Details of VAR-201712-0121

ID

VAR-201712-0121

CVE

CVE-2017-16731

TITLE

ABB Ellipse Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2017-011780

DESCRIPTION

An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials. ABB Ellipse Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ellipse is an EAM software application for asset-intensive industries. ABB Ellipse has an information disclosure vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks

Trust: 2.7

sources: NVD: CVE-2017-16731 // JVNDB: JVNDB-2017-011780 // CNVD: CNVD-2017-37702 // BID: 102224 // IVD: e2e01d40-39ab-11e9-934f-000c29342cb1 // VULHUB: VHN-107683

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2e01d40-39ab-11e9-934f-000c29342cb1 // CNVD: CNVD-2017-37702

AFFECTED PRODUCTS

vendor:	hitachienergy	model:	ellipse	scope:	lte	version:	8.9.0	Trust: 1.0
vendor:	hitachienergy	model:	ellipse	scope:	gte	version:	8.3.0	Trust: 1.0
vendor:	abb	model:	ellipse	scope:	gte	version:	8.3<=8.9	Trust: 0.8
vendor:	abb	model:	ellipse	scope:	-	version:	-	Trust: 0.8
vendor:	abb	model:	ellipse select	scope:	eq	version:	0	Trust: 0.3
vendor:	abb	model:	ellipse	scope:	eq	version:	8.9	Trust: 0.3
vendor:	abb	model:	ellipse	scope:	eq	version:	8.8	Trust: 0.3
vendor:	abb	model:	ellipse	scope:	eq	version:	8.7	Trust: 0.3
vendor:	abb	model:	ellipse	scope:	eq	version:	8.6	Trust: 0.3
vendor:	abb	model:	ellipse	scope:	eq	version:	8.5	Trust: 0.3
vendor:	abb	model:	ellipse	scope:	eq	version:	8.4	Trust: 0.3
vendor:	abb	model:	ellipse	scope:	eq	version:	8.3	Trust: 0.3
vendor:	abb	model:	ellipse release	scope:	ne	version:	8.9.67	Trust: 0.3
vendor:	abb	model:	ellipse release	scope:	ne	version:	8.8.127	Trust: 0.3
vendor:	abb	model:	ellipse release	scope:	ne	version:	8.7.187	Trust: 0.3
vendor:	abb	model:	ellipse release	scope:	ne	version:	8.6.215	Trust: 0.3
vendor:	abb	model:	ellipse release	scope:	ne	version:	8.5.267	Trust: 0.3

sources: IVD: e2e01d40-39ab-11e9-934f-000c29342cb1 // CNVD: CNVD-2017-37702 // BID: 102224 // JVNDB: JVNDB-2017-011780 // NVD: CVE-2017-16731

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-16731
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-16731
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-37702
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201712-746
value:	HIGH
Trust: 0.6
IVD:	e2e01d40-39ab-11e9-934f-000c29342cb1
value:	HIGH
Trust: 0.2
VULHUB:	VHN-107683
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-16731
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	5.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-37702
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:C/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2e01d40-39ab-11e9-934f-000c29342cb1
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:C/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-107683
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	5.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-16731
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: e2e01d40-39ab-11e9-934f-000c29342cb1 // CNVD: CNVD-2017-37702 // VULHUB: VHN-107683 // JVNDB: JVNDB-2017-011780 // CNNVD: CNNVD-201712-746 // NVD: CVE-2017-16731

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-523	Trust: 1.0
problemtype:	CWE-255	Trust: 0.9

sources: VULHUB: VHN-107683 // JVNDB: JVNDB-2017-011780 // NVD: CVE-2017-16731

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201712-746

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201712-746

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-011780

PATCH

title:	Top Page	url:	http://new.abb.com/	Trust: 0.8
title:	ABB Ellipse information leaking hole patch patch	url:	https://www.cnvd.org.cn/patchInfo/show/111305	Trust: 0.6
title:	ABB Ellipse Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77238	Trust: 0.6

sources: CNVD: CNVD-2017-37702 // JVNDB: JVNDB-2017-011780 // CNNVD: CNNVD-201712-746

EXTERNAL IDS

db:	NVD	id:	CVE-2017-16731	Trust: 3.6
db:	ICS CERT	id:	ICSA-17-353-01	Trust: 3.4
db:	BID	id:	102224	Trust: 1.0
db:	CNNVD	id:	CNNVD-201712-746	Trust: 0.9
db:	CNVD	id:	CNVD-2017-37702	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-011780	Trust: 0.8
db:	IVD	id:	E2E01D40-39AB-11E9-934F-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-107683	Trust: 0.1

sources: IVD: e2e01d40-39ab-11e9-934f-000c29342cb1 // CNVD: CNVD-2017-37702 // VULHUB: VHN-107683 // BID: 102224 // JVNDB: JVNDB-2017-011780 // CNNVD: CNNVD-201712-746 // NVD: CVE-2017-16731

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-353-01	Trust: 3.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16731	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-16731	Trust: 0.8
url:	https://www.securityfocus.com/bid/102224	Trust: 0.6
url:	http://www.abb.com/	Trust: 0.3

sources: CNVD: CNVD-2017-37702 // VULHUB: VHN-107683 // BID: 102224 // JVNDB: JVNDB-2017-011780 // CNNVD: CNNVD-201712-746 // NVD: CVE-2017-16731

CREDITS

ABB

Trust: 0.6

sources: CNNVD: CNNVD-201712-746

SOURCES

db:	IVD	id:	e2e01d40-39ab-11e9-934f-000c29342cb1
db:	CNVD	id:	CNVD-2017-37702
db:	VULHUB	id:	VHN-107683
db:	BID	id:	102224
db:	JVNDB	id:	JVNDB-2017-011780
db:	CNNVD	id:	CNNVD-201712-746
db:	NVD	id:	CVE-2017-16731

LAST UPDATE DATE

2025-04-20T23:34:15.656000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-37702	date:	2017-12-21T00:00:00
db:	VULHUB	id:	VHN-107683	date:	2019-10-09T00:00:00
db:	BID	id:	102224	date:	2017-12-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-011780	date:	2018-01-26T00:00:00
db:	CNNVD	id:	CNNVD-201712-746	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-16731	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	IVD	id:	e2e01d40-39ab-11e9-934f-000c29342cb1	date:	2017-12-21T00:00:00
db:	CNVD	id:	CNVD-2017-37702	date:	2017-12-21T00:00:00
db:	VULHUB	id:	VHN-107683	date:	2017-12-20T00:00:00
db:	BID	id:	102224	date:	2017-12-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-011780	date:	2018-01-26T00:00:00
db:	CNNVD	id:	CNNVD-201712-746	date:	2017-12-21T00:00:00
db:	NVD	id:	CVE-2017-16731	date:	2017-12-20T19:29:00.287