ID

VAR-201709-1004


CVE

CVE-2017-12699


TITLE

AzeoTech DAQFactory Permissions vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-007995

DESCRIPTION

An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones. AzeoTech DAQFactory Contains a permission vulnerability.Information may be obtained and information may be altered. AzeoTech DAQFactory is an HMI/SCADA software. AzeoTech DAQFactory has an unauthorized modification vulnerability that can be replaced or modified by a local non-administrative user. AzeoTech DAQFactory is prone to multiple security vulnerabilities. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications or bypass certain security restrictions and perform unauthorized actions. Versions prior to DAQFactory 17.1 are vulnerable

Trust: 2.61

sources: NVD: CVE-2017-12699 // JVNDB: JVNDB-2017-007995 // CNVD: CNVD-2017-23889 // BID: 100522 // IVD: 3eb14e05-8b6e-4072-b09a-1fa9b86f3b73

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 3eb14e05-8b6e-4072-b09a-1fa9b86f3b73 // CNVD: CNVD-2017-23889

AFFECTED PRODUCTS

vendor:azeotechmodel:daqfactoryscope:ltversion:17.1

Trust: 1.4

vendor:azeotechmodel:daqfactoryscope:lteversion:16.3

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:16.3

Trust: 0.9

vendor:azeotechmodel:daqfactoryscope:eqversion:5.91

Trust: 0.3

vendor:azeotechmodel:daqfactoryscope:eqversion:5.90

Trust: 0.3

vendor:azeotechmodel:daqfactoryscope:eqversion:5.86

Trust: 0.3

vendor:azeotechmodel:daqfactoryscope:eqversion:5.85

Trust: 0.3

vendor:azeotechmodel:daqfactoryscope:eqversion:5.84

Trust: 0.3

vendor:azeotechmodel:daqfactoryscope:eqversion:5.83

Trust: 0.3

vendor:azeotechmodel:daqfactoryscope:eqversion:16.2

Trust: 0.3

vendor:azeotechmodel:daqfactoryscope:eqversion:16.1

Trust: 0.3

vendor:azeotechmodel:daqfactoryscope:neversion:17.1

Trust: 0.3

vendor:daqfactorymodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 3eb14e05-8b6e-4072-b09a-1fa9b86f3b73 // CNVD: CNVD-2017-23889 // BID: 100522 // JVNDB: JVNDB-2017-007995 // CNNVD: CNNVD-201709-087 // NVD: CVE-2017-12699

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12699
value: HIGH

Trust: 1.0

NVD: CVE-2017-12699
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-23889
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201709-087
value: HIGH

Trust: 0.6

IVD: 3eb14e05-8b6e-4072-b09a-1fa9b86f3b73
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2017-12699
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-23889
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 3eb14e05-8b6e-4072-b09a-1fa9b86f3b73
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2017-12699
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: IVD: 3eb14e05-8b6e-4072-b09a-1fa9b86f3b73 // CNVD: CNVD-2017-23889 // JVNDB: JVNDB-2017-007995 // CNNVD: CNNVD-201709-087 // NVD: CVE-2017-12699

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.0

problemtype:CWE-275

Trust: 0.8

sources: JVNDB: JVNDB-2017-007995 // NVD: CVE-2017-12699

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201709-087

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201709-087

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007995

PATCH

title:Top Pageurl:http://www.azeotech.com/daqfactory.php

Trust: 0.8

title:AzeoTech DAQFactory is not authorized to modify the patch for the vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/101184

Trust: 0.6

title:AzeoTech DAQFactory Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74542

Trust: 0.6

sources: CNVD: CNVD-2017-23889 // JVNDB: JVNDB-2017-007995 // CNNVD: CNNVD-201709-087

EXTERNAL IDS

db:NVDid:CVE-2017-12699

Trust: 3.5

db:ICS CERTid:ICSA-17-241-01

Trust: 3.3

db:BIDid:100522

Trust: 1.9

db:CNVDid:CNVD-2017-23889

Trust: 0.8

db:CNNVDid:CNNVD-201709-087

Trust: 0.8

db:JVNDBid:JVNDB-2017-007995

Trust: 0.8

db:IVDid:3EB14E05-8B6E-4072-B09A-1FA9B86F3B73

Trust: 0.2

sources: IVD: 3eb14e05-8b6e-4072-b09a-1fa9b86f3b73 // CNVD: CNVD-2017-23889 // BID: 100522 // JVNDB: JVNDB-2017-007995 // CNNVD: CNNVD-201709-087 // NVD: CVE-2017-12699

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-17-241-01

Trust: 3.3

url:http://www.securityfocus.com/bid/100522

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12699

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-12699

Trust: 0.8

url:http://www.azeotech.com/index.php

Trust: 0.3

url:https://www.azeotech.com/j/revision-history.html

Trust: 0.3

sources: CNVD: CNVD-2017-23889 // BID: 100522 // JVNDB: JVNDB-2017-007995 // CNNVD: CNNVD-201709-087 // NVD: CVE-2017-12699

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 100522

SOURCES

db:IVDid:3eb14e05-8b6e-4072-b09a-1fa9b86f3b73
db:CNVDid:CNVD-2017-23889
db:BIDid:100522
db:JVNDBid:JVNDB-2017-007995
db:CNNVDid:CNNVD-201709-087
db:NVDid:CVE-2017-12699

LAST UPDATE DATE

2025-04-20T23:25:57.059000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-23889date:2017-08-30T00:00:00
db:BIDid:100522date:2017-08-29T00:00:00
db:JVNDBid:JVNDB-2017-007995date:2017-10-05T00:00:00
db:CNNVDid:CNNVD-201709-087date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12699date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:IVDid:3eb14e05-8b6e-4072-b09a-1fa9b86f3b73date:2017-08-30T00:00:00
db:CNVDid:CNVD-2017-23889date:2017-08-30T00:00:00
db:BIDid:100522date:2017-08-29T00:00:00
db:JVNDBid:JVNDB-2017-007995date:2017-10-05T00:00:00
db:CNNVDid:CNNVD-201709-087date:2017-08-29T00:00:00
db:NVDid:CVE-2017-12699date:2017-09-09T01:29:02.363