Sign-up

ID

VAR-201904-0536


CVE

CVE-2017-6047


TITLE

Detcon SiteWatch Gateway Authentication vulnerability

Trust: 0.8

sources: IVD: bc96abd0-4a1b-472e-ac37-5e4399021d6f // CNVD: CNVD-2017-07182

DESCRIPTION

Detcon Sitewatch Gateway, all versions without cellular, Passwords are presented in plaintext in a file that is accessible without authentication. Detcon Sitewatch Gateway Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. DetconSiteWatchGateway is a gateway device from Detcon Corporation of the United States. An authentication vulnerability exists in DetconSiteWatchGateway. An attacker could exploit the vulnerability to change settings with a specially crafted URL. Attackers may exploit these issues to execute arbitrary code, gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks

Trust: 2.7

sources: NVD: CVE-2017-6047 // JVNDB: JVNDB-2017-014415 // CNVD: CNVD-2017-07182 // BID: 98487 // IVD: bc96abd0-4a1b-472e-ac37-5e4399021d6f // VULHUB: VHN-114250

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: bc96abd0-4a1b-472e-ac37-5e4399021d6f // CNVD: CNVD-2017-07182

AFFECTED PRODUCTS

vendor:3mmodel:detcon sitewatch gatewayscope:eqversion: -

Trust: 1.0

vendor:3mmodel:detcon sitewatch gatewayscope: - version: -

Trust: 0.8

vendor:detconmodel:sitewatch gatewayscope: - version: -

Trust: 0.6

vendor:detconmodel:sitewatch gatewayscope:eqversion:0

Trust: 0.3

vendor:detcon sitewatch gatewaymodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: bc96abd0-4a1b-472e-ac37-5e4399021d6f // CNVD: CNVD-2017-07182 // BID: 98487 // JVNDB: JVNDB-2017-014415 // NVD: CVE-2017-6047

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6047
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-6047
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-07182
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201705-769
value: CRITICAL

Trust: 0.6

IVD: bc96abd0-4a1b-472e-ac37-5e4399021d6f
value: CRITICAL

Trust: 0.2

VULHUB: VHN-114250
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6047
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-07182
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:C/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: bc96abd0-4a1b-472e-ac37-5e4399021d6f
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:C/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-114250
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6047
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: bc96abd0-4a1b-472e-ac37-5e4399021d6f // CNVD: CNVD-2017-07182 // VULHUB: VHN-114250 // JVNDB: JVNDB-2017-014415 // CNNVD: CNNVD-201705-769 // NVD: CVE-2017-6047

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

problemtype:CWE-287

Trust: 1.0

sources: VULHUB: VHN-114250 // JVNDB: JVNDB-2017-014415 // NVD: CVE-2017-6047

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-769

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201705-769

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014415

PATCH
title:Top Pageurl:https://gasdetection.3m.com/en
Trust: 0.8
title:Patch for DetconSiteWatchGateway Authentication Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/94077
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-07182 // 
            
            
            
            JVNDB: JVNDB-2017-014415

EXTERNAL IDS
db:NVDid:CVE-2017-6047
Trust: 3.6
db:ICS CERTid:ICSA-17-136-01
Trust: 3.4
db:CNNVDid:CNNVD-201705-769
Trust: 0.9
db:CNVDid:CNVD-2017-07182
Trust: 0.8
db:JVNDBid:JVNDB-2017-014415
Trust: 0.8
db:BIDid:98487
Trust: 0.3
db:IVDid:BC96ABD0-4A1B-472E-AC37-5E4399021D6F
Trust: 0.2
db:VULHUBid:VHN-114250
Trust: 0.1
sources:
            
            
            IVD: bc96abd0-4a1b-472e-ac37-5e4399021d6f // 
            
            
            
            CNVD: CNVD-2017-07182 // 
            
            
            
            VULHUB: VHN-114250 // 
            
            
            
            BID: 98487 // 
            
            
            
            JVNDB: JVNDB-2017-014415 // 
            
            
            
            CNNVD: CNNVD-201705-769 // 
            
            
            
            NVD: CVE-2017-6047

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-17-136-01
Trust: 3.4
url:https://nvd.nist.gov/vuln/detail/cve-2017-6047
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6047
Trust: 0.8
url:http://www.detcon.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-07182 // 
            
            
            
            VULHUB: VHN-114250 // 
            
            
            
            BID: 98487 // 
            
            
            
            JVNDB: JVNDB-2017-014415 // 
            
            
            
            CNNVD: CNNVD-201705-769 // 
            
            
            
            NVD: CVE-2017-6047

CREDITS
Maxim Rupp
Trust: 0.3
sources:
            
            
            BID: 98487

SOURCES
db:IVDid:bc96abd0-4a1b-472e-ac37-5e4399021d6f
db:CNVDid:CNVD-2017-07182
db:VULHUBid:VHN-114250
db:BIDid:98487
db:JVNDBid:JVNDB-2017-014415
db:CNNVDid:CNNVD-201705-769
db:NVDid:CVE-2017-6047

LAST UPDATE DATE
2024-11-23T21:37:28.767000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-07182date:2017-05-22T00:00:00
db:VULHUBid:VHN-114250date:2019-10-09T00:00:00
db:BIDid:98487date:2017-05-16T00:00:00
db:JVNDBid:JVNDB-2017-014415date:2019-05-09T00:00:00
db:CNNVDid:CNNVD-201705-769date:2019-04-04T00:00:00
db:NVDid:CVE-2017-6047date:2024-11-21T03:28:59.053

SOURCES RELEASE DATE
db:IVDid:bc96abd0-4a1b-472e-ac37-5e4399021d6fdate:2017-05-22T00:00:00
db:CNVDid:CNVD-2017-07182date:2017-05-22T00:00:00
db:VULHUBid:VHN-114250date:2019-04-02T00:00:00
db:BIDid:98487date:2017-05-16T00:00:00
db:JVNDBid:JVNDB-2017-014415date:2019-05-09T00:00:00
db:CNNVDid:CNNVD-201705-769date:2017-05-17T00:00:00
db:NVDid:CVE-2017-6047date:2019-04-02T20:29:00.287