Details of VAR-201705-3542

ID

VAR-201705-3542

CVE

CVE-2017-6048

TITLE

Satel Iberia of SenNet Data Logger and Electricity Meters Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-004293

DESCRIPTION

A Command Injection issue was discovered in Satel Iberia SenNet Data Logger and Electricity Meters: SenNet Optimal DataLogger V5.37c-1.43c and prior, SenNet Solar Datalogger V5.03-1.56a and prior, and SenNet Multitask Meter V5.21a-1.18b and prior. Successful exploitation of this vulnerability could result in the attacker breaking out of the jailed shell and gaining full access to the system. SatelSenNetOptimalDataLogger, SenNetSolarDatalogger and SenNetMultitaskMeter are products of Satel, Spain. Both SenNetOptimalDataLogger and SenNetSolarDatalogger are data collectors. The SenNetMultitaskMeter is a multi-function meter. There are command injection vulnerabilities in several Satel products. SenNet Data Logger and Electricity Meters are prone to a remote command-injection vulnerability. Successful exploit allows an attacker to execute arbitrary commands in the context of the affected devices

Trust: 2.61

sources: NVD: CVE-2017-6048 // JVNDB: JVNDB-2017-004293 // CNVD: CNVD-2017-06954 // BID: 98417 // IVD: 404d7f07-4689-4f7c-950c-b795eea8b7ee

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 404d7f07-4689-4f7c-950c-b795eea8b7ee // CNVD: CNVD-2017-06954

AFFECTED PRODUCTS

vendor:	satel iberia	model:	sennet multitask meter	scope:	lte	version:	5.21a-1.18b	Trust: 1.0
vendor:	satel iberia	model:	sennet solar datalogger	scope:	lte	version:	5.03-1.56a	Trust: 1.0
vendor:	satel iberia	model:	sennet optimal datalogger	scope:	lte	version:	5.37c-1.43c	Trust: 1.0
vendor:	satel iberia	model:	sennet multitask meter	scope:	lte	version:	v5.21a-1.18b	Trust: 0.8
vendor:	satel iberia	model:	sennet optimal datalogger	scope:	lte	version:	v5.37c-1.43c	Trust: 0.8
vendor:	satel iberia	model:	sennet solar datalogger	scope:	lte	version:	v5.03-1.56a	Trust: 0.8
vendor:	satel	model:	iberia sennet multitask meter <=v5.21a-1.18b	scope:	-	version:	-	Trust: 0.6
vendor:	satel	model:	iberia sennet solar datalogger <=v5.03-1.56a	scope:	-	version:	-	Trust: 0.6
vendor:	satel	model:	iberia sennet optimal datalogger <=v5.37c-1.43c	scope:	-	version:	-	Trust: 0.6
vendor:	satel iberia	model:	sennet solar datalogger	scope:	eq	version:	5.03-1.56a	Trust: 0.6
vendor:	satel iberia	model:	sennet multitask meter	scope:	eq	version:	5.21a-1.18b	Trust: 0.6
vendor:	satel iberia	model:	sennet optimal datalogger	scope:	eq	version:	5.37c-1.43c	Trust: 0.6
vendor:	satel	model:	iberia sennet solar datalogger 5.03-1.56a	scope:	-	version:	-	Trust: 0.3
vendor:	satel	model:	iberia sennet optimal datalogger 5.37c-1.43c	scope:	-	version:	-	Trust: 0.3
vendor:	satel	model:	iberia sennet multitask meter 5.21a-1.18b	scope:	-	version:	-	Trust: 0.3
vendor:	sennet multitask meter	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	sennet optimal datalogger	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	sennet solar datalogger	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 404d7f07-4689-4f7c-950c-b795eea8b7ee // CNVD: CNVD-2017-06954 // BID: 98417 // JVNDB: JVNDB-2017-004293 // CNNVD: CNNVD-201705-640 // NVD: CVE-2017-6048

