Sign-up

ID

VAR-201705-3685


CVE

CVE-2017-6564


TITLE

Franklin Fueling Systems TS-550 evo Device access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-003716

DESCRIPTION

On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as databases which contain information that can aid in further attacks. The system is used to monitor fuel storage and provides an intuitive and easy-to-read interface for alarm functions

Trust: 1.71

sources: NVD: CVE-2017-6564 // JVNDB: JVNDB-2017-003716 // VULHUB: VHN-114767

AFFECTED PRODUCTS

vendor:franklinfuelingmodel:ts-550 evoscope:eqversion:2.3.0.7332

Trust: 1.6

vendor:franklin fuelingmodel:ts-550 evoscope:eqversion:2.3.0.7332

Trust: 0.8

sources: JVNDB: JVNDB-2017-003716 // CNNVD: CNNVD-201703-389 // NVD: CVE-2017-6564

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6564
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6564
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201703-389
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114767
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6564
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114767
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6564
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114767 // JVNDB: JVNDB-2017-003716 // CNNVD: CNNVD-201703-389 // NVD: CVE-2017-6564

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.1

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-114767 // JVNDB: JVNDB-2017-003716 // NVD: CVE-2017-6564

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-389

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201703-389

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003716

PATCH
title:TS-550 evo & TS-5000 evourl:http://www.franklinfueling.com/americas/fms/featured/1697/en/ts-550-evo-ts-5000-evo#Highlights
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-003716

EXTERNAL IDS
db:NVDid:CVE-2017-6564
Trust: 2.5
db:JVNDBid:JVNDB-2017-003716
Trust: 0.8
db:CNNVDid:CNNVD-201703-389
Trust: 0.7
db:VULHUBid:VHN-114767
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114767 // 
            
            
            
            JVNDB: JVNDB-2017-003716 // 
            
            
            
            CNNVD: CNNVD-201703-389 // 
            
            
            
            NVD: CVE-2017-6564

REFERENCES
url:http://www.u235.io/single-post/2017/05/01/penetrating-fuel-management-systems
Trust: 2.5
url:https://gist.github.com/stick-u235/b187931f828e92866d09b9bdeb956ca2
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6564
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6564
Trust: 0.8
sources:
            
            
            VULHUB: VHN-114767 // 
            
            
            
            JVNDB: JVNDB-2017-003716 // 
            
            
            
            CNNVD: CNNVD-201703-389 // 
            
            
            
            NVD: CVE-2017-6564

SOURCES
db:VULHUBid:VHN-114767
db:JVNDBid:JVNDB-2017-003716
db:CNNVDid:CNNVD-201703-389
db:NVDid:CVE-2017-6564

LAST UPDATE DATE
2025-04-20T23:29:41.897000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114767date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-003716date:2017-06-05T00:00:00
db:CNNVDid:CNNVD-201703-389date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6564date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-114767date:2017-05-01T00:00:00
db:JVNDBid:JVNDB-2017-003716date:2017-06-05T00:00:00
db:CNNVDid:CNNVD-201703-389date:2017-03-10T00:00:00
db:NVDid:CVE-2017-6564date:2017-05-01T19:59:00.160