Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-9644 (GCVE-0-2017-9644)
Vulnerability from cvelistv5
Published
2017-08-25 19:00
Modified
2024-08-05 17:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/100454 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01 | Mitigation, Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.exploit-db.com/exploits/42542/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100454 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/42542/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Automated Logic Corporation WebCTRL, i-VU, SiteScan |
Version: Automated Logic Corporation WebCTRL, i-VU, SiteScan |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:02.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100454",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100454"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01"
},
{
"name": "42542",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42542/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Automated Logic Corporation WebCTRL, i-VU, SiteScan",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Automated Logic Corporation WebCTRL, i-VU, SiteScan"
}
]
}
],
"datePublic": "2017-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-26T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "100454",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100454"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01"
},
{
"name": "42542",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42542/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-9644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automated Logic Corporation WebCTRL, i-VU, SiteScan",
"version": {
"version_data": [
{
"version_value": "Automated Logic Corporation WebCTRL, i-VU, SiteScan"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100454",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100454"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01"
},
{
"name": "42542",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42542/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-9644",
"datePublished": "2017-08-25T19:00:00",
"dateReserved": "2017-06-14T00:00:00",
"dateUpdated": "2024-08-05T17:11:02.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2017-9644\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2017-08-25T19:29:00.457\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema de ruta de b\u00fasqueda o elemento sin comillas en Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 y anteriores; ALC WebCTRL, SiteScan Web 6.1 y anteriores; ALC WebCTRL, i-Vu 6.0 y anteriores; ALC WebCTRL, i-Vu, SiteScan Web 5.5 y anteriores; y ALC WebCTRL, i-Vu, SiteScan Web 5.2 y anteriores. Una vulnerabilidad de ruta de b\u00fasqueda sin comillas podr\u00eda permitir que un atacante local sin privilegios cambie archivos en el directorio de instalaci\u00f3n y ejecute c\u00f3digo arbitrario con privilegios elevados.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-428\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-428\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.2\",\"matchCriteriaId\":\"5948CDA4-5FE6-448B-9F64-D077F41DDF11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.5\",\"matchCriteriaId\":\"E829060A-3BA2-43ED-AAC9-E0E5008345DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.0\",\"matchCriteriaId\":\"F476895F-3AF0-4F96-8420-E57801B03F33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.5\",\"matchCriteriaId\":\"865ECF73-F257-4A48-831E-4A542ADA4BD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.2\",\"matchCriteriaId\":\"3F6C18E1-2165-49FE-B351-56BF2B3142A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.5\",\"matchCriteriaId\":\"701AF14C-15DE-496A-8077-53D6BF3C80DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.1\",\"matchCriteriaId\":\"5A35BFAD-0A53-438B-8A7A-78F92210DDE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.5\",\"matchCriteriaId\":\"D602FF0F-8AFE-4815-BFA0-623DE28D26FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.2\",\"matchCriteriaId\":\"A41C3278-DB17-488C-BFEF-AA51B8289DD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.5\",\"matchCriteriaId\":\"27E012C0-3E9B-484C-A697-B39DF43F0F69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.0\",\"matchCriteriaId\":\"D2A6E893-4D91-4D54-A831-B47F792FC6E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.1\",\"matchCriteriaId\":\"E912DDD9-081A-49A1-9CD5-9127B676A190\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.5\",\"matchCriteriaId\":\"292B6AC3-89A7-4E81-946A-7C0FED0DF79D\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/100454\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.exploit-db.com/exploits/42542/\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/100454\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.exploit-db.com/exploits/42542/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
}
}
var-201708-1399
Vulnerability from variot
An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges. ALC WebCTRL , i-Vu ,and SiteScan Web Contains vulnerabilities related to unquoted search paths or elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ALC WebCTRL is a building automation platform. Multiple Automated Logic Corporation (ALC) Products are prone to local privilege-escalation vulnerability. WebCTRL®, Automated Logic's web-based building automationsystem, is known for its intuitive user interface and powerful integrationcapabilities. It allows building operators to optimize and manageall of their building systems - including HVAC, lighting, fire, elevators,and security - all within a single HVAC controls platform. It's everythingthey need to keep occupants comfortable, manage energy conservation measures,identify key operational problems, and validate the results.WebCTRL suffers from an authenticated arbitrary code execution vulnerability. The issue is caused due to the improper verification when uploading Add-on (.addons or .war) files using the