mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-09-17 18:45:49 +00:00
254 lines
8.4 KiB
JSON
254 lines
8.4 KiB
JSON
{
|
|
"id": "CVE-2017-12731",
|
|
"sourceIdentifier": "ics-cert@hq.dhs.gov",
|
|
"published": "2017-09-09T01:29:02.393",
|
|
"lastModified": "2019-10-09T23:23:13.060",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A SQL Injection issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. The application is vulnerable to injection of malicious SQL queries via the input from the client."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Existe una vulnerabilidad de inyecci\u00f3n SQL en las consolas de OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500 y SiteSentinel iSite ATG con las siguientes versiones de software: anteriores a la V175, V175-V189, V191-V195 y V16Q3.1. La aplicaci\u00f3n es vulnerable a la inyecci\u00f3n de consultas SQL maliciosas a trav\u00e9s de la entrada del cliente."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 7.5
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-89"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "ics-cert@hq.dhs.gov",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-89"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "175",
|
|
"matchCriteriaId": "A065260A-6ED8-45F2-9190-D4F3F1CA4948"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:16q3.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "316BBC8F-75C9-49D4-8971-A16C67DAAC9B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:189:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7AABDF8A-4058-45BE-9246-5133494BDD80"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:191:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BC929081-714F-4F86-9B84-2E06F7623753"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:195:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9239F35E-C6D2-41D7-A4A1-127C3E607573"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:opwglobal:sitesentinel_isite_atg:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EEB71D3F-AAB9-4333-B47A-524F80ED9F78"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "175",
|
|
"matchCriteriaId": "2F2B9FEC-D4EC-4284-8B11-BD7C1AE46AF7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:16q3.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7527D23C-F614-4317-83C5-DAC1355DE70F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:189:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0D6B6A28-A289-4CF7-9CA4-93A2317306B5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:191:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1DCC190C-2F13-4192-B4CD-F6C404DEC4FC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:195:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A4B4B62F-4828-4E34-ADB5-D5D808D6B0A6"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:opwglobal:sitesentinel_integra_500:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F123D060-C5EA-44CB-AB0A-10D7D94BF96A"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:opwglobal:sitesentinel_integra_100_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "175",
|
|
"matchCriteriaId": "8EA66397-344F-4B95-A742-761D32AB6EF6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:opwglobal:sitesentinel_integra_100_firmware:16q3.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A28ECD62-417B-4FEC-A84A-FD2E2E35A14B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:opwglobal:sitesentinel_integra_100_firmware:189:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DF8E0ABE-2228-431D-92F9-45257AD8D8DD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:opwglobal:sitesentinel_integra_100_firmware:191:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D4FC1AA6-DEEC-4DFA-8EFB-7FE250DA5301"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:opwglobal:sitesentinel_integra_100_firmware:195:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "975D97B5-EB10-4DFF-A9F6-EF5414E55EE6"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:opwglobal:sitesentinel_integra_100:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "32CBB664-CFC2-4F74-969B-3FC73BD4B61A"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/100563",
|
|
"source": "ics-cert@hq.dhs.gov",
|
|
"tags": [
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-243-04",
|
|
"source": "ics-cert@hq.dhs.gov",
|
|
"tags": [
|
|
"Mitigation",
|
|
"Third Party Advisory",
|
|
"US Government Resource",
|
|
"VDB Entry"
|
|
]
|
|
}
|
|
]
|
|
} |