Sign-up

ID

VAR-201709-1007


CVE

CVE-2017-12731


TITLE

plural OPW Fuel Management Systems SiteSentinel In product SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-007910

DESCRIPTION

A SQL Injection issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. The application is vulnerable to injection of malicious SQL queries via the input from the client. Multiple OPW Products are prone to an SQL-injection vulnerability and an authentication-bypass vulnerability. An attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions, modify the logic of SQL queries, compromise the software, retrieve information, or modify data; other consequences are possible as well. SQL injection vulnerabilities exist in multi-span OPWA products

Trust: 2.7

sources: NVD: CVE-2017-12731 // JVNDB: JVNDB-2017-007910 // CNVD: CNVD-2017-24366 // BID: 100563 // IVD: 4dc34a58-b228-4e9f-8de5-51f6bd15288c // VULHUB: VHN-103283

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 4dc34a58-b228-4e9f-8de5-51f6bd15288c // CNVD: CNVD-2017-24366

AFFECTED PRODUCTS

vendor:opwglobalmodel:sitesentinel integra 500scope:eqversion:191

Trust: 1.6

vendor:opwglobalmodel:sitesentinel integra 100scope:eqversion:191

Trust: 1.6

vendor:opwglobalmodel:sitesentinel integra 100scope:eqversion:195

Trust: 1.6

vendor:opwglobalmodel:sitesentinel integra 500scope:eqversion:189

Trust: 1.6

vendor:opwglobalmodel:sitesentinel isite atgscope:eqversion:195

Trust: 1.6

vendor:opwglobalmodel:sitesentinel integra 500scope:eqversion:16q3.1

Trust: 1.6

vendor:opwglobalmodel:sitesentinel integra 100scope:eqversion:16q3.1

Trust: 1.6

vendor:opwglobalmodel:sitesentinel integra 500scope:eqversion:195

Trust: 1.6

vendor:opwglobalmodel:sitesentinel integra 100scope:eqversion:189

Trust: 1.0

vendor:opwglobalmodel:sitesentinel integra 500scope:lteversion:175

Trust: 1.0

vendor:opwglobalmodel:sitesentinel isite atgscope:eqversion:189

Trust: 1.0

vendor:opwglobalmodel:sitesentinel integra 100scope:lteversion:175

Trust: 1.0

vendor:opwglobalmodel:sitesentinel isite atgscope:eqversion:16q3.1

Trust: 1.0

vendor:opwglobalmodel:sitesentinel isite atgscope:eqversion:191

Trust: 1.0

vendor:opwglobalmodel:sitesentinel isite atgscope:lteversion:175

Trust: 1.0

vendor:opw fuel managementmodel:sitesentinel integra 100scope:eqversion:v16q3.1

Trust: 0.8

vendor:opw fuel managementmodel:sitesentinel integra 100scope:ltversion:v175

Trust: 0.8

vendor:opw fuel managementmodel:sitesentinel integra 100scope:eqversion:v175-v189

Trust: 0.8

vendor:opw fuel managementmodel:sitesentinel integra 100scope:eqversion:v191-v195

Trust: 0.8

vendor:opw fuel managementmodel:sitesentinel integra 500scope:eqversion:v16q3.1

Trust: 0.8

vendor:opw fuel managementmodel:sitesentinel integra 500scope:ltversion:v175

Trust: 0.8

vendor:opw fuel managementmodel:sitesentinel integra 500scope:eqversion:v175-v189

Trust: 0.8

vendor:opw fuel managementmodel:sitesentinel integra 500scope:eqversion:v191-v195

Trust: 0.8

vendor:opw fuel managementmodel:sitesentinel isite atgscope:eqversion:v16q3.1

Trust: 0.8

vendor:opw fuel managementmodel:sitesentinel isite atgscope:ltversion:v175

Trust: 0.8

vendor:opw fuel managementmodel:sitesentinel isite atgscope:eqversion:v175-v189

Trust: 0.8

vendor:opw fuel managementmodel:sitesentinel isite atgscope:eqversion:v191-v195

Trust: 0.8

vendor:opwmodel:fuel management systems sitesentinel isite atgscope:ltversion:v175

Trust: 0.6

vendor:opwmodel:fuel management systems sitesentinel isite atgscope:eqversion:v175-v189

Trust: 0.6

vendor:opwmodel:fuel management systems sitesentinel isite atgscope:eqversion:v191-v195

Trust: 0.6

vendor:opwmodel:fuel management systems sitesentinel isite atg v16q3.1scope: - version: -

Trust: 0.6

vendor:opwmodel:fuel management systems sitesentinel integrascope:eqversion:100<v175

Trust: 0.6

vendor:opwmodel:fuel management systems sitesentinel integrascope:eqversion:100v175-v189

Trust: 0.6

vendor:opwmodel:fuel management systems sitesentinel integrascope:eqversion:100v191-v195

