Sign-up

ID

VAR-201809-0055


CVE

CVE-2017-14026


TITLE

Ice Qube Thermal Management Center Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014267

DESCRIPTION

In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information. Ice Qube Thermal Management Center Contains an authentication vulnerability.Information may be obtained. The program includes email notifications, remote management, LCD display and temperature alarms. Attackers may exploit these issues to gain unauthorized access to the affected device or to obtain sensitive information that may aid in launching further attacks

Trust: 2.61

sources: NVD: CVE-2017-14026 // JVNDB: JVNDB-2017-014267 // CNVD: CNVD-2018-18145 // BID: 105303 // IVD: e2f971a2-39ab-11e9-9f8b-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2f971a2-39ab-11e9-9f8b-000c29342cb1 // CNVD: CNVD-2018-18145

AFFECTED PRODUCTS

vendor:icequbemodel:thermal management centerscope:ltversion:4.13

Trust: 1.0

vendor:ice qubemodel:thermal management centerscope:ltversion:4.13

Trust: 0.8

vendor:icemodel:qube thermal management centerscope:ltversion:4.13

Trust: 0.6

vendor:icemodel:qube thermal management centerscope:eqversion:0

Trust: 0.3

vendor:icemodel:qube thermal management centerscope:neversion:4.13

Trust: 0.3

vendor:thermal management centermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2f971a2-39ab-11e9-9f8b-000c29342cb1 // CNVD: CNVD-2018-18145 // BID: 105303 // JVNDB: JVNDB-2017-014267 // NVD: CVE-2017-14026

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14026
value: HIGH

Trust: 1.0

NVD: CVE-2017-14026
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-18145
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201708-1249
value: HIGH

Trust: 0.6

IVD: e2f971a2-39ab-11e9-9f8b-000c29342cb1
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2017-14026
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-18145
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:C/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f971a2-39ab-11e9-9f8b-000c29342cb1
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:C/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2017-14026
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: e2f971a2-39ab-11e9-9f8b-000c29342cb1 // CNVD: CNVD-2018-18145 // JVNDB: JVNDB-2017-014267 // CNNVD: CNNVD-201708-1249 // NVD: CVE-2017-14026

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2017-014267 // NVD: CVE-2017-14026

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-1249

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201708-1249

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014267

PATCH
title:Thermal Managementurl:https://www.iceqube.com/options-accessories/thermal-management/
Trust: 0.8
title:Ice Qube Thermal Management Center authentication bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/139787
Trust: 0.6
title:Ice Qube Thermal Management Center Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100012
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-18145 // 
            
            
            
            JVNDB: JVNDB-2017-014267 // 
            
            
            
            CNNVD: CNNVD-201708-1249

EXTERNAL IDS
db:NVDid:CVE-2017-14026
Trust: 3.5
db:ICS CERTid:ICSA-18-249-01
Trust: 2.7
db:BIDid:105303
Trust: 1.9
db:CNVDid:CNVD-2018-18145
Trust: 0.8
db:CNNVDid:CNNVD-201708-1249
Trust: 0.8
db:JVNDBid:JVNDB-2017-014267
Trust: 0.8
db:IVDid:E2F971A2-39AB-11E9-9F8B-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: e2f971a2-39ab-11e9-9f8b-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-18145 // 
            
            
            
            BID: 105303 // 
            
            
            
            JVNDB: JVNDB-2017-014267 // 
            
            
            
            CNNVD: CNNVD-201708-1249 // 
            
            
            
            NVD: CVE-2017-14026

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-249-01
Trust: 2.7
url:http://www.securityfocus.com/bid/105303
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2017-14026
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14026
Trust: 0.8
url:https://www.iceqube.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-18145 // 
            
            
            
            BID: 105303 // 
            
            
            
            JVNDB: JVNDB-2017-014267 // 
            
            
            
            CNNVD: CNNVD-201708-1249 // 
            
            
            
            NVD: CVE-2017-14026

CREDITS
Maxim Rupp
Trust: 0.3
sources:
            
            
            BID: 105303

SOURCES
db:IVDid:e2f971a2-39ab-11e9-9f8b-000c29342cb1
db:CNVDid:CNVD-2018-18145
db:BIDid:105303
db:JVNDBid:JVNDB-2017-014267
db:CNNVDid:CNNVD-201708-1249
db:NVDid:CVE-2017-14026

LAST UPDATE DATE
2024-11-23T22:21:56.594000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-18145date:2018-09-10T00:00:00
db:BIDid:105303date:2018-09-06T00:00:00
db:JVNDBid:JVNDB-2017-014267date:2018-12-11T00:00:00
db:CNNVDid:CNNVD-201708-1249date:2019-10-17T00:00:00
db:NVDid:CVE-2017-14026date:2024-11-21T03:11:59.333

SOURCES RELEASE DATE
db:IVDid:e2f971a2-39ab-11e9-9f8b-000c29342cb1date:2018-09-10T00:00:00
db:CNVDid:CNVD-2018-18145date:2018-10-25T00:00:00
db:BIDid:105303date:2018-09-06T00:00:00
db:JVNDBid:JVNDB-2017-014267date:2018-12-11T00:00:00
db:CNNVDid:CNNVD-201708-1249date:2017-08-31T00:00:00
db:NVDid:CVE-2017-14026date:2018-09-06T19:29:00.253