Sign-up

ID

VAR-201806-0155


CVE

CVE-2017-12070


TITLE

OPC Foundation Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-013895

DESCRIPTION

Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code. OPC Foundation Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.62

sources: NVD: CVE-2017-12070 // JVNDB: JVNDB-2017-013895

AFFECTED PRODUCTS

vendor:opcfoundationmodel:ua-.net-legacyscope:eqversion:1.02.336.0

Trust: 1.6

vendor:opcmodel:ua .netscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-013895 // CNNVD: CNNVD-201806-888 // NVD: CVE-2017-12070

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12070
value: HIGH

Trust: 1.0

NVD: CVE-2017-12070
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201806-888
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-12070
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2017-12070
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2017-013895 // CNNVD: CNNVD-201806-888 // NVD: CVE-2017-12070

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2017-013895 // NVD: CVE-2017-12070

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-888

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201806-888

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013895

PATCH
title:Security Update for OPC UA .NET Sample Applicationsurl:https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-12070.pdf
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-013895

EXTERNAL IDS
db:NVDid:CVE-2017-12070
Trust: 2.4
db:JVNDBid:JVNDB-2017-013895
Trust: 0.8
db:CNNVDid:CNNVD-201806-888
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-013895 // 
            
            
            
            CNNVD: CNNVD-201806-888 // 
            
            
            
            NVD: CVE-2017-12070

REFERENCES
url:https://opcfoundation-onlineapplications.org/faq/securitybulletins/opc_foundation_security_bulletin_cve-2017-12070.pdf
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12070
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12070
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-013895 // 
            
            
            
            CNNVD: CNNVD-201806-888 // 
            
            
            
            NVD: CVE-2017-12070

SOURCES
db:JVNDBid:JVNDB-2017-013895
db:CNNVDid:CNNVD-201806-888
db:NVDid:CVE-2017-12070

LAST UPDATE DATE
2024-11-23T22:52:04.742000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2017-013895date:2018-08-21T00:00:00
db:CNNVDid:CNNVD-201806-888date:2018-06-15T00:00:00
db:NVDid:CVE-2017-12070date:2024-11-21T03:08:46.373

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2017-013895date:2018-08-21T00:00:00
db:CNNVDid:CNNVD-201806-888date:2018-06-15T00:00:00
db:NVDid:CVE-2017-12070date:2018-06-14T20:29:00.207