Details of VAR-201708-1417

ID

VAR-201708-1417

CVE

CVE-2017-9632

TITLE

plural PDQ Manufacturing Cryptographic vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-007167

DESCRIPTION

A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, LaserJet, all versions, ProTouch Tandem, all versions, ProTouch ICON, all versions, and ProTouch AutoGloss, all versions. The username and password are transmitted insecurely. plural PDQ Manufacturing The product contains cryptographic vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PDQ Manufacturing LaserWash G5 and others are all automotive automatic cleaning equipment from PDQ Manufacturing. There are security vulnerabilities in several PDQ products due to the failure of the program to pass the username and password in a secure manner. An attacker can use this vulnerability to gain access to the system and issue commands that affect the normal operation of the system. An authentication bypass vulnerability 2

Trust: 2.7

sources: NVD: CVE-2017-9632 // JVNDB: JVNDB-2017-007167 // CNVD: CNVD-2017-23005 // BID: 100133 // IVD: 2ccb15ea-1cc2-462e-abc8-c9dbd66ea3d3 // VULHUB: VHN-117835

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 2ccb15ea-1cc2-462e-abc8-c9dbd66ea3d3 // CNVD: CNVD-2017-23005

AFFECTED PRODUCTS

vendor:	pdqinc	model:	laserwash autoxpress plus	scope:	eq	version:	-	Trust: 1.6
vendor:	pdqinc	model:	laserjet	scope:	eq	version:	-	Trust: 1.6
vendor:	pdqinc	model:	laserwash g5 s	scope:	eq	version:	-	Trust: 1.6
vendor:	pdqinc	model:	protouch tandem	scope:	eq	version:	-	Trust: 1.6
vendor:	pdqinc	model:	laserwash 360 plus	scope:	eq	version:	-	Trust: 1.6
vendor:	pdqinc	model:	laserwash m5	scope:	eq	version:	-	Trust: 1.6
vendor:	pdqinc	model:	laserwash 360	scope:	eq	version:	-	Trust: 1.6
vendor:	pdqinc	model:	protouch icon	scope:	eq	version:	-	Trust: 1.6
vendor:	pdqinc	model:	protouch autogloss	scope:	eq	version:	-	Trust: 1.6
vendor:	pdqinc	model:	laserwash autoxpress	scope:	eq	version:	-	Trust: 1.6
vendor:	pdqinc	model:	laserwash g5	scope:	eq	version:	-	Trust: 1.0
vendor:	pdq manufacturing	model:	laserjet	scope:	eq	version:	-	Trust: 0.8
vendor:	pdq manufacturing	model:	laserwash 360 plus	scope:	eq	version:	-	Trust: 0.8
vendor:	pdq manufacturing	model:	laserwash 360	scope:	eq	version:	-	Trust: 0.8
vendor:	pdq manufacturing	model:	laserwash autoexpress plus	scope:	eq	version:	-	Trust: 0.8
vendor:	pdq manufacturing	model:	laserwash autoxpress	scope:	eq	version:	-	Trust: 0.8
vendor:	pdq manufacturing	model:	laserwash g5 s series	scope:	eq	version:	-	Trust: 0.8
vendor:	pdq manufacturing	model:	laserwash g5	scope:	eq	version:	-	Trust: 0.8
vendor:	pdq manufacturing	model:	laserwash m5	scope:	eq	version:	-	Trust: 0.8
vendor:	pdq manufacturing	model:	protouch autogloss	scope:	eq	version:	-	Trust: 0.8
vendor:	pdq manufacturing	model:	protouch icon	scope:	eq	version:	-	Trust: 0.8
vendor:	pdq manufacturing	model:	protouch tandem	scope:	eq	version:	-	Trust: 0.8
vendor:	pdq	model:	manufacturing laserwash g5	scope:	-	version:	-	Trust: 0.6
vendor:	pdq	model:	manufacturing laserwash g5 s	scope:	-	version:	-	Trust: 0.6
vendor:	pdq	model:	manufacturing laserwash m5	scope:	-	version:	-	Trust: 0.6
vendor:	pdq	model:	manufacturing laserwash	scope:	eq	version:	360	Trust: 0.6
vendor:	pdq	model:	manufacturing laserwash plus	scope:	eq	version:	360	Trust: 0.6
vendor:	pdq	model:	manufacturing laserwash autoxpress	scope:	-	version:	-	Trust: 0.6
vendor:	pdq	model:	manufacturing laserwash autoexpress plus	scope:	-	version:	-	Trust: 0.6
vendor:	pdq	model:	manufacturing laserjet	scope:	-	version:	-	Trust: 0.6
vendor:	pdq	model:	manufacturing protouch tandem	scope:	-	version:	-	Trust: 0.6
vendor:	pdq	model:	manufacturing protouch icon	scope:	-	version:	-	Trust: 0.6
vendor:	pdq	model:	manufacturing protouch autogloss	scope:	-	version:	-	Trust: 0.6
vendor:	pdq	model:	manufacturing inc protouch tandem	scope:	eq	version:	0	Trust: 0.3
vendor:	pdq	model:	manufacturing inc protouch icon	scope:	eq	version:	0	Trust: 0.3
vendor:	pdq	model:	manufacturing inc protouch autogloss	scope:	eq	version:	0	Trust: 0.3
vendor:	pdq	model:	manufacturing inc laserwash m5	scope:	eq	version:	0	Trust: 0.3
vendor:	pdq	model:	manufacturing inc laserwash g5 s	scope:	eq	version:	0	Trust: 0.3
vendor:	pdq	model:	manufacturing inc laserwash g5	scope:	eq	version:	0	Trust: 0.3
vendor:	pdq	model:	manufacturing inc laserwash autoxpress	scope:	eq	version:	0	Trust: 0.3
vendor:	pdq	model:	manufacturing inc laserwash autoexpress plus	scope:	eq	version:	0	Trust: 0.3
vendor:	pdq	model:	manufacturing inc laserwash plus	scope:	eq	version:	3600	Trust: 0.3
vendor:	pdq	model:	manufacturing inc laserwash	scope:	eq	version:	3600	Trust: 0.3
vendor:	pdq	model:	manufacturing inc laserjet	scope:	eq	version:	0	Trust: 0.3
vendor:	laserwash g5	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	protouch icon	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	protouch autogloss	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	laserwash g5 s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	laserwash m5	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	laserwash 360	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	laserwash 360 plus	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	laserwash autoxpress	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	laserwash autoxpress plus	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	laserjet	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	protouch tandem	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: 2ccb15ea-1cc2-462e-abc8-c9dbd66ea3d3 // CNVD: CNVD-2017-23005 // BID: 100133 // JVNDB: JVNDB-2017-007167 // CNNVD: CNNVD-201708-154 // NVD: CVE-2017-9632

