Search

Find a vulnerability

Search criteria

    3 vulnerabilities by envitech

    VAR-201710-1319

    Vulnerability from variot - Updated: 2025-04-20 23:19

    An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely. Envidas Ultimate is Envitech Ltd's intelligent, versatile, multi-site continuous emissions monitoring and data acquisition system. Envitech EnviDAS Ultimate is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201710-1319",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "envidas ultimate",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "envitech",
            "version": "1.0.0.4"
          },
          {
            "model": "envidas ultimate",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "envitech",
            "version": "1.0.0.5"
          },
          {
            "model": "envidas ultimate",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "envitech",
            "version": "v1.0.0.5"
          },
          {
            "model": "envidas ultimate",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "envitech",
            "version": "1.0.0.4"
          },
          {
            "model": "ltd envidas ultimate",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "envitech",
            "version": "1.0.0.4"
          },
          {
            "model": "ltd envidas ultimate",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "envitech",
            "version": "1.0.0.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "envidas ultimate",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-29974"
          },
          {
            "db": "BID",
            "id": "101249"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009513"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-577"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9625"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:envitech:envidas_ultimate",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009513"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Can Demirel and Deniz ?evik of Biznet Bilisim",
        "sources": [
          {
            "db": "BID",
            "id": "101249"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-9625",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-9625",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 8.5,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-29974",
                "impactScore": 7.8,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 8.5,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7",
                "impactScore": 7.8,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-9625",
                "impactScore": 4.2,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-9625",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-9625",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-29974",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201710-577",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-29974"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009513"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-577"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9625"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely. Envidas Ultimate is Envitech Ltd\u0027s intelligent, versatile, multi-site continuous emissions monitoring and data acquisition system. Envitech EnviDAS Ultimate is prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-9625"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009513"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-29974"
          },
          {
            "db": "BID",
            "id": "101249"
          },
          {
            "db": "IVD",
            "id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-9625",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-285-03",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "101249",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-29974",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-577",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009513",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "3A32BA24-6E0F-4236-9CC1-A3BF2668DDE7",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-29974"
          },
          {
            "db": "BID",
            "id": "101249"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009513"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-577"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9625"
          }
        ]
      },
      "id": "VAR-201710-1319",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-29974"
          }
        ],
        "trust": 1.425
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-29974"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:19:45.435000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.envitech.co.il/"
          },
          {
            "title": "Envitech Ltd EnviDAS Ultimate authentication bypass vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/103555"
          },
          {
            "title": "Envitech EnviDAS Ultimate Remediation measures for authorization problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100113"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-29974"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009513"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-577"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009513"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9625"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-285-03"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/101249"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9625"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9625"
          },
          {
            "trust": 0.3,
            "url": "http://envitech.co.il/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-29974"
          },
          {
            "db": "BID",
            "id": "101249"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009513"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-577"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9625"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-29974"
          },
          {
            "db": "BID",
            "id": "101249"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-009513"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-577"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9625"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-10-13T00:00:00",
            "db": "IVD",
            "id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
          },
          {
            "date": "2017-10-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-29974"
          },
          {
            "date": "2017-10-12T00:00:00",
            "db": "BID",
            "id": "101249"
          },
          {
            "date": "2017-11-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-009513"
          },
          {
            "date": "2017-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201710-577"
          },
          {
            "date": "2017-10-17T22:29:00.463000",
            "db": "NVD",
            "id": "CVE-2017-9625"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-10-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-29974"
          },
          {
            "date": "2017-10-12T00:00:00",
            "db": "BID",
            "id": "101249"
          },
          {
            "date": "2017-11-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-009513"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201710-577"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-9625"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-577"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Envitech Ltd EnviDAS Ultimate Authentication Bypass Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-29974"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-577"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2017-9625 (GCVE-0-2017-9625)

    Vulnerability from nvd – Published: 2017-10-17 22:00 – Updated: 2024-08-05 17:11
    VLAI
    Summary
    An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Envitech Ltd. EnviDAS Ultimate Affected: Envitech Ltd. EnviDAS Ultimate
    Date Public
    2017-10-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:11:02.334Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "101249",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101249"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Envitech Ltd. EnviDAS Ultimate",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Envitech Ltd. EnviDAS Ultimate"
                }
              ]
            }
          ],
          "datePublic": "2017-10-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-18T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "name": "101249",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101249"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2017-9625",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Envitech Ltd. EnviDAS Ultimate",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Envitech Ltd. EnviDAS Ultimate"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "101249",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101249"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2017-9625",
        "datePublished": "2017-10-17T22:00:00.000Z",
        "dateReserved": "2017-06-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:11:02.334Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-9625 (GCVE-0-2017-9625)

    Vulnerability from cvelistv5 – Published: 2017-10-17 22:00 – Updated: 2024-08-05 17:11
    VLAI
    Summary
    An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Envitech Ltd. EnviDAS Ultimate Affected: Envitech Ltd. EnviDAS Ultimate
    Date Public
    2017-10-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:11:02.334Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "101249",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101249"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Envitech Ltd. EnviDAS Ultimate",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Envitech Ltd. EnviDAS Ultimate"
                }
              ]
            }
          ],
          "datePublic": "2017-10-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-18T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "name": "101249",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101249"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2017-9625",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Envitech Ltd. EnviDAS Ultimate",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Envitech Ltd. EnviDAS Ultimate"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "101249",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101249"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2017-9625",
        "datePublished": "2017-10-17T22:00:00.000Z",
        "dateReserved": "2017-06-14T00:00:00.000Z",
        "dateUpdated": "2024-08-05T17:11:02.334Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }