Sign-up

ID

VAR-201709-1008


CVE

CVE-2017-12733


TITLE

plural OPW Fuel Management Systems SiteSentinel Vulnerability related to lack of certification for critical functions in the product

Trust: 0.8

sources: JVNDB: JVNDB-2017-007911

DESCRIPTION

A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An attacker may create an application user account to gain administrative privileges. Multiple OPW Products are prone to an SQL-injection vulnerability and an authentication-bypass vulnerability. An attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions, modify the logic of SQL queries, compromise the software, retrieve information, or modify data; other consequences are possible as well. The following products and versions are vulnerable: SiteSentinel Integra 100 Console prior to 175, 175 through 189, 191 through 195 and 16Q3.1 SiteSentinel Integra 500 Console prior to 175, 175 through 189, 191 through 195 and 16Q3.1 SiteSentinel iSite ATG Console prior to 175, 175 through 189, 191 through 195 and 16Q3.1. Several OPW products have authentication bypass vulnerabilities

Trust: 2.79

sources: NVD: CVE-2017-12733 // JVNDB: JVNDB-2017-007911 // CNVD: CNVD-2017-24367 // BID: 100563 // IVD: ed1d7081-51f5-4c7d-9067-973dbf8e3b1f // VULHUB: VHN-103285 // VULMON: CVE-2017-12733

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: ed1d7081-51f5-4c7d-9067-973dbf8e3b1f // CNVD: CNVD-2017-24367

AFFECTED PRODUCTS

vendor:opwglobalmodel:sitesentinel integra 500scope:eqversion:191

Trust: 1.6

vendor:opwglobalmodel:sitesentinel integra 100scope:eqversion:191

Trust: 1.6

vendor:opwglobalmodel:sitesentinel integra 100scope:eqversion:195

Trust: 1.6

vendor:opwglobalmodel:sitesentinel integra 500scope:eqversion:189

Trust: 1.6

vendor:opwglobalmodel:sitesentinel integra 500scope:eqversion:16q3.1

Trust: 1.6

vendor:opwglobalmodel:sitesentinel integra 100scope:eqversion:189

Trust: 1.6

vendor:opwglobalmodel:sitesentinel integra 100scope:eqversion:16q3.1

Trust: 1.6

vendor:opwglobalmodel:sitesentinel integra 500scope:eqversion:195

Trust: 1.6

vendor:opwglobalmodel:sitesentinel integra 500scope:lteversion:175

Trust: 1.0

vendor:opwglobalmodel:sitesentinel isite atgscope:eqversion:189

Trust: 1.0

vendor:opwglobalmodel:sitesentinel integra 100scope:lteversion:175

Trust: 1.0

vendor:opwglobalmodel:sitesentinel isite atgscope:eqversion:16q3.1

Trust: 1.0

vendor:opwglobalmodel:sitesentinel isite atgscope:eqversion:191

Trust: 1.0

vendor:opwglobalmodel:sitesentinel isite atgscope:eqversion:195

Trust: 1.0

vendor:opwglobalmodel:sitesentinel isite atgscope:lteversion:175

Trust: 1.0

vendor:opw fuel managementmodel:sitesentinel integra 100scope:eqversion:v16q3.1

Trust: 0.8

vendor:opw fuel managementmodel:sitesentinel integra 100scope:ltversion:v175

Trust: 0.8

vendor:opw fuel managementmodel:sitesentinel integra 100scope:eqversion:v175-v189

Trust: 0.8

vendor:opw fuel managementmodel:sitesentinel integra 100scope:eqversion:v191-v195

Trust: 0.8

vendor:opw fuel managementmodel:sitesentinel integra 500scope:eqversion:v16q3.1

Trust: 0.8

vendor:opw fuel managementmodel:sitesentinel integra 500scope:ltversion:v175

Trust: 0.8

vendor:opw fuel managementmodel:sitesentinel integra 500scope:eqversion:v175-v189

Trust: 0.8

vendor:opw fuel managementmodel:sitesentinel integra 500scope:eqversion:v191-v195

Trust: 0.8

vendor:opw fuel managementmodel:sitesentinel isite atgscope:eqversion:v16q3.1

Trust: 0.8

vendor:opw fuel managementmodel:sitesentinel isite atgscope:ltversion:v175

Trust: 0.8

vendor:opw fuel managementmodel:sitesentinel isite atgscope:eqversion:v175-v189

Trust: 0.8

vendor:opw fuel managementmodel:sitesentinel isite atgscope:eqversion:v191-v195

Trust: 0.8

vendor:opwmodel:fuel management systems sitesentinel isite atgscope:ltversion:v175

Trust: 0.6

vendor:opwmodel:fuel management systems sitesentinel isite atgscope:eqversion:v175-v189

Trust: 0.6

vendor:opwmodel:fuel management systems sitesentinel isite atgscope:eqversion:v191-v195

Trust: 0.6

vendor:opwmodel:fuel management systems sitesentinel isite atg v16q3.1scope: - version: -

Trust: 0.6

vendor:opwmodel:fuel management systems sitesentinel integrascope:eqversion:100<v175

Trust: 0.6

vendor:opwmodel:fuel management systems sitesentinel integrascope:eqversion:100v175-v189

Trust: 0.6

vendor:opwmodel:fuel management systems sitesentinel integrascope:eqversion:100v191-v195

Trust: 0.6

vendor:opwmodel:fuel management systems sitesentinel integra v16q3.1scope:eqversion:100

Trust: 0.6

vendor:opwmodel:fuel management systems sitesentinel integrascope:eqversion:500<v175

Trust: 0.6

vendor:opwmodel:fuel management systems sitesentinel integrascope:eqversion:500v175-v189

Trust: 0.6

vendor:opwmodel:fuel management systems sitesentinel integrascope:eqversion:500v191-v195

Trust: 0.6

vendor:opwmodel:fuel management systems sitesentinel integra v16q3.1scope:eqversion:500

Trust: 0.6

vendor:opwglobalmodel:sitesentinel integra 500scope:eqversion:175

Trust: 0.6

vendor:opwglobalmodel:sitesentinel integra 100scope:eqversion:175

Trust: 0.6

vendor:opwmodel:sitesentinel isite atg consolescope:eqversion:195

Trust: 0.3

vendor:opwmodel:sitesentinel isite atg consolescope:eqversion:191

Trust: 0.3

vendor:opwmodel:sitesentinel isite atg consolescope:eqversion:189

Trust: 0.3

vendor:opwmodel:sitesentinel isite atg consolescope:eqversion:175

Trust: 0.3

vendor:opwmodel:sitesentinel isite atg consolescope:eqversion:170

Trust: 0.3

vendor:opwmodel:sitesentinel isite atg console 16q3.1scope: - version: -

Trust: 0.3

vendor:opwmodel:sitesentinel integra consolescope:eqversion:500195

Trust: 0.3

vendor:opwmodel:sitesentinel integra consolescope:eqversion:500191

Trust: 0.3

vendor:opwmodel:sitesentinel integra consolescope:eqversion:500189

Trust: 0.3

vendor:opwmodel:sitesentinel integra consolescope:eqversion:500175

Trust: 0.3

vendor:opwmodel:sitesentinel integra consolescope:eqversion:500170

Trust: 0.3

vendor:opwmodel:sitesentinel integra console 16q3.1scope:eqversion:500

Trust: 0.3

vendor:opwmodel:sitesentinel integra consolescope:eqversion:100195

Trust: 0.3

vendor:opwmodel:sitesentinel integra consolescope:eqversion:100191

Trust: 0.3

vendor:opwmodel:sitesentinel integra consolescope:eqversion:100189

Trust: 0.3

vendor:opwmodel:sitesentinel integra consolescope:eqversion:100175

Trust: 0.3

vendor:opwmodel:sitesentinel integra consolescope:eqversion:100170

Trust: 0.3

vendor:opwmodel:sitesentinel integra console 16q3.1scope:eqversion:100

Trust: 0.3

vendor:opwmodel:sitesentinel isite atg console 17q2.1scope:neversion: -

Trust: 0.3

vendor:opwmodel:sitesentinel integra console 17q2.1scope:neversion:500

Trust: 0.3

vendor:opwmodel:sitesentinel integra console 17q2.1scope:neversion:100

Trust: 0.3

vendor:sitesentinel isite atgmodel:16q3.1scope: - version: -

Trust: 0.2

vendor:sitesentinel isite atgmodel: - scope:eqversion:*

Trust: 0.2

vendor:sitesentinel isite atgmodel: - scope:eqversion:189

Trust: 0.2

vendor:sitesentinel isite atgmodel: - scope:eqversion:191

Trust: 0.2

vendor:sitesentinel isite atgmodel: - scope:eqversion:195

Trust: 0.2

vendor:sitesentinel integra 500model:16q3.1scope: - version: -

Trust: 0.2

vendor:sitesentinel integra 500model: - scope:eqversion:*

Trust: 0.2

vendor:sitesentinel integra 500model: - scope:eqversion:189

Trust: 0.2

vendor:sitesentinel integra 500model: - scope:eqversion:191

Trust: 0.2

vendor:sitesentinel integra 500model: - scope:eqversion:195

Trust: 0.2

vendor:sitesentinel integra 100model:16q3.1scope: - version: -

Trust: 0.2

vendor:sitesentinel integra 100model: - scope:eqversion:*

Trust: 0.2

vendor:sitesentinel integra 100model: - scope:eqversion:189

Trust: 0.2

vendor:sitesentinel integra 100model: - scope:eqversion:191

Trust: 0.2

vendor:sitesentinel integra 100model: - scope:eqversion:195

Trust: 0.2

sources: IVD: ed1d7081-51f5-4c7d-9067-973dbf8e3b1f // CNVD: CNVD-2017-24367 // BID: 100563 // JVNDB: JVNDB-2017-007911 // CNNVD: CNNVD-201709-082 // NVD: CVE-2017-12733

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12733
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-12733
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-24367
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201709-082
value: CRITICAL

Trust: 0.6

IVD: ed1d7081-51f5-4c7d-9067-973dbf8e3b1f
value: CRITICAL

Trust: 0.2

VULHUB: VHN-103285
value: HIGH

Trust: 0.1

VULMON: CVE-2017-12733
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-12733
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-24367
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: ed1d7081-51f5-4c7d-9067-973dbf8e3b1f
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-103285
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12733
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: ed1d7081-51f5-4c7d-9067-973dbf8e3b1f // CNVD: CNVD-2017-24367 // VULHUB: VHN-103285 // VULMON: CVE-2017-12733 // JVNDB: JVNDB-2017-007911 // CNNVD: CNNVD-201709-082 // NVD: CVE-2017-12733

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.9

sources: VULHUB: VHN-103285 // JVNDB: JVNDB-2017-007911 // NVD: CVE-2017-12733

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-082

TYPE

Access control error

Trust: 0.8

sources: IVD: ed1d7081-51f5-4c7d-9067-973dbf8e3b1f // CNNVD: CNNVD-201709-082

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-007911

PATCH
title:M00-20-4438 - SiteSentinel Integra and iSite Software Upgrade Procedureurl:http://www.opwglobal.com/docs/libraries/manuals/electronic-systems/opw-fms-manuals/m00-20-4438-integra-software-upgrade.pdf?sfvrsn=14
Trust: 0.8
title:Patch for OPW Fuel Management Systems SiteSentinel Integra and SiteSentinel iSite Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/101385
Trust: 0.6
title:Multiple OPW Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74537
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-24367 // 
            
            
            
            JVNDB: JVNDB-2017-007911 // 
            
            
            
