{"containers": {"cna": {"affected": [{"product": "INGEPAC DA AU", "vendor": "Ingeteam", "versions": [{"lessThanOrEqual": "AUC_1.13.0.28", "status": "affected", "version": "AUC_1.13.0.28", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Industrial Cybersecurity team of S21sec, special mention to Jacinto Moral Matell\u00e1n."}], "datePublic": "2021-10-20T00:00:00", "descriptions": [{"lang": "en", "value": "Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allows access to a certain path that contains sensitive information that could be used by an attacker to execute more sophisticated attacks. An unauthenticated remote attacker with access to the device\u00b4s web service could exploit this vulnerability in order to obtain different configuration files."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-25T13:33:40", "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/information-exposure-ingepac-da-au"}], "solutions": [{"lang": "en", "value": "All the firmware versions from AUC_1.14.0.29 fix this issue."}], "source": {"advisory": "INCIBE-2021-0429", "discovery": "EXTERNAL"}, "title": "Information Exposure in INGEPAC DA AU", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-coordination@incibe.es", "DATE_PUBLIC": "2021-10-20T09:00:00.000Z", "ID": "CVE-2017-20007", "STATE": "PUBLIC", "TITLE": "Information Exposure in INGEPAC DA AU"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "INGEPAC DA AU", "version": {"version_data": [{"version_affected": "<=", "version_name": "AUC_1.13.0.28", "version_value": "AUC_1.13.0.28"}]}}]}, "vendor_name": "Ingeteam"}]}}, "credit": [{"lang": "eng", "value": "Industrial Cybersecurity team of S21sec, special mention to Jacinto Moral Matell\u00e1n."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allows access to a certain path that contains sensitive information that could be used by an attacker to execute more sophisticated attacks. An unauthenticated remote attacker with access to the device\u00b4s web service could exploit this vulnerability in order to obtain different configuration files."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"}]}]}, "references": {"reference_data": [{"name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/information-exposure-ingepac-da-au", "refsource": "CONFIRM", "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/information-exposure-ingepac-da-au"}]}, "solution": [{"lang": "en", "value": "All the firmware versions from AUC_1.14.0.29 fix this issue."}], "source": {"advisory": "INCIBE-2021-0429", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:45:24.444Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/information-exposure-ingepac-da-au"}]}]}, "cveMetadata": {"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "assignerShortName": "INCIBE", "cveId": "CVE-2017-20007", "datePublished": "2021-10-25T13:33:40.894090Z", "dateReserved": "2021-09-29T00:00:00", "dateUpdated": "2024-09-17T00:51:13.127Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ingeteam:ingepac_da_au_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "69843CF9-1FDA-4003-9D98-B07D4A10500D", "versionEndIncluding": "auc_1.13.0.28", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ingeteam:ingepac_da_au:-:*:*:*:*:*:*:*", "matchCriteriaId": "704C1AD2-2698-4F05-801D-96E5231FFB24", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allows access to a certain path that contains sensitive information that could be used by an attacker to execute more sophisticated attacks. An unauthenticated remote attacker with access to the device\u00b4s web service could exploit this vulnerability in order to obtain different configuration files."}, {"lang": "es", "value": "La aplicaci\u00f3n web Ingeteam INGEPAC DA AU versiones AUC_1.13.0.28 (y anteriores), permiten el acceso a una determinada ruta que contiene informaci\u00f3n confidencial que podr\u00eda ser usada por un atacante para ejecutar ataques m\u00e1s sofisticados. Un atacante remoto no autenticado con acceso al servicio web del dispositivo podr\u00eda explotar esta vulnerabilidad para obtener diferentes archivos de configuraci\u00f3n"}], "id": "CVE-2017-20007", "lastModified": "2024-11-21T03:22:26.250", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cve-coordination@incibe.es", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-25T14:15:08.537", "references": [{"source": "cve-coordination@incibe.es", "tags": ["Third Party Advisory"], "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/information-exposure-ingepac-da-au"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/information-exposure-ingepac-da-au"}], "sourceIdentifier": "cve-coordination@incibe.es", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "cve-coordination@incibe.es", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}