Sign-up

ID

VAR-201809-0032


CVE

CVE-2017-16714


TITLE

Ice Qube Thermal Management Center Information Disclosure Vulnerability

Trust: 0.8

sources: IVD: e2f92381-39ab-11e9-89b7-000c29342cb1 // CNVD: CNVD-2018-18113

DESCRIPTION

In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication. Ice Qube Thermal Management Center Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Ice Qube Thermal Management Center is a thermal management application from Ice Qube, USA. The program includes email notifications, remote management, LCD display and temperature alarms. An attacker could exploit this vulnerability to obtain sensitive information

Trust: 2.61

sources: NVD: CVE-2017-16714 // JVNDB: JVNDB-2017-014266 // CNVD: CNVD-2018-18113 // BID: 105303 // IVD: e2f92381-39ab-11e9-89b7-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2f92381-39ab-11e9-89b7-000c29342cb1 // CNVD: CNVD-2018-18113

AFFECTED PRODUCTS

vendor:icequbemodel:thermal management centerscope:ltversion:4.13

Trust: 1.0

vendor:ice qubemodel:thermal management centerscope:ltversion:4.13

Trust: 0.8

vendor:icemodel:qube thermal management centerscope:ltversion:4.13

Trust: 0.6

vendor:icemodel:qube thermal management centerscope:eqversion:0

Trust: 0.3

vendor:icemodel:qube thermal management centerscope:neversion:4.13

Trust: 0.3

vendor:thermal management centermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2f92381-39ab-11e9-89b7-000c29342cb1 // CNVD: CNVD-2018-18113 // BID: 105303 // JVNDB: JVNDB-2017-014266 // NVD: CVE-2017-16714

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-16714
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-16714
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-18113
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201809-308
value: CRITICAL

Trust: 0.6

IVD: e2f92381-39ab-11e9-89b7-000c29342cb1
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2017-16714
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-18113
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f92381-39ab-11e9-89b7-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2017-16714
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2f92381-39ab-11e9-89b7-000c29342cb1 // CNVD: CNVD-2018-18113 // JVNDB: JVNDB-2017-014266 // CNNVD: CNNVD-201809-308 // NVD: CVE-2017-16714

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.0

problemtype:CWE-256

Trust: 1.0

problemtype:CWE-255

Trust: 0.8

sources: JVNDB: JVNDB-2017-014266 // NVD: CVE-2017-16714

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-308

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201809-308

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014266

PATCH
title:Thermal Managementurl:https://www.iceqube.com/options-accessories/thermal-management/
Trust: 0.8
title:Ice Qube Thermal Management Center Information Disclosure Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/139771
Trust: 0.6
title:Ice Qube Thermal Management Center Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84629
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-18113 // 
            
            
            
            JVNDB: JVNDB-2017-014266 // 
            
            
            
            CNNVD: CNNVD-201809-308

EXTERNAL IDS
db:NVDid:CVE-2017-16714
Trust: 3.5
db:ICS CERTid:ICSA-18-249-01
Trust: 3.3
db:BIDid:105303
Trust: 1.9
db:CNVDid:CNVD-2018-18113
Trust: 0.8
db:CNNVDid:CNNVD-201809-308
Trust: 0.8
db:JVNDBid:JVNDB-2017-014266
Trust: 0.8
db:IVDid:E2F92381-39AB-11E9-89B7-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: e2f92381-39ab-11e9-89b7-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-18113 // 
            
            
            
            BID: 105303 // 
            
            
            
            JVNDB: JVNDB-2017-014266 // 
            
            
            
            CNNVD: CNNVD-201809-308 // 
            
            
            
            NVD: CVE-2017-16714

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-249-01
Trust: 3.3
url:http://www.securityfocus.com/bid/105303
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16714
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-16714
Trust: 0.8
url:https://www.iceqube.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-18113 // 
            
            
            
            BID: 105303 // 
            
            
            
            JVNDB: JVNDB-2017-014266 // 
            
            
            
            CNNVD: CNNVD-201809-308 // 
            
            
            
            NVD: CVE-2017-16714

CREDITS
Maxim Rupp
Trust: 0.3
sources:
            
            
            BID: 105303

SOURCES
db:IVDid:e2f92381-39ab-11e9-89b7-000c29342cb1
db:CNVDid:CNVD-2018-18113
db:BIDid:105303
db:JVNDBid:JVNDB-2017-014266
db:CNNVDid:CNNVD-201809-308
db:NVDid:CVE-2017-16714

LAST UPDATE DATE
2024-11-23T22:21:56.559000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-18113date:2018-09-10T00:00:00
db:BIDid:105303date:2018-09-06T00:00:00
db:JVNDBid:JVNDB-2017-014266date:2018-12-10T00:00:00
db:CNNVDid:CNNVD-201809-308date:2019-10-17T00:00:00
db:NVDid:CVE-2017-16714date:2024-11-21T03:16:50.333

SOURCES RELEASE DATE
db:IVDid:e2f92381-39ab-11e9-89b7-000c29342cb1date:2018-09-10T00:00:00
db:CNVDid:CNVD-2018-18113date:2018-09-10T00:00:00
db:BIDid:105303date:2018-09-06T00:00:00
db:JVNDBid:JVNDB-2017-014266date:2018-12-10T00:00:00
db:CNNVDid:CNNVD-201809-308date:2018-09-07T00:00:00
db:NVDid:CVE-2017-16714date:2018-09-06T19:29:00.377