Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    7 vulnerabilities by portrait

    CVE-2025-53919 (GCVE-0-2025-53919)

    Vulnerability from nvd – Published: 2025-12-17 00:00 – Updated: 2025-12-17 19:37
    VLAI
    Summary
    An issue was discovered in the Portrait Dell Color Management application through 3.3.008 for Dell monitors, It creates a temporary folder, with weak permissions, during installation and uninstallation. A low-privileged attacker with local access could potentially exploit this, leading to elevation of privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53919",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-17T19:34:24.155338Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-276",
                    "description": "CWE-276 Incorrect Default Permissions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-17T19:37:11.624Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in the Portrait Dell Color Management application through 3.3.008 for Dell monitors, It creates a temporary folder, with weak permissions, during installation and uninstallation. A low-privileged attacker with local access could potentially exploit this, leading to elevation of privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-17T16:23:11.840Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://portrait.com/dell"
            },
            {
              "url": "https://www.portrait.com/dell-security-cve-updates/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-53919",
        "datePublished": "2025-12-17T00:00:00.000Z",
        "dateReserved": "2025-07-14T00:00:00.000Z",
        "dateUpdated": "2025-12-17T19:37:11.624Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53398 (GCVE-0-2025-53398)

    Vulnerability from nvd – Published: 2025-12-17 00:00 – Updated: 2025-12-18 18:54
    VLAI
    Summary
    The Portrait Dell Color Management application 3.3.8 for Dell monitors has Insecure Permissions,
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53398",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-18T16:01:34.671673Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-276",
                    "description": "CWE-276 Incorrect Default Permissions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-18T18:54:20.240Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Portrait Dell Color Management application 3.3.8 for Dell monitors has Insecure Permissions,"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-17T16:22:09.213Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.portrait.com/dell/"
            },
            {
              "url": "https://www.portrait.com/dell-security-cve-updates/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-53398",
        "datePublished": "2025-12-17T00:00:00.000Z",
        "dateReserved": "2025-06-29T00:00:00.000Z",
        "dateUpdated": "2025-12-18T18:54:20.240Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2017-3210 (GCVE-0-2017-3210)

    Vulnerability from nvd – Published: 2018-07-24 15:00 – Updated: 2024-08-05 14:16
    VLAI
    Title
    Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution
    Summary
    Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://www.securityfocus.com/bid/98006 vdb-entryx_refsource_BID
    https://www.kb.cert.org/vuls/id/219739 third-party-advisoryx_refsource_CERT-VN
    Impacted products
    Vendor Product Version
    Portrait Display SDK Affected: 2.30 , < 2.34* (custom)
    Create a notification for this product.
    Date Public
    2017-04-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:16:28.262Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "98006",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/bid/98006"
              },
              {
                "name": "VU#219739",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/219739"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SDK",
              "vendor": "Portrait Display",
              "versions": [
                {
                  "lessThan": "2.34*",
                  "status": "affected",
                  "version": "2.30",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-04-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-24T14:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "98006",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "https://www.securityfocus.com/bid/98006"
            },
            {
              "name": "VU#219739",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/219739"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Thanks to Werner Schober of SEC Consult for reporting this vulnerability."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2017-3210",
              "STATE": "PUBLIC",
              "TITLE": "Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SDK",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003e",
                                "version_affected": "\u003e",
                                "version_name": "2.34",
                                "version_value": "2.30"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Portrait Display"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-276"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "98006",
                  "refsource": "BID",
                  "url": "https://www.securityfocus.com/bid/98006"
                },
                {
                  "name": "VU#219739",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/219739"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Thanks to Werner Schober of SEC Consult for reporting this vulnerability."
              }
            ],
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2017-3210",
        "datePublished": "2018-07-24T15:00:00.000Z",
        "dateReserved": "2016-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:16:28.262Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-53919 (GCVE-0-2025-53919)

