Details of VAR-201708-0988

ID

VAR-201708-0988

CVE

CVE-2017-11494

TITLE

SOL.Connect ISET-mpp meter In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-006704

DESCRIPTION

SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action. SOL.Connect ISET-mpp meter Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SOL.Connect ISET-mpp meter is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. SOL.Connect ISET-mpp meter 1.2.4.2 is vulnerable; other versions may also be affected. Popendorf Software Engineering SOL.Connect ISET-mpp meter is a photovoltaic equipment data acquisition meter from Popendorf Software Engineering in Germany

Trust: 1.98

sources: NVD: CVE-2017-11494 // JVNDB: JVNDB-2017-006704 // BID: 100067 // VULHUB: VHN-101922

AFFECTED PRODUCTS

vendor:	sol connect	model:	sol.connect iset-mpp meter	scope:	eq	version:	1.2.4.2	Trust: 1.6
vendor:	papendorf engineering	model:	sol.connect iset-mpp meter	scope:	lte	version:	1.2.4.2	Trust: 0.8
vendor:	papendorf	model:	software engineering sol.connect iset-mpp meter	scope:	eq	version:	1.2.4.2	Trust: 0.3

sources: BID: 100067 // JVNDB: JVNDB-2017-006704 // CNNVD: CNNVD-201707-927 // NVD: CVE-2017-11494

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-11494
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-11494
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201707-927
value:	HIGH
Trust: 0.6
VULHUB:	VHN-101922
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-11494
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-101922
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-11494
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-101922 // JVNDB: JVNDB-2017-006704 // CNNVD: CNNVD-201707-927 // NVD: CVE-2017-11494

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-101922 // JVNDB: JVNDB-2017-006704 // NVD: CVE-2017-11494

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-927

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201707-927

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-006704

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-101922

PATCH

title:

SOL.Connect meter mpp

url:

http://sol-connect.de/front_content.php?idart=32

Trust: 0.8

sources: JVNDB: JVNDB-2017-006704

EXTERNAL IDS

db:	NVD	id:	CVE-2017-11494	Trust: 2.8
db:	BID	id:	100067	Trust: 1.4
db:	EXPLOIT-DB	id:	42408	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-006704	Trust: 0.8
db:	CNNVD	id:	CNNVD-201707-927	Trust: 0.6
db:	PACKETSTORM	id:	143585	Trust: 0.1
db:	VULHUB	id:	VHN-101922	Trust: 0.1

sources: VULHUB: VHN-101922 // BID: 100067 // JVNDB: JVNDB-2017-006704 // CNNVD: CNNVD-201707-927 // NVD: CVE-2017-11494

REFERENCES

url:	http://www.securityfocus.com/archive/1/archive/1/540946/100/0/threaded	Trust: 1.4
url:	http://www.securityfocus.com/bid/100067	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/540946/100/0/threaded	Trust: 1.1
url:	https://www.exploit-db.com/exploits/42408/	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11494	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-11494	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/540946	Trust: 0.3
url:	http://sol-connect.de/front_content.php?idart=32	Trust: 0.3

sources: VULHUB: VHN-101922 // BID: 100067 // JVNDB: JVNDB-2017-006704 // CNNVD: CNNVD-201707-927 // NVD: CVE-2017-11494

CREDITS

Andy Tan

Trust: 0.3

sources: BID: 100067

SOURCES

db:	VULHUB	id:	VHN-101922
db:	BID	id:	100067
db:	JVNDB	id:	JVNDB-2017-006704
db:	CNNVD	id:	CNNVD-201707-927
db:	NVD	id:	CVE-2017-11494

LAST UPDATE DATE

2025-04-20T23:15:59.628000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-101922	date:	2018-10-09T00:00:00
db:	BID	id:	100067	date:	2017-08-01T00:00:00
db:	JVNDB	id:	JVNDB-2017-006704	date:	2017-09-01T00:00:00
db:	CNNVD	id:	CNNVD-201707-927	date:	2017-08-03T00:00:00
db:	NVD	id:	CVE-2017-11494	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-101922	date:	2017-08-02T00:00:00
db:	BID	id:	100067	date:	2017-08-01T00:00:00
db:	JVNDB	id:	JVNDB-2017-006704	date:	2017-09-01T00:00:00
db:	CNNVD	id:	CNNVD-201707-927	date:	2017-07-21T00:00:00
db:	NVD	id:	CVE-2017-11494	date:	2017-08-02T14:29:00.260