ID
VAR-201706-0463
CVE
CVE-2017-6039
TITLE
Phoenix Broadband Technologies LLC PowerAgent SC3 Site Controller Security Bypass Vulnerability
Trust: 1.1
sources:
IVD: 56f9e832-a5f4-4ed5-a700-8484d29ea117 //
CNVD: CNVD-2017-11833 //
BID: 98781
DESCRIPTION
A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device. PhoenixBroadbandTechnologies LLC PowerAgentSC3 is a monitoring company launched by American company Phoenix Technology Co., Ltd. Phoenix Broadband PowerAgent SC3 BMS is a remote power detection system of Phoenix Broadband Company in the United States
Trust: 2.7
sources:
NVD: CVE-2017-6039 //
JVNDB: JVNDB-2017-004686 //
CNVD: CNVD-2017-11833 //
BID: 98781 //
IVD: 56f9e832-a5f4-4ed5-a700-8484d29ea117 //
VULHUB: VHN-114242
IOT TAXONOMY
| category: | ['ICS', 'Network device'] | sub_category: | - | Trust: 0.6 |
| category: | ['ICS'] | sub_category: | - | Trust: 0.2 |
sources:
IVD: 56f9e832-a5f4-4ed5-a700-8484d29ea117 //
CNVD: CNVD-2017-11833
AFFECTED PRODUCTS
| vendor: | phoenixbroadband | model: | poweragent sc3 bms | scope: | lte | version: | 6.86 | Trust: 1.0 |
| vendor: | phoenix broadband | model: | poweragent sc3 bms | scope: | lt | version: | v6.87 | Trust: 0.8 |
| vendor: | phoenix broadband | model: | llc poweragent sc3 site controller | scope: | lt | version: | 6.87 | Trust: 0.6 |
| vendor: | phoenixbroadband | model: | poweragent sc3 bms | scope: | eq | version: | 6.86 | Trust: 0.6 |
| vendor: | poweragent sc3 bms | model: | - | scope: | eq | version: | * | Trust: 0.2 |
sources:
IVD: 56f9e832-a5f4-4ed5-a700-8484d29ea117 //
CNVD: CNVD-2017-11833 //
JVNDB: JVNDB-2017-004686 //
CNNVD: CNNVD-201706-034 //
NVD: CVE-2017-6039
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
IVD: 56f9e832-a5f4-4ed5-a700-8484d29ea117 //
CNVD: CNVD-2017-11833 //
VULHUB: VHN-114242 //
JVNDB: JVNDB-2017-004686 //
CNNVD: CNNVD-201706-034 //
NVD: CVE-2017-6039
PROBLEMTYPE DATA
| problemtype: | CWE-798 | Trust: 1.9 |
| problemtype: | CWE-259 | Trust: 1.0 |
sources:
VULHUB: VHN-114242 //
JVNDB: JVNDB-2017-004686 //
NVD: CVE-2017-6039
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201706-034
TYPE
trust management problem
Trust: 0.6
sources:
CNNVD: CNNVD-201706-034
CONFIGURATIONS
sources:
JVNDB: JVNDB-2017-004686
PATCH
| title: | Top Page | url: | http://www.phoenixbroadband.com/ | Trust: 0.8 |
| title: | PhoenixBroadbandTechnologiesLLCPowerAgentSC3SiteController security bypass vulnerability patch | url: | https://www.cnvd.org.cn/patchInfo/show/96629 | Trust: 0.6 |
| title: | Phoenix Broadband PowerAgent SC3 BMS Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70735 | Trust: 0.6 |
sources:
CNVD: CNVD-2017-11833 //
JVNDB: JVNDB-2017-004686 //
CNNVD: CNNVD-201706-034
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-6039 | Trust: 3.6 |
| db: | ICS CERT | id: | ICSA-17-152-01 | Trust: 2.8 |
| db: | BID | id: | 98781 | Trust: 2.6 |
| db: | CNNVD | id: | CNNVD-201706-034 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2017-11833 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2017-004686 | Trust: 0.8 |
| db: | IVD | id: | 56F9E832-A5F4-4ED5-A700-8484D29EA117 | Trust: 0.2 |
| db: | VULHUB | id: | VHN-114242 | Trust: 0.1 |
sources:
IVD: 56f9e832-a5f4-4ed5-a700-8484d29ea117 //
CNVD: CNVD-2017-11833 //
VULHUB: VHN-114242 //
BID: 98781 //
JVNDB: JVNDB-2017-004686 //
CNNVD: CNNVD-201706-034 //
NVD: CVE-2017-6039
REFERENCES
| url: | https://ics-cert.us-cert.gov/advisories/icsa-17-152-01 | Trust: 2.8 |
| url: | http://www.securityfocus.com/bid/98781 | Trust: 2.3 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6039 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-6039 | Trust: 0.8 |
| url: | http://www.phoenixbroadband.com/ | Trust: 0.3 |
sources:
CNVD: CNVD-2017-11833 //
VULHUB: VHN-114242 //
BID: 98781 //
JVNDB: JVNDB-2017-004686 //
CNNVD: CNNVD-201706-034 //
NVD: CVE-2017-6039
CREDITS
I?±aki Rodr??guez.
Trust: 0.6
sources:
CNNVD: CNNVD-201706-034
SOURCES
| db: | IVD | id: | 56f9e832-a5f4-4ed5-a700-8484d29ea117 |
| db: | CNVD | id: | CNVD-2017-11833 |
| db: | VULHUB | id: | VHN-114242 |
| db: | BID | id: | 98781 |
| db: | JVNDB | id: | JVNDB-2017-004686 |
| db: | CNNVD | id: | CNNVD-201706-034 |
| db: | NVD | id: | CVE-2017-6039 |
LAST UPDATE DATE
2025-04-20T23:35:49.666000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-11833 | date: | 2017-06-28T00:00:00 |
| db: | VULHUB | id: | VHN-114242 | date: | 2019-10-09T00:00:00 |
| db: | BID | id: | 98781 | date: | 2017-06-01T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-004686 | date: | 2017-07-04T00:00:00 |
| db: | CNNVD | id: | CNNVD-201706-034 | date: | 2019-10-17T00:00:00 |
| db: | NVD | id: | CVE-2017-6039 | date: | 2025-04-20T01:37:25.860 |
SOURCES RELEASE DATE
| db: | IVD | id: | 56f9e832-a5f4-4ed5-a700-8484d29ea117 | date: | 2017-06-28T00:00:00 |
| db: | CNVD | id: | CNVD-2017-11833 | date: | 2017-06-28T00:00:00 |
| db: | VULHUB | id: | VHN-114242 | date: | 2017-06-02T00:00:00 |
| db: | BID | id: | 98781 | date: | 2017-06-01T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-004686 | date: | 2017-07-04T00:00:00 |
| db: | CNNVD | id: | CNNVD-201706-034 | date: | 2017-06-07T00:00:00 |
| db: | NVD | id: | CVE-2017-6039 | date: | 2017-06-02T14:29:00.200 |