    Vulnerability from cvelistv5 – Published: 2025-12-17 00:00 – Updated: 2025-12-17 19:37
    VLAI
    Summary
    An issue was discovered in the Portrait Dell Color Management application through 3.3.008 for Dell monitors, It creates a temporary folder, with weak permissions, during installation and uninstallation. A low-privileged attacker with local access could potentially exploit this, leading to elevation of privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53919",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-17T19:34:24.155338Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-276",
                    "description": "CWE-276 Incorrect Default Permissions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-17T19:37:11.624Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in the Portrait Dell Color Management application through 3.3.008 for Dell monitors, It creates a temporary folder, with weak permissions, during installation and uninstallation. A low-privileged attacker with local access could potentially exploit this, leading to elevation of privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-17T16:23:11.840Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://portrait.com/dell"
            },
            {
              "url": "https://www.portrait.com/dell-security-cve-updates/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-53919",
        "datePublished": "2025-12-17T00:00:00.000Z",
        "dateReserved": "2025-07-14T00:00:00.000Z",
        "dateUpdated": "2025-12-17T19:37:11.624Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-53398 (GCVE-0-2025-53398)

    Vulnerability from cvelistv5 – Published: 2025-12-17 00:00 – Updated: 2025-12-18 18:54
    VLAI
    Summary
    The Portrait Dell Color Management application 3.3.8 for Dell monitors has Insecure Permissions,
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-53398",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-18T16:01:34.671673Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-276",
                    "description": "CWE-276 Incorrect Default Permissions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-18T18:54:20.240Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Portrait Dell Color Management application 3.3.8 for Dell monitors has Insecure Permissions,"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-17T16:22:09.213Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.portrait.com/dell/"
            },
            {
              "url": "https://www.portrait.com/dell-security-cve-updates/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-53398",
        "datePublished": "2025-12-17T00:00:00.000Z",
        "dateReserved": "2025-06-29T00:00:00.000Z",
        "dateUpdated": "2025-12-18T18:54:20.240Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2017-3210 (GCVE-0-2017-3210)

    Vulnerability from cvelistv5 – Published: 2018-07-24 15:00 – Updated: 2024-08-05 14:16
    VLAI
    Title
    Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution
    Summary
    Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://www.securityfocus.com/bid/98006 vdb-entryx_refsource_BID
    https://www.kb.cert.org/vuls/id/219739 third-party-advisoryx_refsource_CERT-VN
    Impacted products
    Vendor Product Version
    Portrait Display SDK Affected: 2.30 , < 2.34* (custom)
    Create a notification for this product.
    Date Public
    2017-04-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:16:28.262Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "98006",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/bid/98006"
              },
              {
                "name": "VU#219739",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/219739"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SDK",
              "vendor": "Portrait Display",
              "versions": [
                {
                  "lessThan": "2.34*",
                  "status": "affected",
                  "version": "2.30",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-04-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-24T14:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "98006",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "https://www.securityfocus.com/bid/98006"
            },
            {
              "name": "VU#219739",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/219739"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Thanks to Werner Schober of SEC Consult for reporting this vulnerability."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2017-3210",
              "STATE": "PUBLIC",
              "TITLE": "Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SDK",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003e",
                                "version_affected": "\u003e",
                                "version_name": "2.34",
                                "version_value": "2.30"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Portrait Display"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-276"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "98006",
                  "refsource": "BID",
                  "url": "https://www.securityfocus.com/bid/98006"
                },
                {
                  "name": "VU#219739",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/219739"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Thanks to Werner Schober of SEC Consult for reporting this vulnerability."
              }
            ],
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2017-3210",
        "datePublished": "2018-07-24T15:00:00.000Z",
        "dateReserved": "2016-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:16:28.262Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-201807-0265

    Vulnerability from variot - Updated: 2023-12-18 12:28

    Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26. this SDK In multiple applications created using Authenticated Users It was reported that it can be changed with the authority of. Portrait Displays SDK is prone to a local privilege-escalation vulnerability. Portrait Display SDK 2.30 through 2.34 are vulnerable. Portrait Displays is a scalable platform supporting all display technologies and embedded control platforms for displays

