Details of VAR-201710-1320

ID

VAR-201710-1320

CVE

CVE-2017-9628

TITLE

Saia Burgess Controls PCD Controllers Information Disclosure Vulnerability

Trust: 0.8

sources: IVD: e2ad4f5b-4934-4cfe-8e55-4b4f42ca85d6 // CNVD: CNVD-2017-27960

DESCRIPTION

An Information Exposure issue was discovered in Saia Burgess Controls PCD Controllers with PCD firmware versions prior to 1.28.16 or 1.24.69. In certain circumstances, the device pads Ethernet frames with memory contents. PCD is prone to an unspecified information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Versions prior to PCD 1.28.16 or 1.24.69 are vulnerable

Trust: 2.7

sources: NVD: CVE-2017-9628 // JVNDB: JVNDB-2017-009260 // CNVD: CNVD-2017-27960 // BID: 100949 // IVD: e2ad4f5b-4934-4cfe-8e55-4b4f42ca85d6 // VULHUB: VHN-117831

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2ad4f5b-4934-4cfe-8e55-4b4f42ca85d6 // CNVD: CNVD-2017-27960

AFFECTED PRODUCTS

vendor:	saia burgess controls	model:	pcd controllers	scope:	lte	version:	1.28.11	Trust: 1.0
vendor:	saia burgess controls	model:	pcd controllers	scope:	lte	version:	1.24.67	Trust: 1.0
vendor:	saia burgess controls	model:	pcd controllers	scope:	lt	version:	1.24.69	Trust: 0.8
vendor:	saia burgess controls	model:	pcd controllers	scope:	lt	version:	1.28.16	Trust: 0.8
vendor:	saia	model:	burgess controls pcd controllers	scope:	lt	version:	1.28.16	Trust: 0.6
vendor:	saia	model:	burgess controls pcd controllers	scope:	lt	version:	1.24.69	Trust: 0.6
vendor:	saia burgess controls	model:	pcd controllers	scope:	eq	version:	1.28.11	Trust: 0.6
vendor:	saia burgess controls	model:	pcd controllers	scope:	eq	version:	1.24.67	Trust: 0.6
vendor:	pcd controllers	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	saia	model:	burgess controls pcd	scope:	eq	version:	1.28	Trust: 0.3
vendor:	saia	model:	burgess controls pcd	scope:	eq	version:	1.24	Trust: 0.3
vendor:	saia	model:	burgess controls pcd	scope:	ne	version:	1.28.16	Trust: 0.3
vendor:	saia	model:	burgess controls pcd	scope:	ne	version:	1.24.69	Trust: 0.3

sources: IVD: e2ad4f5b-4934-4cfe-8e55-4b4f42ca85d6 // CNVD: CNVD-2017-27960 // BID: 100949 // JVNDB: JVNDB-2017-009260 // CNNVD: CNNVD-201709-1087 // NVD: CVE-2017-9628

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-9628
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-9628
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-27960
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201709-1087
value:	MEDIUM
Trust: 0.6
IVD:	e2ad4f5b-4934-4cfe-8e55-4b4f42ca85d6
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-117831
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-9628
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-27960
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2ad4f5b-4934-4cfe-8e55-4b4f42ca85d6
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-117831
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-9628
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: IVD: e2ad4f5b-4934-4cfe-8e55-4b4f42ca85d6 // CNVD: CNVD-2017-27960 // VULHUB: VHN-117831 // JVNDB: JVNDB-2017-009260 // CNNVD: CNNVD-201709-1087 // NVD: CVE-2017-9628

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-117831 // JVNDB: JVNDB-2017-009260 // NVD: CVE-2017-9628

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-1087

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201709-1087

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009260

PATCH

title:	Top Page	url:	https://www.saia-pcd.com/	Trust: 0.8
title:	Saia Burgess Controls PCD Controllers Information Disclosure Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/102633	Trust: 0.6
title:	Saia Burgess Controls PCD Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75075	Trust: 0.6

sources: CNVD: CNVD-2017-27960 // JVNDB: JVNDB-2017-009260 // CNNVD: CNNVD-201709-1087

EXTERNAL IDS

db:	NVD	id:	CVE-2017-9628	Trust: 3.6
db:	ICS CERT	id:	ICSA-17-234-05	Trust: 3.4
db:	BID	id:	100949	Trust: 2.0
db:	CNNVD	id:	CNNVD-201709-1087	Trust: 0.9
db:	CNVD	id:	CNVD-2017-27960	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-009260	Trust: 0.8
db:	IVD	id:	E2AD4F5B-4934-4CFE-8E55-4B4F42CA85D6	Trust: 0.2
db:	VULHUB	id:	VHN-117831	Trust: 0.1

sources: IVD: e2ad4f5b-4934-4cfe-8e55-4b4f42ca85d6 // CNVD: CNVD-2017-27960 // VULHUB: VHN-117831 // BID: 100949 // JVNDB: JVNDB-2017-009260 // CNNVD: CNNVD-201709-1087 // NVD: CVE-2017-9628

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-234-05	Trust: 3.4
url:	http://www.securityfocus.com/bid/100949	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9628	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9628	Trust: 0.8
url:	https://www.sbc-support.com/en/product-index/	Trust: 0.3

sources: CNVD: CNVD-2017-27960 // VULHUB: VHN-117831 // BID: 100949 // JVNDB: JVNDB-2017-009260 // CNNVD: CNNVD-201709-1087 // NVD: CVE-2017-9628

CREDITS

Davide Fauri of Eindhoven University of Technology

Trust: 0.9

sources: BID: 100949 // CNNVD: CNNVD-201709-1087

SOURCES

db:	IVD	id:	e2ad4f5b-4934-4cfe-8e55-4b4f42ca85d6
db:	CNVD	id:	CNVD-2017-27960
db:	VULHUB	id:	VHN-117831
db:	BID	id:	100949
db:	JVNDB	id:	JVNDB-2017-009260
db:	CNNVD	id:	CNNVD-201709-1087
db:	NVD	id:	CVE-2017-9628

LAST UPDATE DATE

2025-04-20T23:04:03.347000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-27960	date:	2017-09-22T00:00:00
db:	VULHUB	id:	VHN-117831	date:	2019-10-09T00:00:00
db:	BID	id:	100949	date:	2017-09-21T00:00:00
db:	JVNDB	id:	JVNDB-2017-009260	date:	2017-11-07T00:00:00
db:	CNNVD	id:	CNNVD-201709-1087	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-9628	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	e2ad4f5b-4934-4cfe-8e55-4b4f42ca85d6	date:	2017-09-22T00:00:00
db:	CNVD	id:	CNVD-2017-27960	date:	2017-09-22T00:00:00
db:	VULHUB	id:	VHN-117831	date:	2017-10-05T00:00:00
db:	BID	id:	100949	date:	2017-09-21T00:00:00
db:	JVNDB	id:	JVNDB-2017-009260	date:	2017-11-07T00:00:00
db:	CNNVD	id:	CNNVD-201709-1087	date:	2017-09-26T00:00:00
db:	NVD	id:	CVE-2017-9628	date:	2017-10-05T01:29:06.570