Sign-up

ID

VAR-201801-0962


CVE

CVE-2017-12729


TITLE

Moxa SoftCMS Live Viewer SQL Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2017-32444 // CNNVD: CNNVD-201709-179

DESCRIPTION

A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability has been identified. Attackers can exploit this vulnerability to access SoftCMS without knowing the user's password. Moxa SoftCMS Live Viewer is a set of data remote monitoring and debugging software developed by Moxa for industrial automation systems

Trust: 2.43

sources: NVD: CVE-2017-12729 // JVNDB: JVNDB-2017-012106 // CNVD: CNVD-2017-32444 // IVD: 19328f7f-6b4f-4c90-afb2-2a70e0cb7352 // VULHUB: VHN-103280

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 19328f7f-6b4f-4c90-afb2-2a70e0cb7352 // CNVD: CNVD-2017-32444

AFFECTED PRODUCTS

vendor:moxamodel:softcms lab viewscope:lteversion:1.6

Trust: 1.0

vendor:moxamodel:softcmsscope:lteversion:1.6

Trust: 0.8

vendor:moxamodel:softcms live viewerscope:eqversion:0

Trust: 0.6

vendor:moxamodel:softcms lab viewscope:eqversion:1.6

Trust: 0.6

vendor:softcms lab viewmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 19328f7f-6b4f-4c90-afb2-2a70e0cb7352 // CNVD: CNVD-2017-32444 // JVNDB: JVNDB-2017-012106 // CNNVD: CNNVD-201709-179 // NVD: CVE-2017-12729

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12729
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-12729
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-32444
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201709-179
value: CRITICAL

Trust: 0.6

IVD: 19328f7f-6b4f-4c90-afb2-2a70e0cb7352
value: CRITICAL

Trust: 0.2

VULHUB: VHN-103280
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-12729
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-32444
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 19328f7f-6b4f-4c90-afb2-2a70e0cb7352
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-103280
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12729
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 19328f7f-6b4f-4c90-afb2-2a70e0cb7352 // CNVD: CNVD-2017-32444 // VULHUB: VHN-103280 // JVNDB: JVNDB-2017-012106 // CNNVD: CNNVD-201709-179 // NVD: CVE-2017-12729

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-103280 // JVNDB: JVNDB-2017-012106 // NVD: CVE-2017-12729

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-179

TYPE

SQL injection

Trust: 0.8

sources: IVD: 19328f7f-6b4f-4c90-afb2-2a70e0cb7352 // CNNVD: CNNVD-201709-179

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012106

PATCH
title:SoftCMSurl:https://www.moxa.com/product/SoftCMS.htm
Trust: 0.8
title:Moxa SoftCMS Live Viewer SQL Injection Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/105233
Trust: 0.6
title:Moxa SoftCMS Live Viewer SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74556
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-32444 // 
            
            
            
            JVNDB: JVNDB-2017-012106 // 
            
            
            
            CNNVD: CNNVD-201709-179

EXTERNAL IDS
db:NVDid:CVE-2017-12729
Trust: 3.3
db:ICS CERTid:ICSA-17-243-05
Trust: 3.1
db:CNNVDid:CNNVD-201709-179
Trust: 0.9
db:CNVDid:CNVD-2017-32444
Trust: 0.8
db:JVNDBid:JVNDB-2017-012106
Trust: 0.8
db:IVDid:19328F7F-6B4F-4C90-AFB2-2A70E0CB7352
Trust: 0.2
db:VULHUBid:VHN-103280
Trust: 0.1
sources:
            
            
            IVD: 19328f7f-6b4f-4c90-afb2-2a70e0cb7352 // 
            
            
            
            CNVD: CNVD-2017-32444 // 
            
            
            
            VULHUB: VHN-103280 // 
            
            
            
            JVNDB: JVNDB-2017-012106 // 
            
            
            
            CNNVD: CNNVD-201709-179 // 
            
            
            
            NVD: CVE-2017-12729

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-17-243-05
Trust: 3.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12729
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12729
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-32444 // 
            
            
            
            VULHUB: VHN-103280 // 
            
            
            
            JVNDB: JVNDB-2017-012106 // 
            
            
            
            CNNVD: CNNVD-201709-179 // 
            
            
            
            NVD: CVE-2017-12729

SOURCES
db:IVDid:19328f7f-6b4f-4c90-afb2-2a70e0cb7352
db:CNVDid:CNVD-2017-32444
db:VULHUBid:VHN-103280
db:JVNDBid:JVNDB-2017-012106
db:CNNVDid:CNNVD-201709-179
db:NVDid:CVE-2017-12729

LAST UPDATE DATE
2024-11-23T21:53:41.870000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-32444date:2017-11-02T00:00:00
db:VULHUBid:VHN-103280date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2017-012106date:2018-02-21T00:00:00
db:CNNVDid:CNNVD-201709-179date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12729date:2024-11-21T03:10:06.533

SOURCES RELEASE DATE
db:IVDid:19328f7f-6b4f-4c90-afb2-2a70e0cb7352date:2017-11-02T00:00:00
db:CNVDid:CNVD-2017-32444date:2017-11-02T00:00:00
db:VULHUBid:VHN-103280date:2018-01-18T00:00:00
db:JVNDBid:JVNDB-2017-012106date:2018-02-21T00:00:00
db:CNNVDid:CNNVD-201709-179date:2017-09-07T00:00:00
db:NVDid:CVE-2017-12729date:2018-01-18T19:29:00.237