Search
Find a vulnerability
Search criteria
3 vulnerabilities by envitech
VAR-201710-1319
Vulnerability from variot - Updated: 2025-04-20 23:19An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely. Envidas Ultimate is Envitech Ltd's intelligent, versatile, multi-site continuous emissions monitoring and data acquisition system. Envitech EnviDAS Ultimate is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-1319",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "envidas ultimate",
"scope": "lte",
"trust": 1.0,
"vendor": "envitech",
"version": "1.0.0.4"
},
{
"model": "envidas ultimate",
"scope": "lt",
"trust": 0.8,
"vendor": "envitech",
"version": "1.0.0.5"
},
{
"model": "envidas ultimate",
"scope": "lt",
"trust": 0.6,
"vendor": "envitech",
"version": "v1.0.0.5"
},
{
"model": "envidas ultimate",
"scope": "eq",
"trust": 0.6,
"vendor": "envitech",
"version": "1.0.0.4"
},
{
"model": "ltd envidas ultimate",
"scope": "eq",
"trust": 0.3,
"vendor": "envitech",
"version": "1.0.0.4"
},
{
"model": "ltd envidas ultimate",
"scope": "ne",
"trust": 0.3,
"vendor": "envitech",
"version": "1.0.0.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "envidas ultimate",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
},
{
"db": "CNVD",
"id": "CNVD-2017-29974"
},
{
"db": "BID",
"id": "101249"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009513"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-577"
},
{
"db": "NVD",
"id": "CVE-2017-9625"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:envitech:envidas_ultimate",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009513"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Can Demirel and Deniz ?evik of Biznet Bilisim",
"sources": [
{
"db": "BID",
"id": "101249"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9625",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9625",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-29974",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9625",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9625",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9625",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-29974",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-577",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
},
{
"db": "CNVD",
"id": "CNVD-2017-29974"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009513"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-577"
},
{
"db": "NVD",
"id": "CVE-2017-9625"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely. Envidas Ultimate is Envitech Ltd\u0027s intelligent, versatile, multi-site continuous emissions monitoring and data acquisition system. Envitech EnviDAS Ultimate is prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9625"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009513"
},
{
"db": "CNVD",
"id": "CNVD-2017-29974"
},
{
"db": "BID",
"id": "101249"
},
{
"db": "IVD",
"id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9625",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-285-03",
"trust": 3.3
},
{
"db": "BID",
"id": "101249",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-29974",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-577",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009513",
"trust": 0.8
},
{
"db": "IVD",
"id": "3A32BA24-6E0F-4236-9CC1-A3BF2668DDE7",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
},
{
"db": "CNVD",
"id": "CNVD-2017-29974"
},
{
"db": "BID",
"id": "101249"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009513"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-577"
},
{
"db": "NVD",
"id": "CVE-2017-9625"
}
]
},
"id": "VAR-201710-1319",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
},
{
"db": "CNVD",
"id": "CNVD-2017-29974"
}
],
"trust": 1.425
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
},
{
"db": "CNVD",
"id": "CNVD-2017-29974"
}
]
},
"last_update_date": "2025-04-20T23:19:45.435000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.envitech.co.il/"
},
{
"title": "Envitech Ltd EnviDAS Ultimate authentication bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/103555"
},
{
"title": "Envitech EnviDAS Ultimate Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100113"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29974"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009513"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-577"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009513"
},
{
"db": "NVD",
"id": "CVE-2017-9625"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-285-03"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/101249"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9625"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9625"
},
{
"trust": 0.3,
"url": "http://envitech.co.il/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29974"
},
{
"db": "BID",
"id": "101249"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009513"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-577"
},
{
"db": "NVD",
"id": "CVE-2017-9625"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
},
{
"db": "CNVD",
"id": "CNVD-2017-29974"
},
{
"db": "BID",
"id": "101249"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009513"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-577"
},
{
"db": "NVD",
"id": "CVE-2017-9625"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-13T00:00:00",
"db": "IVD",
"id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
},
{
"date": "2017-10-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-29974"
},
{
"date": "2017-10-12T00:00:00",
"db": "BID",
"id": "101249"
},
{
"date": "2017-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009513"
},
{
"date": "2017-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-577"
},
{
"date": "2017-10-17T22:29:00.463000",
"db": "NVD",
"id": "CVE-2017-9625"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-29974"
},
{
"date": "2017-10-12T00:00:00",
"db": "BID",
"id": "101249"
},
{
"date": "2017-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009513"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-577"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9625"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-577"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Envitech Ltd EnviDAS Ultimate Authentication Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "3a32ba24-6e0f-4236-9cc1-a3bf2668dde7"
},
{
"db": "CNVD",
"id": "CNVD-2017-29974"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-577"
}
],
"trust": 0.6
}
}
CVE-2017-9625 (GCVE-0-2017-9625)
Vulnerability from nvd – Published: 2017-10-17 22:00 – Updated: 2024-08-05 17:11
VLAI
Summary
An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/101249 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Envitech Ltd. EnviDAS Ultimate |
Affected:
Envitech Ltd. EnviDAS Ultimate
|
Date Public
2017-10-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:02.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101249",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101249"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Envitech Ltd. EnviDAS Ultimate",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Envitech Ltd. EnviDAS Ultimate"
}
]
}
],
"datePublic": "2017-10-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "101249",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101249"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-9625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Envitech Ltd. EnviDAS Ultimate",
"version": {
"version_data": [
{
"version_value": "Envitech Ltd. EnviDAS Ultimate"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101249",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101249"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-9625",
"datePublished": "2017-10-17T22:00:00.000Z",
"dateReserved": "2017-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:11:02.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9625 (GCVE-0-2017-9625)
Vulnerability from cvelistv5 – Published: 2017-10-17 22:00 – Updated: 2024-08-05 17:11
VLAI
Summary
An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/101249 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Envitech Ltd. EnviDAS Ultimate |
Affected:
Envitech Ltd. EnviDAS Ultimate
|
Date Public
2017-10-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:02.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101249",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101249"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Envitech Ltd. EnviDAS Ultimate",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Envitech Ltd. EnviDAS Ultimate"
}
]
}
],
"datePublic": "2017-10-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "101249",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101249"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-9625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Envitech Ltd. EnviDAS Ultimate",
"version": {
"version_data": [
{
"version_value": "Envitech Ltd. EnviDAS Ultimate"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101249",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101249"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-9625",
"datePublished": "2017-10-17T22:00:00.000Z",
"dateReserved": "2017-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:11:02.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}