            CNNVD: CNNVD-201709-082

EXTERNAL IDS
db:NVDid:CVE-2017-12733
Trust: 3.7
db:ICS CERTid:ICSA-17-243-04
Trust: 3.5
db:BIDid:100563
Trust: 2.1
db:CNNVDid:CNNVD-201709-082
Trust: 0.9
db:CNVDid:CNVD-2017-24367
Trust: 0.8
db:JVNDBid:JVNDB-2017-007911
Trust: 0.8
db:IVDid:ED1D7081-51F5-4C7D-9067-973DBF8E3B1F
Trust: 0.2
db:VULHUBid:VHN-103285
Trust: 0.1
db:VULMONid:CVE-2017-12733
Trust: 0.1
sources:
            
            
            IVD: ed1d7081-51f5-4c7d-9067-973dbf8e3b1f // 
            
            
            
            CNVD: CNVD-2017-24367 // 
            
            
            
            VULHUB: VHN-103285 // 
            
            
            
            VULMON: CVE-2017-12733 // 
            
            
            
            BID: 100563 // 
            
            
            
            JVNDB: JVNDB-2017-007911 // 
            
            
            
            CNNVD: CNNVD-201709-082 // 
            
            
            
            NVD: CVE-2017-12733

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-17-243-04
Trust: 3.5
url:http://www.securityfocus.com/bid/100563
Trust: 1.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12733
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12733
Trust: 0.8
url:http://www.opwglobal.com/
Trust: 0.3
url:http://www.opwglobal.com/docs/libraries/manuals/electronic-systems/opw-fms-manuals/m00-20-4438-integra-software-upgrade.pdf?sfvrsn=14
Trust: 0.3
url:http://www.opwglobal.com/docs/libraries/technical-bulletins/electronic-systems/fuel-control-and-tank-gauging/service-bulletins/sb-ofms-462.pdf
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/306.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-24367 // 
            
            
            
            VULHUB: VHN-103285 // 
            
            
            
            VULMON: CVE-2017-12733 // 
            
            
            
            BID: 100563 // 
            
            
            
            JVNDB: JVNDB-2017-007911 // 
            
            
            
            CNNVD: CNNVD-201709-082 // 
            
            
            
            NVD: CVE-2017-12733

CREDITS
OPW
Trust: 0.9
sources:
            
            
            BID: 100563 // 
            
            
            
            CNNVD: CNNVD-201709-082

SOURCES
db:IVDid:ed1d7081-51f5-4c7d-9067-973dbf8e3b1f
db:CNVDid:CNVD-2017-24367
db:VULHUBid:VHN-103285
db:VULMONid:CVE-2017-12733
db:BIDid:100563
db:JVNDBid:JVNDB-2017-007911
db:CNNVDid:CNNVD-201709-082
db:NVDid:CVE-2017-12733

LAST UPDATE DATE
2025-04-20T23:27:16.427000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-24367date:2017-09-02T00:00:00
db:VULHUBid:VHN-103285date:2019-10-09T00:00:00
db:VULMONid:CVE-2017-12733date:2019-10-09T00:00:00
db:BIDid:100563date:2017-08-30T00:00:00
db:JVNDBid:JVNDB-2017-007911date:2017-10-04T00:00:00
db:CNNVDid:CNNVD-201709-082date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12733date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:IVDid:ed1d7081-51f5-4c7d-9067-973dbf8e3b1fdate:2017-09-02T00:00:00
db:CNVDid:CNVD-2017-24367date:2017-09-01T00:00:00
db:VULHUBid:VHN-103285date:2017-09-09T00:00:00
db:VULMONid:CVE-2017-12733date:2017-09-09T00:00:00
db:BIDid:100563date:2017-08-30T00:00:00
db:JVNDBid:JVNDB-2017-007911date:2017-10-04T00:00:00
db:CNNVDid:CNNVD-201709-082date:2017-08-30T00:00:00
db:NVDid:CVE-2017-12733date:2017-09-09T01:29:02.423