0.8
db:IVDid:83DB2F2C-242F-45C9-A939-69B381E4A177
Trust: 0.2
db:VULHUBid:VHN-115892
Trust: 0.1
sources:
            
            
            IVD: 83db2f2c-242f-45c9-a939-69b381e4a177 // 
            
            
            
            CNVD: CNVD-2017-05430 // 
            
            
            
            VULHUB: VHN-115892 // 
            
            
            
            BID: 97585 // 
            
            
            
            JVNDB: JVNDB-2017-003127 // 
            
            
            
            NVD: CVE-2017-7689 // 
            
            
            
            CNNVD: CNNVD-201704-582

REFERENCES
url:http://download.schneider-electric.com/files?p_doc_ref=sevd-2017-052-02
Trust: 2.6
url:https://ics-cert.us-cert.gov/advisories/icsa-17-019-01a
Trust: 2.5
url:http://www.securityfocus.com/bid/97585
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2017-7689
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7689
Trust: 0.8
url:http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-05430 // 
            
            
            
            VULHUB: VHN-115892 // 
            
            
            
            BID: 97585 // 
            
            
            
            JVNDB: JVNDB-2017-003127 // 
            
            
            
            NVD: CVE-2017-7689 // 
            
            
            
            CNNVD: CNNVD-201704-582

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 97585

SOURCES
db:IVDid:83db2f2c-242f-45c9-a939-69b381e4a177
db:CNVDid:CNVD-2017-05430
db:VULHUBid:VHN-115892
db:BIDid:97585
db:JVNDBid:JVNDB-2017-003127
db:NVDid:CVE-2017-7689
db:CNNVDid:CNNVD-201704-582

LAST UPDATE DATE
2023-12-18T12:20:03.286000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-05430date:2017-04-26T00:00:00
db:VULHUBid:VHN-115892date:2017-04-18T00:00:00
db:BIDid:97585date:2017-04-18T00:04:00
db:JVNDBid:JVNDB-2017-003127date:2017-05-16T00:00:00
db:NVDid:CVE-2017-7689date:2022-02-02T02:13:51.540
db:CNNVDid:CNNVD-201704-582date:2022-02-07T00:00:00

SOURCES RELEASE DATE
db:IVDid:83db2f2c-242f-45c9-a939-69b381e4a177date:2017-04-26T00:00:00
db:CNVDid:CNVD-2017-05430date:2017-04-26T00:00:00
db:VULHUBid:VHN-115892date:2017-04-11T00:00:00
db:BIDid:97585date:2017-02-21T00:00:00
db:JVNDBid:JVNDB-2017-003127date:2017-05-16T00:00:00
db:NVDid:CVE-2017-7689date:2017-04-11T21:59:00.150
db:CNNVDid:CNNVD-201704-582date:2017-04-11T00:00:00