Trust: 0.6

vendor:opwmodel:fuel management systems sitesentinel integra v16q3.1scope:eqversion:100

Trust: 0.6

vendor:opwmodel:fuel management systems sitesentinel integrascope:eqversion:500<v175

Trust: 0.6

vendor:opwmodel:fuel management systems sitesentinel integrascope:eqversion:500v175-v189

Trust: 0.6

vendor:opwmodel:fuel management systems sitesentinel integrascope:eqversion:500v191-v195

Trust: 0.6

vendor:opwmodel:fuel management systems sitesentinel integra v16q3.1scope:eqversion:500

Trust: 0.6

vendor:opwglobalmodel:sitesentinel isite atgscope:eqversion:175

Trust: 0.6

vendor:opwglobalmodel:sitesentinel integra 100scope:eqversion:175

Trust: 0.6

vendor:opwmodel:sitesentinel isite atg consolescope:eqversion:195

Trust: 0.3

vendor:opwmodel:sitesentinel isite atg consolescope:eqversion:191

Trust: 0.3

vendor:opwmodel:sitesentinel isite atg consolescope:eqversion:189

Trust: 0.3

vendor:opwmodel:sitesentinel isite atg consolescope:eqversion:175

Trust: 0.3

vendor:opwmodel:sitesentinel isite atg consolescope:eqversion:170

Trust: 0.3

vendor:opwmodel:sitesentinel isite atg console 16q3.1scope: - version: -

Trust: 0.3

vendor:opwmodel:sitesentinel integra consolescope:eqversion:500195

Trust: 0.3

vendor:opwmodel:sitesentinel integra consolescope:eqversion:500191

Trust: 0.3

vendor:opwmodel:sitesentinel integra consolescope:eqversion:500189

Trust: 0.3

vendor:opwmodel:sitesentinel integra consolescope:eqversion:500175

Trust: 0.3

vendor:opwmodel:sitesentinel integra consolescope:eqversion:500170

Trust: 0.3

vendor:opwmodel:sitesentinel integra console 16q3.1scope:eqversion:500

Trust: 0.3

vendor:opwmodel:sitesentinel integra consolescope:eqversion:100195

Trust: 0.3

vendor:opwmodel:sitesentinel integra consolescope:eqversion:100191

Trust: 0.3

vendor:opwmodel:sitesentinel integra consolescope:eqversion:100189

Trust: 0.3

vendor:opwmodel:sitesentinel integra consolescope:eqversion:100175

Trust: 0.3

vendor:opwmodel:sitesentinel integra consolescope:eqversion:100170

Trust: 0.3

vendor:opwmodel:sitesentinel integra console 16q3.1scope:eqversion:100

Trust: 0.3

vendor:opwmodel:sitesentinel isite atg console 17q2.1scope:neversion: -

Trust: 0.3

vendor:opwmodel:sitesentinel integra console 17q2.1scope:neversion:500

Trust: 0.3

vendor:opwmodel:sitesentinel integra console 17q2.1scope:neversion:100

Trust: 0.3

vendor:sitesentinel isite atgmodel:16q3.1scope: - version: -

Trust: 0.2

vendor:sitesentinel isite atgmodel: - scope:eqversion:*

Trust: 0.2

vendor:sitesentinel isite atgmodel: - scope:eqversion:189

Trust: 0.2

vendor:sitesentinel isite atgmodel: - scope:eqversion:191

Trust: 0.2

vendor:sitesentinel isite atgmodel: - scope:eqversion:195

Trust: 0.2

vendor:sitesentinel integra 500model:16q3.1scope: - version: -

Trust: 0.2

vendor:sitesentinel integra 500model: - scope:eqversion:*

Trust: 0.2

vendor:sitesentinel integra 500model: - scope:eqversion:189

Trust: 0.2

vendor:sitesentinel integra 500model: - scope:eqversion:191

Trust: 0.2

vendor:sitesentinel integra 500model: - scope:eqversion:195

Trust: 0.2

vendor:sitesentinel integra 100model:16q3.1scope: - version: -

Trust: 0.2

vendor:sitesentinel integra 100model: - scope:eqversion:*

Trust: 0.2

vendor:sitesentinel integra 100model: - scope:eqversion:189

Trust: 0.2

vendor:sitesentinel integra 100model: - scope:eqversion:191

Trust: 0.2

vendor:sitesentinel integra 100model: - scope:eqversion:195

Trust: 0.2

sources: IVD: 4dc34a58-b228-4e9f-8de5-51f6bd15288c // CNVD: CNVD-2017-24366 // BID: 100563 // JVNDB: JVNDB-2017-007910 // CNNVD: CNNVD-201709-083 // NVD: CVE-2017-12731

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12731
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-12731
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-24366
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201709-083
value: CRITICAL

