Sign-up

ID

VAR-201802-0616


CVE

CVE-2017-9969


TITLE

Schneider Electric IGSS Mobile Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2018-05675 // CNNVD: CNNVD-201706-1079

DESCRIPTION

An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information. Schneider Electric IGSS Mobile is a set of mobile application for managing IGSS (Shared Services Platform) by Schneider Electric of France. An attacker could use this vulnerability to obtain sensitive information

Trust: 2.52

sources: NVD: CVE-2017-9969 // JVNDB: JVNDB-2017-012625 // CNVD: CNVD-2018-05675 // BID: 103046 // VULMON: CVE-2017-9969

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-05675

AFFECTED PRODUCTS

vendor:schneider electricmodel:igss mobilescope:lteversion:3.01

Trust: 1.8

vendor:schneidermodel:electric igss mobile appscope:lteversion:<=3.01

Trust: 0.6

vendor:schneider electricmodel:igss mobilescope:eqversion:3.01

Trust: 0.6

vendor:schneider electricmodel:igss mobile for iosscope:eqversion:3.01

Trust: 0.3

vendor:schneider electricmodel:igss mobile for androidscope:eqversion:3.01

Trust: 0.3

sources: CNVD: CNVD-2018-05675 // BID: 103046 // JVNDB: JVNDB-2017-012625 // CNNVD: CNNVD-201706-1079 // NVD: CVE-2017-9969

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-9969
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-9969
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-05675
value: LOW

Trust: 0.6

CNNVD: CNNVD-201706-1079
value: MEDIUM

Trust: 0.6

VULMON: CVE-2017-9969
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-9969
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-05675
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-9969
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-05675 // VULMON: CVE-2017-9969 // JVNDB: JVNDB-2017-012625 // CNNVD: CNNVD-201706-1079 // NVD: CVE-2017-9969

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2017-012625 // NVD: CVE-2017-9969

THREAT TYPE

local

Trust: 0.9

sources: BID: 103046 // CNNVD: CNNVD-201706-1079

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201706-1079

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012625

PATCH
title:SEVD-2018-039-02url:https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Id=9561605997&p_File_Name=SEVD-2018-039-02+IGSS+Mobile.pdf&p_Reference=SEVD-2018-039-02
Trust: 0.8
title:Patch for Schneider Electric IGSS Mobile Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/122057
Trust: 0.6
title:Schneider Electric IGSS Mobile Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99877
Trust: 0.6
title: - url:https://github.com/zzzteph/zzzteph 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-05675 // 
            
            
            
            VULMON: CVE-2017-9969 // 
            
            
            
            JVNDB: JVNDB-2017-012625 // 
            
            
            
            CNNVD: CNNVD-201706-1079

EXTERNAL IDS
db:NVDid:CVE-2017-9969
Trust: 3.4
db:ICS CERTid:ICSA-18-046-03
Trust: 2.8
db:BIDid:103046
Trust: 2.6
db:SCHNEIDERid:SEVD-2018-039-02
Trust: 2.0
db:JVNDBid:JVNDB-2017-012625
Trust: 0.8
db:CNVDid:CNVD-2018-05675
Trust: 0.6
db:CNNVDid:CNNVD-201706-1079
Trust: 0.6
db:VULMONid:CVE-2017-9969
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-05675 // 
            
            
            
            VULMON: CVE-2017-9969 // 
            
            
            
            BID: 103046 // 
            
            
            
            JVNDB: JVNDB-2017-012625 // 
            
            
            
            CNNVD: CNNVD-201706-1079 // 
            
            
            
            NVD: CVE-2017-9969

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-046-03
Trust: 2.9
url:https://www.schneider-electric.com/en/download/document/sevd-2018-039-02/
Trust: 1.7
url:http://www.securityfocus.com/bid/103046
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2017-9969
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9969
Trust: 0.8
url:http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true
Trust: 0.3
url:https://download.schneider-electric.com/files?p_endoctype=technical+leaflet&p_file_id=9111551123&p_file_name=sevd-2018-039-02+igss+mobile.pdf&p_reference=sevd-2018-039-02
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/522.html
Trust: 0.1
url:https://tools.cisco.com/security/center/viewalert.x?alertid=56857
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-05675 // 
            
            
            
            VULMON: CVE-2017-9969 // 
            
            
            
            BID: 103046 // 
            
            
            
            JVNDB: JVNDB-2017-012625 // 
            
            
            
            CNNVD: CNNVD-201706-1079 // 
            
            
            
            NVD: CVE-2017-9969

CREDITS
Alexander Bolshev (IOActive) and Ivan Yushkevich (Embedi)
Trust: 0.3
sources:
            
            
            BID: 103046

SOURCES
db:CNVDid:CNVD-2018-05675
db:VULMONid:CVE-2017-9969
db:BIDid:103046
db:JVNDBid:JVNDB-2017-012625
db:CNNVDid:CNNVD-201706-1079
db:NVDid:CVE-2017-9969

LAST UPDATE DATE
2024-11-23T22:30:30.250000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-05675date:2018-03-20T00:00:00
db:VULMONid:CVE-2017-9969date:2019-10-03T00:00:00
db:BIDid:103046date:2018-02-08T00:00:00
db:JVNDBid:JVNDB-2017-012625date:2018-03-28T00:00:00
db:CNNVDid:CNNVD-201706-1079date:2019-10-23T00:00:00
db:NVDid:CVE-2017-9969date:2024-11-21T03:37:16.493

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-05675date:2018-03-20T00:00:00
db:VULMONid:CVE-2017-9969date:2018-02-12T00:00:00
db:BIDid:103046date:2018-02-08T00:00:00
db:JVNDBid:JVNDB-2017-012625date:2018-03-28T00:00:00
db:CNNVDid:CNNVD-201706-1079date:2017-06-27T00:00:00
db:NVDid:CVE-2017-9969date:2018-02-12T23:29:00.403