Lucene search

IcscertCVE-2017-12733

HistorySep 09, 2017 - 1:29 a.m.

CVE-2017-12733

2017-09-0901:29:02

CWE-306

icscert

web.nvd.nist.gov

cve-2017-12733

missing authentication

critical function

opw fuel management systems

sitesentinel integra

nvd

vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

59.5%

JSON

A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An attacker may create an application user account to gain administrative privileges.

Affected configurations

Nvd

Node

opwglobalsitesentinel_isite_atg_firmwareRange≤175

opwglobalsitesentinel_isite_atg_firmwareMatch16q3.1

opwglobalsitesentinel_isite_atg_firmwareMatch189

opwglobalsitesentinel_isite_atg_firmwareMatch191

opwglobalsitesentinel_isite_atg_firmwareMatch195

AND

opwglobalsitesentinel_isite_atgMatch-

Node

opwglobalsitesentinel_integra_500_firmwareRange≤175

opwglobalsitesentinel_integra_500_firmwareMatch16q3.1

opwglobalsitesentinel_integra_500_firmwareMatch189

opwglobalsitesentinel_integra_500_firmwareMatch191

opwglobalsitesentinel_integra_500_firmwareMatch195

AND

opwglobalsitesentinel_integra_500Match-

Node

opwglobalsitesentinel_integra_100_firmwareRange≤175

opwglobalsitesentinel_integra_100_firmwareMatch16q3.1

opwglobalsitesentinel_integra_100_firmwareMatch189

opwglobalsitesentinel_integra_100_firmwareMatch191

opwglobalsitesentinel_integra_100_firmwareMatch195

AND

opwglobalsitesentinel_integra_100Match-

VendorProductVersionCPE
opwglobalsitesentinel_isite_atg_firmware*cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:*:*:*:*:*:*:*:*
opwglobalsitesentinel_isite_atg_firmware16q3.1cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:16q3.1:*:*:*:*:*:*:*
opwglobalsitesentinel_isite_atg_firmware189cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:189:*:*:*:*:*:*:*
opwglobalsitesentinel_isite_atg_firmware191cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:191:*:*:*:*:*:*:*
opwglobalsitesentinel_isite_atg_firmware195cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:195:*:*:*:*:*:*:*
opwglobalsitesentinel_isite_atg-cpe:2.3:h:opwglobal:sitesentinel_isite_atg:-:*:*:*:*:*:*:*
opwglobalsitesentinel_integra_500_firmware*cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:*:*:*:*:*:*:*:*
opwglobalsitesentinel_integra_500_firmware16q3.1cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:16q3.1:*:*:*:*:*:*:*
opwglobalsitesentinel_integra_500_firmware189cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:189:*:*:*:*:*:*:*
opwglobalsitesentinel_integra_500_firmware191cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:191:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opwglobal	sitesentinel_isite_atg_firmware	*	cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware::::::::
opwglobal	sitesentinel_isite_atg_firmware	16q3.1	cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:16q3.1:::::::*
opwglobal	sitesentinel_isite_atg_firmware	189	cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:189:::::::*
opwglobal	sitesentinel_isite_atg_firmware	191	cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:191:::::::*
opwglobal	sitesentinel_isite_atg_firmware	195	cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:195:::::::*
opwglobal	sitesentinel_isite_atg	-	cpe:2.3:h:opwglobal:sitesentinel_isite_atg:-:::::::*
opwglobal	sitesentinel_integra_500_firmware	*	cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware::::::::
opwglobal	sitesentinel_integra_500_firmware	16q3.1	cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:16q3.1:::::::*
opwglobal	sitesentinel_integra_500_firmware	189	cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:189:::::::*
opwglobal	sitesentinel_integra_500_firmware	191	cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:191:::::::*

Rows per page:

1-10 of 181

CNA Affected

[
  {
    "product": "OPW Fuel Management Systems SiteSentinel Integra and SiteSentinel iSite",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "OPW Fuel Management Systems SiteSentinel Integra and SiteSentinel iSite"
      }
    ]
  }
]

References

www.securityfocus.com/bid/100563

ics-cert.us-cert.gov/advisories/ICSA-17-243-04

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

59.5%

JSON

Related for CVE-2017-12733