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201807-0265",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "displayview click",
            "scope": "eq",
            "trust": 2.1,
            "vendor": "fujitsu",
            "version": "6.01"
          },
          {
            "model": "displayview click",
            "scope": "eq",
            "trust": 2.1,
            "vendor": "fujitsu",
            "version": "6.0"
          },
          {
            "model": "smart control premium",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "philips",
            "version": "2.25"
          },
          {
            "model": "smart control premium",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "philips",
            "version": "2.23"
          },
          {
            "model": "my display",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "hp",
            "version": "2.0"
          },
          {
            "model": "display assistant",
            "scope": "eq",
            "trust": 1.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "model": "display sdk",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "portrait",
            "version": "2.34"
          },
          {
            "model": "displayview click suite",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fujitsu",
            "version": "5.0"
          },
          {
            "model": "display sdk",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "portrait",
            "version": "2.30"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "portrait displays",
            "version": null
          },
          {
            "model": "smart control premium",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "koninklijke philips n v",
            "version": "2.23"
          },
          {
            "model": "smart control premium",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "koninklijke philips n v",
            "version": "2.25"
          },
          {
            "model": "sdk",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "portrait displays",
            "version": "2.30 to  2.34"
          },
          {
            "model": "hp display assistant",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "2.1"
          },
          {
            "model": "hp my display",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hewlett packard",
            "version": "2.0"
          },
          {
            "model": "displayview click",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "fujitsu",
            "version": "suite 5"
          },
          {
            "model": "displays sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "portrait",
            "version": "2.34"
          },
          {
            "model": "displays sdk",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "portrait",
            "version": "2.30"
          },
          {
            "model": "displayview click suite",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "5"
          },
          {
            "model": "smart control premium",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "philips",
            "version": "2.26"
          },
          {
            "model": "my display",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.1"
          },
          {
            "model": "display assistant",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "hp",
            "version": "2.11"
          },
          {
            "model": "displayview click suite",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "5.9"
          },
          {
            "model": "displayview click",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "fujitsu",
            "version": "6.3"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#219739"
          },
          {
            "db": "BID",
            "id": "98006"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002744"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-3210"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1417"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:portrait:portrait_display_sdk:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.34",
                    "versionStartIncluding": "2.30",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:fujitsu:displayview_click:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fujitsu:displayview_click_suite:5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:fujitsu:displayview_click:6.01:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:hp:display_assistant:2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:hp:my_display:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:philips:smart_control_premium:2.25:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:philips:smart_control_premium:2.23:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-3210"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Werner Schober of SEC Consult",
        "sources": [
          {
            "db": "BID",
            "id": "98006"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1417"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2017-3210",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "availabilityRequirement": "NOT DEFINED",
                "baseScore": 6.8,
                "collateralDamagePotential": "NOT DEFINED",
                "confidentialityImpact": "COMPLETE",
                "confidentialityRequirement": "NOT DEFINED",
                "enviromentalScore": 1.5,
                "exploitability": "NOT DEFINED",
                "exploitabilityScore": 3.1,
                "id": "CVE-2017-3210",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "integrityRequirement": "NOT DEFINED",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "remediationLevel": "OFFICIAL FIX",
                "reportConfidence": "CONFIRMED",
                "severity": "MEDIUM",
                "targetDistribution": "LOW",
                "trust": 0.8,
                "userInterationRequired": null,
                "vector_string": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "Complete",
                "baseScore": 6.8,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-002744",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "VHN-111413",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-002744",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-3210",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-3210",
                "trust": 0.8,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2017-002744",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-1417",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-111413",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#219739"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111413"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002744"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-3210"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1417"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26. this SDK In multiple applications created using Authenticated Users It was reported that it can be changed with the authority of. Portrait Displays SDK is prone to a local privilege-escalation vulnerability. \nPortrait Display SDK 2.30 through 2.34 are vulnerable. Portrait Displays is a scalable platform supporting all display technologies and embedded control platforms for displays",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-3210"