uploadwarfile servlet. This can be exploited to execute arbitrary code by uploading a malicious web archive file that will run automatically and can be accessed from within the webroot directory. Additionaly, an improper authorization access control occurs when using the 'anonymous' user. By specification, the anonymous user should not have permissions or authorization to upload or install add-ons. In this case, when using the anonymous user, an attacker is still able to upload a malicious file via insecure direct object reference and execute arbitrary code. The anonymous user was removed from version 6.5 of WebCTRL.Tested on: Microsoft Windows 7 Professional (6.1.7601 Service Pack 1 Build 7601)Apache-Coyote/1.1Apache Tomcat/7.0.42CJServer/1.1Java/1.7.0_25-b17Java HotSpot Server VM 23.25-b01Ant 1.7.0Axis 1.4Trove 2.0.2Xalan Java 2.4.1Xerces-J 2.6.1. The vulnerability exist due to the improper permissions,with the 'M' flag (Modify) or 'C' flag (Change) for 'Authenticated Users' group.The application suffers from an unquoted search path issue as well impacting the service'WebCTRL Service' for Windows deployed as part of WebCTRL server solution. A successful attempt would require thelocal user to be able to insert their code in the system root path undetected by theOS or other security applications where it could potentially be executed duringapplication startup or reboot
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1399",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 1.0,
"vendor": "webctrl",
"version": "*"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "5.5"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "6.1"
},
{
"model": "automatedlogic webctrl",
"scope": "lte",
"trust": 1.0,
"vendor": "carrier",
"version": "6.5"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "6.5"
},
{
"model": "automatedlogic webctrl",
"scope": "lte",
"trust": 1.0,
"vendor": "carrier",
"version": "5.2"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "6.5"
},
{
"model": "automatedlogic webctrl",
"scope": "lte",
"trust": 1.0,
"vendor": "carrier",
"version": "6.0"
},
{
"model": "automatedlogic webctrl",
"scope": "lte",
"trust": 1.0,
"vendor": "carrier",
"version": "5.5"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "5.2"
},
{
"model": "automatedlogic webctrl",
"scope": "lte",
"trust": 1.0,
"vendor": "carrier",
"version": "6.1"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "5.2"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "5.5"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 1.0,
"vendor": "automatedlogic",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "i vu",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "sitescan web",
"version": "*"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.0"
},
{
"model": "i-vu",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.1"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.0"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.1"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.8,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "sitescan web",
"scope": "lte",
"trust": 0.6,
"vendor": "ibm automated logic",
"version": "\u003c=6.5"
},
{
"model": "alc webctrl i-vu",
"scope": "lte",
"trust": 0.6,
"vendor": "automated logic",
"version": "\u003c=6.0"
},
{
"model": "alc webctrl sitescan web",
"scope": "lte",
"trust": 0.6,
"vendor": "automated logic",
"version": "\u003c=6.1"
},
{
"model": "sitescan web i-vu alc webctrl",
"scope": "lte",
"trust": 0.6,
"vendor": "automated logic",
"version": "\u003c=6.5"
},
{
"model": "sitescan web i-vu alc webctrl",
"scope": "lte",
"trust": 0.6,
"vendor": "automated logic",
"version": "\u003c=5.5"
},
{
"model": "sitescan web i-vu alc webctrl",
"scope": "lte",
"trust": 0.6,
"vendor": "automated logic",
"version": "\u003c=5.2"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "6.0"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "5.2"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "5.5"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "6.5"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "5.5"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "5.2"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "6.5"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "6.1"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "5.2"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.6,
"vendor": "automatedlogic",
"version": "5.5"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.3,
"vendor": "automated logic",
"version": " sitescan web 6.1 and prior"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.3,
"vendor": "automated logic",
"version": " i-vu 6.0 and prior"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.3,
"vendor": "automated logic",
"version": " sitescan web 5.5 and prior"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.3,
"vendor": "automated logic",
"version": " sitescan web 5.2 and prior"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.1 and 6.0"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.1"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.0"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "webctrl",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.1"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "sitescan web",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.5"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "6.0"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.5"
},
{
"model": "i-vu",
"scope": "eq",
"trust": 0.3,
"vendor": "automated logic",
"version": "5.2"
},
{
"model": "webctrl",
"scope": "lte",
"trust": 0.2,
"vendor": "automated logic",
"version": " sitescan web 6.5 and prior"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"db": "IVD",
"id": "963de9f9-6e8a-4c63-8060-67b7ca4de5ce"
},
{
"db": "CNVD",
"id": "CNVD-2017-22828"
},
{
"db": "BID",
"id": "100454"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007644"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-859"
},
{
"db": "NVD",
