Sign-up

ID

VAR-201710-0790


CVE

CVE-2017-13993


TITLE

i-SENS SmartLog Diabetes Management Software Code execution vulnerability

Trust: 0.8

sources: IVD: 78f2231c-fb79-43f8-9428-2a4daaeb1954 // CNVD: CNVD-2017-25724

DESCRIPTION

An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions. An uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system. This vulnerability does not affect the connected blood glucose monitor and would not impact delivery of therapy to the patient. SmartLog Diabetes Management Software is software for tracking and monitoring individual blood glucose levels by connecting a blood glucose meter to a computer via USB. i-SENS SmartLog Diabetes Management Software has a code execution vulnerability

Trust: 2.61

sources: NVD: CVE-2017-13993 // JVNDB: JVNDB-2017-009405 // CNVD: CNVD-2017-25724 // BID: 100659 // IVD: 78f2231c-fb79-43f8-9428-2a4daaeb1954

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 78f2231c-fb79-43f8-9428-2a4daaeb1954 // CNVD: CNVD-2017-25724

AFFECTED PRODUCTS

vendor:i sensmodel:smartlog diabetes management softwarescope:lteversion:2.4.0

Trust: 1.8

vendor:i sensmodel:smartlog diabetes management softwarescope:eqversion:2.4.0

Trust: 0.9

vendor:i sensmodel:smartlog diabetes management softwarescope:lteversion:<=2.4.0

Trust: 0.6

vendor:i sensmodel:smartlog diabetes management softwarescope:neversion:2.4.1

Trust: 0.3

vendor:smartlog diabetes managementmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 78f2231c-fb79-43f8-9428-2a4daaeb1954 // CNVD: CNVD-2017-25724 // BID: 100659 // JVNDB: JVNDB-2017-009405 // CNNVD: CNNVD-201709-527 // NVD: CVE-2017-13993

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-13993
value: HIGH

Trust: 1.0

NVD: CVE-2017-13993
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-25724
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201709-527
value: HIGH

Trust: 0.6

IVD: 78f2231c-fb79-43f8-9428-2a4daaeb1954
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2017-13993
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-25724
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 78f2231c-fb79-43f8-9428-2a4daaeb1954
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2017-13993
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 78f2231c-fb79-43f8-9428-2a4daaeb1954 // CNVD: CNVD-2017-25724 // JVNDB: JVNDB-2017-009405 // CNNVD: CNNVD-201709-527 // NVD: CVE-2017-13993

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.8

problemtype:CWE-428

Trust: 1.0

sources: JVNDB: JVNDB-2017-009405 // NVD: CVE-2017-13993

THREAT TYPE

local

Trust: 0.9

sources: BID: 100659 // CNNVD: CNNVD-201709-527

TYPE

Code problem

Trust: 0.8

sources: IVD: 78f2231c-fb79-43f8-9428-2a4daaeb1954 // CNNVD: CNNVD-201709-527

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009405

PATCH
title:SmartLogurl:http://www.caresens.com.au/products/software/smartlog
Trust: 0.8
title:Patch for i-SENS SmartLog Diabetes Management Software Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/101788
Trust: 0.6
title:i-SENS SmartLog Diabetes Management Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74734
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-25724 // 
            
            
            
            JVNDB: JVNDB-2017-009405 // 
            
            
            
            CNNVD: CNNVD-201709-527

EXTERNAL IDS
db:NVDid:CVE-2017-13993
Trust: 3.5
db:ICS CERTid:ICSMA-17-250-01
Trust: 3.3
db:BIDid:100659
Trust: 1.9
db:CNVDid:CNVD-2017-25724
Trust: 0.8
db:CNNVDid:CNNVD-201709-527
Trust: 0.8
db:JVNDBid:JVNDB-2017-009405
Trust: 0.8
db:IVDid:78F2231C-FB79-43F8-9428-2A4DAAEB1954
Trust: 0.2
sources:
            
            
            IVD: 78f2231c-fb79-43f8-9428-2a4daaeb1954 // 
            
            
            
            CNVD: CNVD-2017-25724 // 
            
            
            
            BID: 100659 // 
            
            
            
            JVNDB: JVNDB-2017-009405 // 
            
            
            
            CNNVD: CNNVD-201709-527 // 
            
            
            
            NVD: CVE-2017-13993

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-17-250-01
Trust: 3.3
url:http://www.securityfocus.com/bid/100659
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13993
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-13993
Trust: 0.8
url:http://www.caresens.com.au/products/software/smartlog
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-25724 // 
            
            
            
            BID: 100659 // 
            
            
            
            JVNDB: JVNDB-2017-009405 // 
            
            
            
            CNNVD: CNNVD-201709-527 // 
            
            
            
            NVD: CVE-2017-13993

CREDITS
Mark Cross
Trust: 0.9
sources:
            
            
            BID: 100659 // 
            
            
            
            CNNVD: CNNVD-201709-527

SOURCES
db:IVDid:78f2231c-fb79-43f8-9428-2a4daaeb1954
db:CNVDid:CNVD-2017-25724
db:BIDid:100659
db:JVNDBid:JVNDB-2017-009405
db:CNNVDid:CNNVD-201709-527
db:NVDid:CVE-2017-13993

LAST UPDATE DATE
2025-04-20T23:12:51.948000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-25724date:2017-09-08T00:00:00
db:BIDid:100659date:2017-09-07T00:00:00
db:JVNDBid:JVNDB-2017-009405date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201709-527date:2019-10-17T00:00:00
db:NVDid:CVE-2017-13993date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:IVDid:78f2231c-fb79-43f8-9428-2a4daaeb1954date:2017-09-08T00:00:00
db:CNVDid:CNVD-2017-25724date:2017-09-08T00:00:00
db:BIDid:100659date:2017-09-07T00:00:00
db:JVNDBid:JVNDB-2017-009405date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201709-527date:2017-09-13T00:00:00
db:NVDid:CVE-2017-13993date:2017-10-05T01:29:05.197