CVE-2017-6049 - Vulnerability Details

Vendors	Products
3m	Detcon Sitewatch Gateway

Link	Providers
https://ics-cert.us-cert.gov/advisories/ICSA-17-136-01

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Sitewatch Gateway", "vendor": "Detcon", "versions": [{"status": "affected", "version": "All versions affected except cellular versions."}]}], "datePublic": "2017-05-16T00:00:00", "descriptions": [{"lang": "en", "value": "Detcon Sitewatch Gateway, all versions without cellular, an attacker can edit settings on the device using a specially crafted URL."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-256", "description": "PLAINTEXT STORAGE OF A PASSWORD CWE-256", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-04-02T19:39:25", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-136-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-6049", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Sitewatch Gateway", "version": {"version_data": [{"version_value": "All versions affected except cellular versions."}]}}]}, "vendor_name": "Detcon"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Detcon Sitewatch Gateway, all versions without cellular, an attacker can edit settings on the device using a specially crafted URL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "PLAINTEXT STORAGE OF A PASSWORD CWE-256"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-136-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-136-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:18:49.695Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-136-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-6049", "datePublished": "2019-04-02T19:39:25", "dateReserved": "2017-02-16T00:00:00", "dateUpdated": "2024-08-05T15:18:49.695Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Sitewatch Gateway (string)

vendor : Detcon (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions affected except cellular versions. (string)

}

]

}

]

datePublic : 2017-05-16T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Detcon Sitewatch Gateway, all versions without cellular, an attacker can edit settings on the device using a specially crafted URL. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-256 (string)

description : PLAINTEXT STORAGE OF A PASSWORD CWE-256 (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2019-04-02T19:39:25 (string)

orgId : 7d14cffa-0d7d-4270-9dc0-52cabd5a23a6 (string)

shortName : icscert (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://ics-cert.us-cert.gov/advisories/ICSA-17-136-01 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : ics-cert@hq.dhs.gov (string)

ID : CVE-2017-6049 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Sitewatch Gateway (string)

version : { »

version_data : [ »

0 : { »

version_value : All versions affected except cellular versions. (string)

}

]

}

]

}

vendor_name : Detcon (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Detcon Sitewatch Gateway, all versions without cellular, an attacker can edit settings on the device using a specially crafted URL. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : PLAINTEXT STORAGE OF A PASSWORD CWE-256 (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://ics-cert.us-cert.gov/advisories/ICSA-17-136-01 (string)

refsource : MISC (string)

url : https://ics-cert.us-cert.gov/advisories/ICSA-17-136-01 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T15:18:49.695Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://ics-cert.us-cert.gov/advisories/ICSA-17-136-01 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 7d14cffa-0d7d-4270-9dc0-52cabd5a23a6 (string)

assignerShortName : icscert (string)

cveId : CVE-2017-6049 (string)

datePublished : 2019-04-02T19:39:25 (string)

dateReserved : 2017-02-16T00:00:00 (string)

dateUpdated : 2024-08-05T15:18:49.695Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:3m:detcon_sitewatch_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "921E1764-D113-401C-AB30-8945AEACA7F5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Detcon Sitewatch Gateway, all versions without cellular, an attacker can edit settings on the device using a specially crafted URL."}, {"lang": "es", "value": "En todas las versiones de Detcon Sitewatch Gateway sin celular, un atacante puede editar los ajustes del dispositivo utilizando una URL especialmente manipulada."}], "id": "CVE-2017-6049", "lastModified": "2024-11-21T03:28:59.313", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-02T20:29:00.333", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-136-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-136-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-256"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:3m:detcon_sitewatch_gateway:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 921E1764-D113-401C-AB30-8945AEACA7F5 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Detcon Sitewatch Gateway, all versions without cellular, an attacker can edit settings on the device using a specially crafted URL. (string)

}

1 : { »

lang : es (string)

value : En todas las versiones de Detcon Sitewatch Gateway sin celular, un atacante puede editar los ajustes del dispositivo utilizando una URL especialmente manipulada. (string)

}

]

id : CVE-2017-6049 (string)

lastModified : 2024-11-21T03:28:59.313 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2019-04-02T20:29:00.333 (string)

references : [ »

0 : { »

source : ics-cert@hq.dhs.gov (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : https://ics-cert.us-cert.gov/advisories/ICSA-17-136-01 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : https://ics-cert.us-cert.gov/advisories/ICSA-17-136-01 (string)

}

]

sourceIdentifier : ics-cert@hq.dhs.gov (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-256 (string)

}

]

source : ics-cert@hq.dhs.gov (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-287 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object