"id": "CVE-2017-9644"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:automatedlogic:i-vu",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:automatedlogic:sitescan_web",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:automatedlogic:webctrl",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007644"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Gjoko Krstic",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9644",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2017-9644",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "CNVD-2017-22828",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "963de9f9-6e8a-4c63-8060-67b7ca4de5ce",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"id": "CVE-2017-9644",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9644",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9644",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-22828",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-859",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "963de9f9-6e8a-4c63-8060-67b7ca4de5ce",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "ZSL",
"id": "ZSL-2017-5431",
"trust": 0.1,
"value": "(4/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5430",
"trust": 0.1,
"value": "(3/5)"
},
{
"author": "ZSL",
"id": "ZSL-2017-5429",
"trust": 0.1,
"value": "(3/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"db": "IVD",
"id": "963de9f9-6e8a-4c63-8060-67b7ca4de5ce"
},
{
"db": "CNVD",
"id": "CNVD-2017-22828"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007644"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-859"
},
{
"db": "NVD",
"id": "CVE-2017-9644"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges. ALC WebCTRL , i-Vu ,and SiteScan Web Contains vulnerabilities related to unquoted search paths or elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ALC WebCTRL is a building automation platform. Multiple Automated Logic Corporation (ALC) Products are prone to local privilege-escalation vulnerability. WebCTRL\u00ae, Automated Logic\u0027s web-based building automationsystem, is known for its intuitive user interface and powerful integrationcapabilities. It allows building operators to optimize and manageall of their building systems - including HVAC, lighting, fire, elevators,and security - all within a single HVAC controls platform. It\u0027s everythingthey need to keep occupants comfortable, manage energy conservation measures,identify key operational problems, and validate the results.WebCTRL suffers from an authenticated arbitrary code execution vulnerability. The issue is caused due to the improper verification when uploading Add-on (.addons or .war) files using the uploadwarfile servlet. This can be exploited to execute arbitrary code by uploading a malicious web archive file that will run automatically and can be accessed from within the webroot directory. Additionaly, an improper authorization access control occurs when using the \u0027anonymous\u0027 user. By specification, the anonymous user should not have permissions or authorization to upload or install add-ons. In this case, when using the anonymous user, an attacker is still able to upload a malicious file via insecure direct object reference and execute arbitrary code. The anonymous user was removed from version 6.5 of WebCTRL.Tested on: Microsoft Windows 7 Professional (6.1.7601 Service Pack 1 Build 7601)Apache-Coyote/1.1Apache Tomcat/7.0.42CJServer/1.1Java/1.7.0_25-b17Java HotSpot Server VM 23.25-b01Ant 1.7.0Axis 1.4Trove 2.0.2Xalan Java 2.4.1Xerces-J 2.6.1. The vulnerability exist due to the improper permissions,with the \u0027M\u0027 flag (Modify) or \u0027C\u0027 flag (Change) for \u0027Authenticated Users\u0027 group.The application suffers from an unquoted search path issue as well impacting the service\u0027WebCTRL Service\u0027 for Windows deployed as part of WebCTRL server solution. A successful attempt would require thelocal user to be able to insert their code in the system root path undetected by theOS or other security applications where it could potentially be executed duringapplication startup or reboot",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9644"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007644"
},
{
"db": "CNVD",
"id": "CNVD-2017-22828"
},
{
"db": "BID",
"id": "100454"
},
{
"db": "IVD",
"id": "963de9f9-6e8a-4c63-8060-67b7ca4de5ce"
},
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "http://www.automatedlogic.com/pages/security.aspx",
"trust": 0.3,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9644",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-234-01",
"trust": 3.0
},
{
"db": "BID",
"id": "100454",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "42542",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2017-22828",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-859",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007644",
"trust": 0.8
},
{
"db": "BID",
"id": "100452",
"trust": 0.2
},
{
"db": "IVD",
"id": "963DE9F9-6E8A-4C63-8060-67B7CA4DE5CE",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143897",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42544",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2017-9650",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017080166",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5431",
"trust": 0.1
},
{
"db": "AUSCERT",
"id": "ESB-2017.2113",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "42543",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143896",
"trust": 0.1
},
{
"db": "NVD",
"id": "CVE-2017-9640",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017080165",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5430",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017080167",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143895",
"trust": 0.1
},
{
"db": "ZSL",
"id": "ZSL-2017-5429",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"db": "IVD",