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-9632
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-9632
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-23005
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201708-154
value:	CRITICAL
Trust: 0.6
IVD:	2ccb15ea-1cc2-462e-abc8-c9dbd66ea3d3
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-117835
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-9632
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-23005
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	2ccb15ea-1cc2-462e-abc8-c9dbd66ea3d3
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-117835
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-9632
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: 2ccb15ea-1cc2-462e-abc8-c9dbd66ea3d3 // CNVD: CNVD-2017-23005 // VULHUB: VHN-117835 // JVNDB: JVNDB-2017-007167 // CNNVD: CNNVD-201708-154 // NVD: CVE-2017-9632

PROBLEMTYPE DATA

problemtype:	CWE-311	Trust: 1.1
problemtype:	CWE-310	Trust: 0.9

sources: VULHUB: VHN-117835 // JVNDB: JVNDB-2017-007167 // NVD: CVE-2017-9632

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-154

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201708-154

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007167

PATCH

title:	Top Page	url:	https://www.pdqinc.com/	Trust: 0.8
title:	Patch for multiple PDQ product rights acquisition vulnerabilities (CNVD-2017-23005)	url:	https://www.cnvd.org.cn/patchInfo/show/100890	Trust: 0.6
title:	Multiple PDQ Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72389	Trust: 0.6

sources: CNVD: CNVD-2017-23005 // JVNDB: JVNDB-2017-007167 // CNNVD: CNNVD-201708-154

EXTERNAL IDS

db:	NVD	id:	CVE-2017-9632	Trust: 3.6
db:	ICS CERT	id:	ICSA-17-208-03	Trust: 3.4
db:	CNNVD	id:	CNNVD-201708-154	Trust: 0.9
db:	CNVD	id:	CNVD-2017-23005	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-007167	Trust: 0.8
db:	BID	id:	100133	Trust: 0.3
db:	IVD	id:	2CCB15EA-1CC2-462E-ABC8-C9DBD66EA3D3	Trust: 0.2
db:	VULHUB	id:	VHN-117835	Trust: 0.1

sources: IVD: 2ccb15ea-1cc2-462e-abc8-c9dbd66ea3d3 // CNVD: CNVD-2017-23005 // VULHUB: VHN-117835 // BID: 100133 // JVNDB: JVNDB-2017-007167 // CNNVD: CNNVD-201708-154 // NVD: CVE-2017-9632

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-208-03	Trust: 3.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9632	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9632	Trust: 0.8
url:	http://www.pdqinc.com/	Trust: 0.3

sources: CNVD: CNVD-2017-23005 // VULHUB: VHN-117835 // BID: 100133 // JVNDB: JVNDB-2017-007167 // CNNVD: CNNVD-201708-154 // NVD: CVE-2017-9632

CREDITS

Billy Rios and Jonathan Butts of WhiteScope and independent security researcher Terry McCorkle.

Trust: 0.3

sources: BID: 100133

SOURCES

db:	IVD	id:	2ccb15ea-1cc2-462e-abc8-c9dbd66ea3d3
db:	CNVD	id:	CNVD-2017-23005
db:	VULHUB	id:	VHN-117835
db:	BID	id:	100133
db:	JVNDB	id:	JVNDB-2017-007167
db:	CNNVD	id:	CNNVD-201708-154
db:	NVD	id:	CVE-2017-9632

LAST UPDATE DATE

2025-04-20T23:32:06.035000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-23005	date:	2017-08-26T00:00:00
db:	VULHUB	id:	VHN-117835	date:	2019-10-09T00:00:00
db:	BID	id:	100133	date:	2017-07-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-007167	date:	2017-09-12T00:00:00
db:	CNNVD	id:	CNNVD-201708-154	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-9632	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	2ccb15ea-1cc2-462e-abc8-c9dbd66ea3d3	date:	2017-08-26T00:00:00
db:	CNVD	id:	CNVD-2017-23005	date:	2017-08-26T00:00:00
db:	VULHUB	id:	VHN-117835	date:	2017-08-07T00:00:00
db:	BID	id:	100133	date:	2017-07-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-007167	date:	2017-09-12T00:00:00
db:	CNNVD	id:	CNNVD-201708-154	date:	2017-07-27T00:00:00
db:	NVD	id:	CVE-2017-9632	date:	2017-08-07T08:29:00.400