Details of VAR-201708-1416

ID

VAR-201708-1416

CVE

CVE-2017-9630

TITLE

plural PDQ Manufacturing Authentication vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-007166

DESCRIPTION

An Improper Authentication issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, LaserJet, all versions, ProTouch Tandem, all versions, ProTouch ICON, all versions, and ProTouch AutoGloss, all versions. The web server does not properly verify that provided authentication information is correct. plural PDQ Manufacturing The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PDQ Manufacturing LaserWash G5 and others are all automotive automatic cleaning equipment from PDQ Manufacturing. Web-server is one of the web servers. An attacker can use this vulnerability to gain access to the system and issue commands that affect the normal operation of the system. An authentication bypass vulnerability 2

Trust: 2.7

sources: NVD: CVE-2017-9630 // JVNDB: JVNDB-2017-007166 // CNVD: CNVD-2017-23006 // BID: 100133 // IVD: 636a6fd1-d79a-40a5-9522-e6e1373e1d08 // VULHUB: VHN-117833

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 636a6fd1-d79a-40a5-9522-e6e1373e1d08 // CNVD: CNVD-2017-23006

AFFECTED PRODUCTS

vendor:	pdqinc	model:	laserwash autoxpress plus	scope:	eq	version:	-	Trust: 1.6
vendor:	pdqinc	model:	laserjet	scope:	eq	version:	-	Trust: 1.6
vendor:	pdqinc	model:	laserwash g5 s	scope:	eq	version:	-	Trust: 1.6
vendor:	pdqinc	model:	protouch tandem	scope:	eq	version:	-	Trust: 1.6
vendor:	pdqinc	model:	laserwash 360 plus	scope:	eq	version:	-	Trust: 1.6
vendor:	pdqinc	model:	laserwash m5	scope:	eq	version:	-	Trust: 1.6
vendor:	pdqinc	model:	laserwash 360	scope:	eq	version:	-	Trust: 1.6
vendor:	pdqinc	model:	protouch icon	scope:	eq	version:	-	Trust: 1.6
vendor:	pdqinc	model:	protouch autogloss	scope:	eq	version:	-	Trust: 1.6
vendor:	pdqinc	model:	laserwash autoxpress	scope:	eq	version:	-	Trust: 1.6
vendor:	pdqinc	model:	laserwash g5	scope:	eq	version:	-	Trust: 1.0
vendor:	pdq manufacturing	model:	laserjet	scope:	eq	version:	-	Trust: 0.8
vendor:	pdq manufacturing	model:	laserwash 360 plus	scope:	eq	version:	-	Trust: 0.8
vendor:	pdq manufacturing	model:	laserwash 360	scope:	eq	version:	-	Trust: 0.8
vendor:	pdq manufacturing	model:	laserwash autoexpress plus	scope:	eq	version:	-	Trust: 0.8
vendor:	pdq manufacturing	model:	laserwash autoxpress	scope:	eq	version:	-	Trust: 0.8
vendor:	pdq manufacturing	model:	laserwash g5 s series	scope:	eq	version:	-	Trust: 0.8
vendor:	pdq manufacturing	model:	laserwash g5	scope:	eq	version:	-	Trust: 0.8
vendor:	pdq manufacturing	model:	laserwash m5	scope:	eq	version:	-	Trust: 0.8
vendor:	pdq manufacturing	model:	protouch autogloss	scope:	eq	version:	-	Trust: 0.8
vendor:	pdq manufacturing	model:	protouch icon	scope:	eq	version:	-	Trust: 0.8
vendor:	pdq manufacturing	model:	protouch tandem	scope:	eq	version:	-	Trust: 0.8
vendor:	pdq	model:	manufacturing laserwash g5	scope:	-	version:	-	Trust: 0.6
vendor:	pdq	model:	manufacturing laserwash g5 s	scope:	-	version:	-	Trust: 0.6
vendor:	pdq	model:	manufacturing laserwash m5	scope:	-	version:	-	Trust: 0.6
vendor:	pdq	model:	manufacturing laserwash	scope:	eq	version:	360	Trust: 0.6
vendor:	pdq	model:	manufacturing laserwash plus	scope:	eq	version:	360	Trust: 0.6
vendor:	pdq	model:	manufacturing laserwash autoxpress	scope:	-	version:	-	Trust: 0.6
vendor:	pdq	model:	manufacturing laserwash autoexpress plus	scope:	-	version:	-	Trust: 0.6
vendor:	pdq	model:	manufacturing laserjet	scope:	-	version:	-	Trust: 0.6
vendor:	pdq	model:	manufacturing protouch tandem	scope:	-	version:	-	Trust: 0.6
vendor:	pdq	model:	manufacturing protouch icon	scope:	-	version:	-	Trust: 0.6
vendor:	pdq	model:	manufacturing protouch autogloss	scope:	-	version:	-	Trust: 0.6
vendor:	pdq	model:	manufacturing inc protouch tandem	scope:	eq	version:	0	Trust: 0.3
vendor:	pdq	model:	manufacturing inc protouch icon	scope:	eq	version:	0	Trust: 0.3
vendor:	pdq	model:	manufacturing inc protouch autogloss	scope:	eq	version:	0	Trust: 0.3
vendor:	pdq	model:	manufacturing inc laserwash m5	scope:	eq	version:	0	Trust: 0.3
vendor:	pdq	model:	manufacturing inc laserwash g5 s	scope:	eq	version:	0	Trust: 0.3
vendor:	pdq	model:	manufacturing inc laserwash g5	scope:	eq	version:	0	Trust: 0.3
vendor:	pdq	model:	manufacturing inc laserwash autoxpress	scope:	eq	version:	0	Trust: 0.3
vendor:	pdq	model:	manufacturing inc laserwash autoexpress plus	scope:	eq	version:	0	Trust: 0.3
vendor:	pdq	model:	manufacturing inc laserwash plus	scope:	eq	version:	3600	Trust: 0.3
vendor:	pdq	model:	manufacturing inc laserwash	scope:	eq	version:	3600	Trust: 0.3
vendor:	pdq	model:	manufacturing inc laserjet	scope:	eq	version:	0	Trust: 0.3
vendor:	laserwash g5	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	protouch icon	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	protouch autogloss	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	laserwash g5 s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	laserwash m5	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	laserwash 360	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	laserwash 360 plus	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	laserwash autoxpress	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	laserwash autoxpress plus	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	laserjet	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	protouch tandem	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: 636a6fd1-d79a-40a5-9522-e6e1373e1d08 // CNVD: CNVD-2017-23006 // BID: 100133 // JVNDB: JVNDB-2017-007166 // CNNVD: CNNVD-201708-155 // NVD: CVE-2017-9630