"id": "963de9f9-6e8a-4c63-8060-67b7ca4de5ce"
},
{
"db": "CNVD",
"id": "CNVD-2017-22828"
},
{
"db": "BID",
"id": "100454"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007644"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-859"
},
{
"db": "NVD",
"id": "CVE-2017-9644"
}
]
},
"id": "VAR-201708-1399",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "963de9f9-6e8a-4c63-8060-67b7ca4de5ce"
},
{
"db": "CNVD",
"id": "CNVD-2017-22828"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "963de9f9-6e8a-4c63-8060-67b7ca4de5ce"
},
{
"db": "CNVD",
"id": "CNVD-2017-22828"
}
]
},
"last_update_date": "2024-11-23T22:00:54.787000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Best Practices Checklists for Building Automation Systems (BAS)",
"trust": 0.8,
"url": "http://www.automatedlogic.com/Pages/Security.aspx"
},
{
"title": "ALC WebCTRL i-Vu/SiteScan Web does not reference patches for search path vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/100837"
},
{
"title": "ALC WebCTRL , i-Vu and SiteScan Web Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99869"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22828"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007644"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-859"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-428",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007644"
},
{
"db": "NVD",
"id": "CVE-2017-9644"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-234-01"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/42542/"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/100454"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9644"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9644"
},
{
"trust": 0.6,
"url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9644"
},
{
"trust": 0.3,
"url": "http://www.automatedlogic.com/pages/security_commitment.aspx"
},
{
"trust": 0.3,
"url": "http://www.automatedlogic.com/specsheets/security_best_practices_checklists_for_building_automation_systems_(bas)pdf.pdf"
},
{
"trust": 0.3,
"url": "http://www.securityweek.com/automated-logic-patches-flaws-building-automation-system"
},
{
"trust": 0.3,
"url": "http://www.automatedlogic.com"
},
{
"trust": 0.2,
"url": "http://www.securityfocus.com/bid/100452"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9650"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9650"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42544/"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143897"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017080166"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130767"
},
{
"trust": 0.1,
"url": "http://www.vfocus.net/art/20170824/13802.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9640"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9640"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/42543/"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017080165"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143896"
},
{
"trust": 0.1,
"url": "https://www.auscert.org.au/bulletins/51482"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130766"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/143895"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017080167"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130760"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"db": "CNVD",
"id": "CNVD-2017-22828"
},
{
"db": "BID",
"id": "100454"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007644"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-859"
},
{
"db": "NVD",
"id": "CVE-2017-9644"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"db": "IVD",
"id": "963de9f9-6e8a-4c63-8060-67b7ca4de5ce"
},
{
"db": "CNVD",
"id": "CNVD-2017-22828"
},
{
"db": "BID",
"id": "100454"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007644"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-859"
},
{
"db": "NVD",
"id": "CVE-2017-9644"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-22T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"date": "2017-08-22T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"date": "2017-08-22T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "963de9f9-6e8a-4c63-8060-67b7ca4de5ce"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22828"
},
{
"date": "2017-08-23T00:00:00",
"db": "BID",
"id": "100454"
},
{
"date": "2017-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007644"
},
{
"date": "2017-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-859"
},
{
"date": "2017-08-25T19:29:00.457000",
"db": "NVD",
"id": "CVE-2017-9644"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-28T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5431"
},
{
"date": "2017-08-25T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5430"
},
{
"date": "2017-08-25T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5429"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22828"
},
{
"date": "2017-08-23T00:00:00",
"db": "BID",
"id": "100454"
},
{
"date": "2017-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007644"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-859"
},
{
"date": "2024-11-21T03:36:34.513000",
"db": "NVD",
"id": "CVE-2017-9644"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "100454"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-859"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ALC WebCTRL i-Vu/SiteScan Web Unreferenced Search Path Vulnerability",
"sources": [
{
"db": "IVD",
"id": "963de9f9-6e8a-4c63-8060-67b7ca4de5ce"
},
{
"db": "CNVD",
"id": "CNVD-2017-22828"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "963de9f9-6e8a-4c63-8060-67b7ca4de5ce"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-859"
}
],
"trust": 0.8
}
}
ICSA-17-234-01
Vulnerability from csaf_cisa
Published
2017-08-22 00:00
Modified
2017-08-22 00:00
Summary
Automated Logic Corporation WebCTRL, i-VU, SiteScan
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
ATTENTION: Remotely exploitable/low skill level to exploit.