Trust: 0.6

IVD: 4dc34a58-b228-4e9f-8de5-51f6bd15288c
value: CRITICAL

Trust: 0.2

VULHUB: VHN-103283
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-12731
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-24366
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:C/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 4dc34a58-b228-4e9f-8de5-51f6bd15288c
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:C/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-103283
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12731
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 4dc34a58-b228-4e9f-8de5-51f6bd15288c // CNVD: CNVD-2017-24366 // VULHUB: VHN-103283 // JVNDB: JVNDB-2017-007910 // CNNVD: CNNVD-201709-083 // NVD: CVE-2017-12731

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-103283 // JVNDB: JVNDB-2017-007910 // NVD: CVE-2017-12731

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-083

TYPE

SQL injection

Trust: 0.8

sources: IVD: 4dc34a58-b228-4e9f-8de5-51f6bd15288c // CNNVD: CNNVD-201709-083

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-007910

PATCH
title:M00-20-4438 - SiteSentinel Integra and iSite Software Upgrade Procedureurl:http://www.opwglobal.com/docs/libraries/manuals/electronic-systems/opw-fms-manuals/m00-20-4438-integra-software-upgrade.pdf?sfvrsn=14
Trust: 0.8
title:Patch for OPW Fuel Management Systems SiteSentinel Integra and SiteSentinel iSite SQL Injection Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/101384
Trust: 0.6
title:Multiple OPW product SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74538
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-24366 // 
            
            
            
            JVNDB: JVNDB-2017-007910 // 
            
            
            
            CNNVD: CNNVD-201709-083

EXTERNAL IDS
db:NVDid:CVE-2017-12731
Trust: 3.6
db:ICS CERTid:ICSA-17-243-04
Trust: 3.4
db:BIDid:100563
Trust: 2.0
db:CNNVDid:CNNVD-201709-083
Trust: 0.9
db:CNVDid:CNVD-2017-24366
Trust: 0.8
db:JVNDBid:JVNDB-2017-007910
Trust: 0.8
db:IVDid:4DC34A58-B228-4E9F-8DE5-51F6BD15288C
Trust: 0.2
db:VULHUBid:VHN-103283
Trust: 0.1
sources:
            
            
            IVD: 4dc34a58-b228-4e9f-8de5-51f6bd15288c // 
            
            
            
            CNVD: CNVD-2017-24366 // 
            
            
            
            VULHUB: VHN-103283 // 
            
            
            
            BID: 100563 // 
            
            
            
            JVNDB: JVNDB-2017-007910 // 
            
            
            
            CNNVD: CNNVD-201709-083 // 
            
            
            
            NVD: CVE-2017-12731

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-17-243-04
Trust: 3.4
url:http://www.securityfocus.com/bid/100563
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12731
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12731
Trust: 0.8
url:http://www.opwglobal.com/
Trust: 0.3
url:http://www.opwglobal.com/docs/libraries/manuals/electronic-systems/opw-fms-manuals/m00-20-4438-integra-software-upgrade.pdf?sfvrsn=14
Trust: 0.3
url:http://www.opwglobal.com/docs/libraries/technical-bulletins/electronic-systems/fuel-control-and-tank-gauging/service-bulletins/sb-ofms-462.pdf
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-24366 // 
            
            
            
            VULHUB: VHN-103283 // 
            
            
            
            BID: 100563 // 
            
            
            
            JVNDB: JVNDB-2017-007910 // 
            
            
            
            CNNVD: CNNVD-201709-083 // 
            
            
            
            NVD: CVE-2017-12731

CREDITS
OPW
Trust: 0.9
sources:
            
            
            BID: 100563 // 
            
            
            
            CNNVD: CNNVD-201709-083

SOURCES
db:IVDid:4dc34a58-b228-4e9f-8de5-51f6bd15288c
db:CNVDid:CNVD-2017-24366
db:VULHUBid:VHN-103283
db:BIDid:100563
db:JVNDBid:JVNDB-2017-007910
db:CNNVDid:CNNVD-201709-083
db:NVDid:CVE-2017-12731

LAST UPDATE DATE
2025-04-20T23:27:16.386000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-24366date:2017-09-02T00:00:00
db:VULHUBid:VHN-103283date:2019-10-09T00:00:00
db:BIDid:100563date:2017-08-30T00:00:00
db:JVNDBid:JVNDB-2017-007910date:2017-10-04T00:00:00
db:CNNVDid:CNNVD-201709-083date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12731date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:IVDid:4dc34a58-b228-4e9f-8de5-51f6bd15288cdate:2017-09-02T00:00:00
db:CNVDid:CNVD-2017-24366date:2017-09-01T00:00:00
db:VULHUBid:VHN-103283date:2017-09-09T00:00:00
db:BIDid:100563date:2017-08-30T00:00:00
db:JVNDBid:JVNDB-2017-007910date:2017-10-04T00:00:00
db:CNNVDid:CNNVD-201709-083date:2017-08-30T00:00:00
db:NVDid:CVE-2017-12731date:2017-09-09T01:29:02.393