Sign-up

ID

VAR-201709-1004


CVE

CVE-2017-12699


TITLE

AzeoTech DAQFactory Permissions vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-007995

DESCRIPTION

An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones. AzeoTech DAQFactory Contains a permission vulnerability.Information may be obtained and information may be altered. AzeoTech DAQFactory is an HMI/SCADA software. AzeoTech DAQFactory has an unauthorized modification vulnerability that can be replaced or modified by a local non-administrative user. AzeoTech DAQFactory is prone to multiple security vulnerabilities. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications or bypass certain security restrictions and perform unauthorized actions. Versions prior to DAQFactory 17.1 are vulnerable

Trust: 2.61

sources: NVD: CVE-2017-12699 // JVNDB: JVNDB-2017-007995 // CNVD: CNVD-2017-23889 // BID: 100522 // IVD: 3eb14e05-8b6e-4072-b09a-1fa9b86f3b73

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 3eb14e05-8b6e-4072-b09a-1fa9b86f3b73 // CNVD: CNVD-2017-23889

AFFECTED PRODUCTS

vendor:azeotechmodel:daqfactoryscope:ltversion:17.1

Trust: 1.4

vendor:azeotechmodel:daqfactoryscope:lteversion:16.3

Trust: 1.0

vendor:azeotechmodel:daqfactoryscope:eqversion:16.3

Trust: 0.9

vendor:azeotechmodel:daqfactoryscope:eqversion:5.91

Trust: 0.3

vendor:azeotechmodel:daqfactoryscope:eqversion:5.90

Trust: 0.3

vendor:azeotechmodel:daqfactoryscope:eqversion:5.86

Trust: 0.3

vendor:azeotechmodel:daqfactoryscope:eqversion:5.85

Trust: 0.3

vendor:azeotechmodel:daqfactoryscope:eqversion:5.84

Trust: 0.3

vendor:azeotechmodel:daqfactoryscope:eqversion:5.83

Trust: 0.3

vendor:azeotechmodel:daqfactoryscope:eqversion:16.2

Trust: 0.3

vendor:azeotechmodel:daqfactoryscope:eqversion:16.1

Trust: 0.3

vendor:azeotechmodel:daqfactoryscope:neversion:17.1

Trust: 0.3

vendor:daqfactorymodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 3eb14e05-8b6e-4072-b09a-1fa9b86f3b73 // CNVD: CNVD-2017-23889 // BID: 100522 // JVNDB: JVNDB-2017-007995 // CNNVD: CNNVD-201709-087 // NVD: CVE-2017-12699

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12699
value: HIGH

Trust: 1.0

NVD: CVE-2017-12699
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-23889
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201709-087
value: HIGH

Trust: 0.6

IVD: 3eb14e05-8b6e-4072-b09a-1fa9b86f3b73
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2017-12699
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-23889
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 3eb14e05-8b6e-4072-b09a-1fa9b86f3b73
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2017-12699
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: IVD: 3eb14e05-8b6e-4072-b09a-1fa9b86f3b73 // CNVD: CNVD-2017-23889 // JVNDB: JVNDB-2017-007995 // CNNVD: CNNVD-201709-087 // NVD: CVE-2017-12699

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.0

problemtype:CWE-275

Trust: 0.8

sources: JVNDB: JVNDB-2017-007995 // NVD: CVE-2017-12699

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201709-087

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201709-087

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-007995

PATCH
title:Top Pageurl:http://www.azeotech.com/daqfactory.php
Trust: 0.8
title:AzeoTech DAQFactory is not authorized to modify the patch for the vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/101184
Trust: 0.6
title:AzeoTech DAQFactory Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74542
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-23889 // 
            
            
            
            JVNDB: JVNDB-2017-007995 // 
            
            
            
            CNNVD: CNNVD-201709-087

EXTERNAL IDS
db:NVDid:CVE-2017-12699
Trust: 3.5
db:ICS CERTid:ICSA-17-241-01
Trust: 3.3
db:BIDid:100522
Trust: 1.9
db:CNVDid:CNVD-2017-23889
Trust: 0.8
db:CNNVDid:CNNVD-201709-087
Trust: 0.8
db:JVNDBid:JVNDB-2017-007995
Trust: 0.8
db:IVDid:3EB14E05-8B6E-4072-B09A-1FA9B86F3B73
Trust: 0.2
sources:
            
            
            IVD: 3eb14e05-8b6e-4072-b09a-1fa9b86f3b73 // 
            
            
            
            CNVD: CNVD-2017-23889 // 
            
            
            
            BID: 100522 // 
            
            
            
            JVNDB: JVNDB-2017-007995 // 
            
            
            
            CNNVD: CNNVD-201709-087 // 
            
            
            
            NVD: CVE-2017-12699

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-17-241-01
Trust: 3.3
url:http://www.securityfocus.com/bid/100522
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12699
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12699
Trust: 0.8
url:http://www.azeotech.com/index.php
Trust: 0.3
url:https://www.azeotech.com/j/revision-history.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-23889 // 
            
            
            
            BID: 100522 // 
            
            
            
            JVNDB: JVNDB-2017-007995 // 
            
            
            
            CNNVD: CNNVD-201709-087 // 
            
            
            
            NVD: CVE-2017-12699

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 100522

SOURCES
db:IVDid:3eb14e05-8b6e-4072-b09a-1fa9b86f3b73
db:CNVDid:CNVD-2017-23889
db:BIDid:100522
db:JVNDBid:JVNDB-2017-007995
db:CNNVDid:CNNVD-201709-087
db:NVDid:CVE-2017-12699

LAST UPDATE DATE
2025-04-20T23:25:57.059000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-23889date:2017-08-30T00:00:00
db:BIDid:100522date:2017-08-29T00:00:00
db:JVNDBid:JVNDB-2017-007995date:2017-10-05T00:00:00
db:CNNVDid:CNNVD-201709-087date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12699date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:IVDid:3eb14e05-8b6e-4072-b09a-1fa9b86f3b73date:2017-08-30T00:00:00
db:CNVDid:CNVD-2017-23889date:2017-08-30T00:00:00
db:BIDid:100522date:2017-08-29T00:00:00
db:JVNDBid:JVNDB-2017-007995date:2017-10-05T00:00:00
db:CNNVDid:CNNVD-201709-087date:2017-08-29T00:00:00
db:NVDid:CVE-2017-12699date:2017-09-09T01:29:02.363