Countries/areas deployed
Worldwide
Company headquarters location
Kennesaw, Georgia
Recommended Practices
NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
Recommended Practices
ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.
Recommended Practices
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target these vulnerabilities.
{
"document": {
"acknowledgments": [
{
"names": [
"Gjoko Krstic"
],
"organization": "Zero Science Lab",
"summary": "identifying the vulnerabilities"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "ATTENTION: Remotely exploitable/low skill level to exploit.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Kennesaw, Georgia",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-17-234-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-234-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-17-234-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-234-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-234-01"
}
],
"title": "Automated Logic Corporation WebCTRL, i-VU, SiteScan",
"tracking": {
"current_release_date": "2017-08-22T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-17-234-01",
"initial_release_date": "2017-08-22T00:00:00.000000Z",
"revision_history": [
{
"date": "2017-08-22T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-17-234-01 Automated Logic Corporation WebCTRL, i-VU, SiteScan"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 6.5",
"product": {
"name": "ALC WebCTRL i-Vu SiteScan Web: 6.5 and prior",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "ALC WebCTRL i-Vu SiteScan Web"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 6.0",
"product": {
"name": "ALC WebCTRL i-Vu: 6.0 and prior",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "ALC WebCTRL i-Vu"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.5",
"product": {
"name": "ALC WebCTRL i-Vu SiteScan Web: 5.5 and prior",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "ALC WebCTRL i-Vu SiteScan Web"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.2",
"product": {
"name": "ALC WebCTRL i-Vu SiteScan Web: 5.2 and prior",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "ALC WebCTRL i-Vu SiteScan Web"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 6.1",
"product": {
"name": "ALC WebCTRL SiteScan Web: 6.1 and prior",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "ALC WebCTRL SiteScan Web"
}
],
"category": "vendor",
"name": "Automated Logic Corporation (ALC)"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-9644",
"cwe": {
"id": "CWE-428",
"name": "Unquoted Search Path or Element"
},
"notes": [
{
"category": "summary",
"text": "An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.CVE-2017-9644 has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been assigned; the CVSS vector string is (AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9644"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "ALC provides support for WebCTRL, i-Vu, SiteScan Web versions 6.0 and greater. Those users using prior versions, including 5.5 and 5.2, must upgrade to supported versions in order to install these mitigation patches.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "ALC applications should always be installed and maintained in accordance with the guidelines found here:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "http://www.automatedlogic.com/Pages/Security.aspx"
},
{
"category": "mitigation",
"details": "In addition ALC has released the following patches, which address these vulnerabilities:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "WebCTRL 6.0: Cumulative Patch #13",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "WebCTRL 6.1: Cumulative Patch #7",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "WebCTRL 6.5: Cumulative Patch #7 + WS65_Security_Update2.update",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "These patch releases may be obtained on the ALC accounts web site or calling Technical Support at 770-429-3002",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "i-Vu 6.0, Cumulative Patch #13",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "i-Vu 6.5, Cumulative Patch #7 + WS65_Security_Update2.update",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "The patch release may be obtained by calling Technical Support at 800-277-9852",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "SiteScan Web Version 6.1, Cumulative Patch #7, and",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "SiteScan Web Version 6.5, Cumulative Patch #7 + WS65_Security_Update2.update.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "These patches may be obtained by contacting Liebert Services at 1-800-543-2378.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2017-9640",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An authenticated attacker may be able to overwrite files that are used to execute code. This vulnerability does not affect version 6.5 of the software.CVE-2017-9640 has been assigned to this vulnerability. A CVSS v3 base score of 6.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9640"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "ALC provides support for WebCTRL, i-Vu, SiteScan Web versions 6.0 and greater. Those users using prior versions, including 5.5 and 5.2, must upgrade to supported versions in order to install these mitigation patches.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "ALC applications should always be installed and maintained in accordance with the guidelines found here:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "http://www.automatedlogic.com/Pages/Security.aspx"