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6048
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-6048
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-06954
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201705-640
value:	HIGH
Trust: 0.6
IVD:	404d7f07-4689-4f7c-950c-b795eea8b7ee
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2017-6048
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-06954
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	404d7f07-4689-4f7c-950c-b795eea8b7ee
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2017-6048
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: 404d7f07-4689-4f7c-950c-b795eea8b7ee // CNVD: CNVD-2017-06954 // JVNDB: JVNDB-2017-004293 // CNNVD: CNNVD-201705-640 // NVD: CVE-2017-6048

PROBLEMTYPE DATA

problemtype:

CWE-77

Trust: 1.8

sources: JVNDB: JVNDB-2017-004293 // NVD: CVE-2017-6048

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-640

TYPE

Command injection

Trust: 0.8

sources: IVD: 404d7f07-4689-4f7c-950c-b795eea8b7ee // CNNVD: CNNVD-201705-640

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004293

PATCH

title:	Top Page	url:	http://www.satel-iberia.com/	Trust: 0.8
title:	Patches for various Satel product command injection vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/93947	Trust: 0.6
title:	Multiple Satel Product Command Injection Vulnerability Fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70110	Trust: 0.6

sources: CNVD: CNVD-2017-06954 // JVNDB: JVNDB-2017-004293 // CNNVD: CNNVD-201705-640

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6048	Trust: 3.5
db:	ICS CERT	id:	ICSA-17-131-02	Trust: 3.3
db:	CNVD	id:	CNVD-2017-06954	Trust: 0.8
db:	CNNVD	id:	CNNVD-201705-640	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-004293	Trust: 0.8
db:	BID	id:	98417	Trust: 0.3
db:	IVD	id:	404D7F07-4689-4F7C-950C-B795EEA8B7EE	Trust: 0.2

sources: IVD: 404d7f07-4689-4f7c-950c-b795eea8b7ee // CNVD: CNVD-2017-06954 // BID: 98417 // JVNDB: JVNDB-2017-004293 // CNNVD: CNNVD-201705-640 // NVD: CVE-2017-6048

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-131-02	Trust: 3.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6048	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6048	Trust: 0.8
url:	http://www.sennetmonitoring.com/en/dataloggers/	Trust: 0.3
url:	http://www.sennetmonitoring.com/en/electricity-meters/	Trust: 0.3

sources: CNVD: CNVD-2017-06954 // BID: 98417 // JVNDB: JVNDB-2017-004293 // CNNVD: CNNVD-201705-640 // NVD: CVE-2017-6048

CREDITS

Karn Ganeshan

Trust: 0.3

sources: BID: 98417

SOURCES

db:	IVD	id:	404d7f07-4689-4f7c-950c-b795eea8b7ee
db:	CNVD	id:	CNVD-2017-06954
db:	BID	id:	98417
db:	JVNDB	id:	JVNDB-2017-004293
db:	CNNVD	id:	CNNVD-201705-640
db:	NVD	id:	CVE-2017-6048

LAST UPDATE DATE

2025-04-20T23:35:50.268000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-06954	date:	2017-05-18T00:00:00
db:	BID	id:	98417	date:	2017-05-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-004293	date:	2017-06-21T00:00:00
db:	CNNVD	id:	CNNVD-201705-640	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-6048	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	404d7f07-4689-4f7c-950c-b795eea8b7ee	date:	2017-05-18T00:00:00
db:	CNVD	id:	CNVD-2017-06954	date:	2017-05-18T00:00:00
db:	BID	id:	98417	date:	2017-05-11T00:00:00
db:	JVNDB	id:	JVNDB-2017-004293	date:	2017-06-21T00:00:00
db:	CNNVD	id:	CNNVD-201705-640	date:	2017-05-12T00:00:00
db:	NVD	id:	CVE-2017-6048	date:	2017-05-19T03:29:00.543