Sign-up

ID

VAR-201904-0537


CVE

CVE-2017-6049


TITLE

Detcon Sitewatch Gateway Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-014414

DESCRIPTION

Detcon Sitewatch Gateway, all versions without cellular, an attacker can edit settings on the device using a specially crafted URL. Detcon Sitewatch Gateway Contains an authentication vulnerability.Information may be tampered with. DetconSiteWatchGateway is a gateway device from Detcon Corporation of the United States. An authentication vulnerability exists in DetconSiteWatchGateway. Attackers may exploit these issues to execute arbitrary code, gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks

Trust: 2.7

sources: NVD: CVE-2017-6049 // JVNDB: JVNDB-2017-014414 // CNVD: CNVD-2017-07181 // BID: 98487 // IVD: 749a68e1-5a88-4b14-9e6e-74d487eca602 // VULHUB: VHN-114252

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 749a68e1-5a88-4b14-9e6e-74d487eca602 // CNVD: CNVD-2017-07181

AFFECTED PRODUCTS

vendor:3mmodel:detcon sitewatch gatewayscope:eqversion:*

Trust: 1.0

vendor:3mmodel:detcon sitewatch gatewayscope: - version: -

Trust: 0.8

vendor:detconmodel:sitewatch gatewayscope: - version: -

Trust: 0.6

vendor:detconmodel:sitewatch gatewayscope:eqversion:0

Trust: 0.3

vendor:detcon sitewatch gatewaymodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 749a68e1-5a88-4b14-9e6e-74d487eca602 // CNVD: CNVD-2017-07181 // BID: 98487 // JVNDB: JVNDB-2017-014414 // NVD: CVE-2017-6049

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6049
value: HIGH

Trust: 1.0

NVD: CVE-2017-6049
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-07181
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201705-768
value: HIGH

Trust: 0.6

IVD: 749a68e1-5a88-4b14-9e6e-74d487eca602
value: HIGH

Trust: 0.2

VULHUB: VHN-114252
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6049
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-07181
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 749a68e1-5a88-4b14-9e6e-74d487eca602
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-114252
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6049
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: 749a68e1-5a88-4b14-9e6e-74d487eca602 // CNVD: CNVD-2017-07181 // VULHUB: VHN-114252 // JVNDB: JVNDB-2017-014414 // CNNVD: CNNVD-201705-768 // NVD: CVE-2017-6049

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

problemtype:CWE-256

Trust: 1.0

sources: VULHUB: VHN-114252 // JVNDB: JVNDB-2017-014414 // NVD: CVE-2017-6049

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-768

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201705-768

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-014414

PATCH
title:Top Pageurl:https://gasdetection.3m.com/en
Trust: 0.8
title:Patch for DetconSiteWatchGateway Authentication Vulnerability (CNVD-2017-07181)url:https://www.cnvd.org.cn/patchInfo/show/94078
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-07181 // 
            
            
            
            JVNDB: JVNDB-2017-014414

EXTERNAL IDS
db:NVDid:CVE-2017-6049
Trust: 3.6
db:ICS CERTid:ICSA-17-136-01
Trust: 3.4
db:CNNVDid:CNNVD-201705-768
Trust: 0.9
db:CNVDid:CNVD-2017-07181
Trust: 0.8
db:JVNDBid:JVNDB-2017-014414
Trust: 0.8
db:BIDid:98487
Trust: 0.3
db:IVDid:749A68E1-5A88-4B14-9E6E-74D487ECA602
Trust: 0.2
db:VULHUBid:VHN-114252
Trust: 0.1
sources:
            
            
            IVD: 749a68e1-5a88-4b14-9e6e-74d487eca602 // 
            
            
            
            CNVD: CNVD-2017-07181 // 
            
            
            
            VULHUB: VHN-114252 // 
            
            
            
            BID: 98487 // 
            
            
            
            JVNDB: JVNDB-2017-014414 // 
            
            
            
            CNNVD: CNNVD-201705-768 // 
            
            
            
            NVD: CVE-2017-6049

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-17-136-01
Trust: 3.4
url:https://nvd.nist.gov/vuln/detail/cve-2017-6049
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6049
Trust: 0.8
url:http://www.detcon.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-07181 // 
            
            
            
            VULHUB: VHN-114252 // 
            
            
            
            BID: 98487 // 
            
            
            
            JVNDB: JVNDB-2017-014414 // 
            
            
            
            CNNVD: CNNVD-201705-768 // 
            
            
            
            NVD: CVE-2017-6049

CREDITS
Maxim Rupp
Trust: 0.3
sources:
            
            
            BID: 98487

SOURCES
db:IVDid:749a68e1-5a88-4b14-9e6e-74d487eca602
db:CNVDid:CNVD-2017-07181
db:VULHUBid:VHN-114252
db:BIDid:98487
db:JVNDBid:JVNDB-2017-014414
db:CNNVDid:CNNVD-201705-768
db:NVDid:CVE-2017-6049

LAST UPDATE DATE
2024-11-23T21:37:28.727000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-07181date:2017-05-22T00:00:00
db:VULHUBid:VHN-114252date:2019-10-09T00:00:00
db:BIDid:98487date:2017-05-16T00:00:00
db:JVNDBid:JVNDB-2017-014414date:2019-05-09T00:00:00
db:CNNVDid:CNNVD-201705-768date:2019-10-10T00:00:00
db:NVDid:CVE-2017-6049date:2024-11-21T03:28:59.313

SOURCES RELEASE DATE
db:IVDid:749a68e1-5a88-4b14-9e6e-74d487eca602date:2017-05-22T00:00:00
db:CNVDid:CNVD-2017-07181date:2017-05-22T00:00:00
db:VULHUBid:VHN-114252date:2019-04-02T00:00:00
db:BIDid:98487date:2017-05-16T00:00:00
db:JVNDBid:JVNDB-2017-014414date:2019-05-09T00:00:00
db:CNNVDid:CNNVD-201705-768date:2017-05-17T00:00:00
db:NVDid:CVE-2017-6049date:2019-04-02T20:29:00.333