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-9630
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-9630
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-23006
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201708-155
value:	CRITICAL
Trust: 0.6
IVD:	636a6fd1-d79a-40a5-9522-e6e1373e1d08
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-117833
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-9630
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-23006
severity:	HIGH
baseScore:	9.7
vectorString:	AV:N/AC:L/AU:N/C:P/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	9.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	636a6fd1-d79a-40a5-9522-e6e1373e1d08
severity:	HIGH
baseScore:	9.7
vectorString:	AV:N/AC:L/AU:N/C:P/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	9.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-117833
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-9630
baseSeverity:	CRITICAL
baseScore:	9.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.5
version:	3.0
Trust: 1.8

sources: IVD: 636a6fd1-d79a-40a5-9522-e6e1373e1d08 // CNVD: CNVD-2017-23006 // VULHUB: VHN-117833 // JVNDB: JVNDB-2017-007166 // CNNVD: CNNVD-201708-155 // NVD: CVE-2017-9630

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-117833 // JVNDB: JVNDB-2017-007166 // NVD: CVE-2017-9630

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-155

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201708-155

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007166

PATCH

title:	Top Page	url:	https://www.pdqinc.com/	Trust: 0.8
title:	Patches for multiple PDQ product permissions to obtain vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/100891	Trust: 0.6
title:	Multiple PDQ Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72390	Trust: 0.6

sources: CNVD: CNVD-2017-23006 // JVNDB: JVNDB-2017-007166 // CNNVD: CNNVD-201708-155

EXTERNAL IDS

db:	NVD	id:	CVE-2017-9630	Trust: 3.6
db:	ICS CERT	id:	ICSA-17-208-03	Trust: 3.4
db:	CNNVD	id:	CNNVD-201708-155	Trust: 0.9
db:	CNVD	id:	CNVD-2017-23006	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-007166	Trust: 0.8
db:	BID	id:	100133	Trust: 0.3
db:	IVD	id:	636A6FD1-D79A-40A5-9522-E6E1373E1D08	Trust: 0.2
db:	VULHUB	id:	VHN-117833	Trust: 0.1

sources: IVD: 636a6fd1-d79a-40a5-9522-e6e1373e1d08 // CNVD: CNVD-2017-23006 // VULHUB: VHN-117833 // BID: 100133 // JVNDB: JVNDB-2017-007166 // CNNVD: CNNVD-201708-155 // NVD: CVE-2017-9630

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-208-03	Trust: 3.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9630	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9630	Trust: 0.8
url:	http://www.pdqinc.com/	Trust: 0.3

sources: CNVD: CNVD-2017-23006 // VULHUB: VHN-117833 // BID: 100133 // JVNDB: JVNDB-2017-007166 // CNNVD: CNNVD-201708-155 // NVD: CVE-2017-9630

CREDITS

Billy Rios and Jonathan Butts of WhiteScope and independent security researcher Terry McCorkle.

Trust: 0.3

sources: BID: 100133

SOURCES

db:	IVD	id:	636a6fd1-d79a-40a5-9522-e6e1373e1d08
db:	CNVD	id:	CNVD-2017-23006
db:	VULHUB	id:	VHN-117833
db:	BID	id:	100133
db:	JVNDB	id:	JVNDB-2017-007166
db:	CNNVD	id:	CNNVD-201708-155
db:	NVD	id:	CVE-2017-9630

LAST UPDATE DATE

2025-04-20T23:32:05.994000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-23006	date:	2017-08-26T00:00:00
db:	VULHUB	id:	VHN-117833	date:	2019-10-09T00:00:00
db:	BID	id:	100133	date:	2017-07-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-007166	date:	2017-09-12T00:00:00
db:	CNNVD	id:	CNNVD-201708-155	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-9630	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	636a6fd1-d79a-40a5-9522-e6e1373e1d08	date:	2017-08-26T00:00:00
db:	CNVD	id:	CNVD-2017-23006	date:	2017-08-26T00:00:00
db:	VULHUB	id:	VHN-117833	date:	2017-08-07T00:00:00
db:	BID	id:	100133	date:	2017-07-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-007166	date:	2017-09-12T00:00:00
db:	CNNVD	id:	CNNVD-201708-155	date:	2017-07-27T00:00:00
db:	NVD	id:	CVE-2017-9630	date:	2017-08-07T08:29:00.370