          },
          {
            "db": "CERT/CC",
            "id": "VU#219739"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002744"
          },
          {
            "db": "BID",
            "id": "98006"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111413"
          }
        ],
        "trust": 2.7
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-111413",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-111413"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-3210",
            "trust": 3.6
          },
          {
            "db": "CERT/CC",
            "id": "VU#219739",
            "trust": 3.6
          },
          {
            "db": "BID",
            "id": "98006",
            "trust": 2.0
          },
          {
            "db": "JVN",
            "id": "JVNVU96080594",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002744",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1417",
            "trust": 0.7
          },
          {
            "db": "TENABLE",
            "id": "TNS-2017-10",
            "trust": 0.3
          },
          {
            "db": "PACKETSTORM",
            "id": "142312",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-111413",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#219739"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111413"
          },
          {
            "db": "BID",
            "id": "98006"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002744"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-3210"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1417"
          }
        ]
      },
      "id": "VAR-201807-0265",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-111413"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T12:28:53.384000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "\u5bcc\u58eb\u901a\u682a\u5f0f\u4f1a\u793e \u306e\u544a\u77e5\u30da\u30fc\u30b8",
            "trust": 0.8,
            "url": "http://support.ts.fujitsu.com/content/quicksearchresult.asp?lng=com\u0026q=displayview+click"
          },
          {
            "title": "Security Update!",
            "trust": 0.8,
            "url": "http://www.portrait.com/securityupdate.html"
          },
          {
            "title": "Portrait Displays SDK Fixes for permission permissions and access control vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69668"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002744"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1417"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-16",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-276",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-111413"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002744"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-3210"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://www.kb.cert.org/vuls/id/219739"
          },
          {
            "trust": 1.7,
            "url": "https://www.securityfocus.com/bid/98006"
          },
          {
            "trust": 1.1,
            "url": "http://www.portrait.com/securityupdate.html"
          },
          {
            "trust": 1.1,
            "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170425-0_portrait_displays_sdk_privilege_escalation_v10.txt"
          },
          {
            "trust": 0.8,
            "url": "https://www.sec-consult.com/en/vulnerability-lab/advisories.htm"
          },
          {
            "trust": 0.8,
            "url": "http://blog.sec-consult.com/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3210"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu96080594/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://blog.sec-consult.com/2017/04/what-unites-hp-philips-and-fujitsu-one.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.tenable.com/products/nessus"
          },
          {
            "trust": 0.3,
            "url": "https://www.tenable.com/security/tns-2017-10"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#219739"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111413"
          },
          {
            "db": "BID",
            "id": "98006"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002744"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-3210"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1417"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#219739"
          },
          {
            "db": "VULHUB",
            "id": "VHN-111413"
          },
          {
            "db": "BID",
            "id": "98006"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002744"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-3210"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1417"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-25T00:00:00",
            "db": "CERT/CC",
            "id": "VU#219739"
          },
          {
            "date": "2018-07-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-111413"
          },
          {
            "date": "2017-04-25T00:00:00",
            "db": "BID",
            "id": "98006"
          },
          {
            "date": "2017-04-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-002744"
          },
          {
            "date": "2018-07-24T15:29:00.733000",
            "db": "NVD",
            "id": "CVE-2017-3210"
          },
          {
            "date": "2017-04-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-1417"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-25T00:00:00",
            "db": "CERT/CC",
            "id": "VU#219739"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-111413"
          },
          {
            "date": "2017-05-02T03:09:00",
            "db": "BID",
            "id": "98006"
          },
          {
            "date": "2017-05-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-002744"
          },
          {
            "date": "2019-10-09T23:27:23.587000",
            "db": "NVD",
            "id": "CVE-2017-3210"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-1417"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "98006"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1417"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Portrait Displays SDK applications are vulnerable to arbitrary code execution and privilege escalation",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#219739"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Configuration Error",
        "sources": [
          {
            "db": "BID",
            "id": "98006"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1417"
          }
        ],
        "trust": 0.9
      }
    }