},
{
"category": "mitigation",
"details": "In addition ALC has released the following patches, which address these vulnerabilities:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "WebCTRL 6.0: Cumulative Patch #13",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "WebCTRL 6.1: Cumulative Patch #7",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "WebCTRL 6.5: Cumulative Patch #7 + WS65_Security_Update2.update",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "These patch releases may be obtained on the ALC accounts web site or calling Technical Support at 770-429-3002",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "i-Vu 6.0, Cumulative Patch #13",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "i-Vu 6.5, Cumulative Patch #7 + WS65_Security_Update2.update",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "The patch release may be obtained by calling Technical Support at 800-277-9852",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "SiteScan Web Version 6.1, Cumulative Patch #7, and",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "SiteScan Web Version 6.5, Cumulative Patch #7 + WS65_Security_Update2.update.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "These patches may be obtained by contacting Liebert Services at 1-800-543-2378.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2017-9650",
"cwe": {
"id": "CWE-434",
"name": "Unrestricted Upload of File with Dangerous Type"
},
"notes": [
{
"category": "summary",
"text": "An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code.CVE-2017-9650 has been assigned to this vulnerability. A CVSS v3 base score of 8.3 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9650"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "ALC provides support for WebCTRL, i-Vu, SiteScan Web versions 6.0 and greater. Those users using prior versions, including 5.5 and 5.2, must upgrade to supported versions in order to install these mitigation patches.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "ALC applications should always be installed and maintained in accordance with the guidelines found here:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "http://www.automatedlogic.com/Pages/Security.aspx"
},
{
"category": "mitigation",
"details": "In addition ALC has released the following patches, which address these vulnerabilities:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "WebCTRL 6.0: Cumulative Patch #13",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "WebCTRL 6.1: Cumulative Patch #7",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "WebCTRL 6.5: Cumulative Patch #7 + WS65_Security_Update2.update",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "These patch releases may be obtained on the ALC accounts web site or calling Technical Support at 770-429-3002",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "i-Vu 6.0, Cumulative Patch #13",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "i-Vu 6.5, Cumulative Patch #7 + WS65_Security_Update2.update",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "The patch release may be obtained by calling Technical Support at 800-277-9852",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "SiteScan Web Version 6.1, Cumulative Patch #7, and",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "SiteScan Web Version 6.5, Cumulative Patch #7 + WS65_Security_Update2.update.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "These patches may be obtained by contacting Liebert Services at 1-800-543-2378.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
]
}
]
}
icsa-17-234-01
Vulnerability from csaf_cisa
Published
2017-08-22 00:00
Modified
2017-08-22 00:00
Summary
Automated Logic Corporation WebCTRL, i-VU, SiteScan
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
ATTENTION: Remotely exploitable/low skill level to exploit.
Countries/areas deployed
Worldwide
Company headquarters location
Kennesaw, Georgia
Recommended Practices
NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
Recommended Practices
ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.
Recommended Practices
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target these vulnerabilities.
{
"document": {
"acknowledgments": [
{
"names": [
"Gjoko Krstic"
],
"organization": "Zero Science Lab",
"summary": "identifying the vulnerabilities"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "ATTENTION: Remotely exploitable/low skill level to exploit.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Kennesaw, Georgia",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-17-234-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-234-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-17-234-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-234-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-234-01"
}
],
"title": "Automated Logic Corporation WebCTRL, i-VU, SiteScan",
"tracking": {
"current_release_date": "2017-08-22T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-17-234-01",
"initial_release_date": "2017-08-22T00:00:00.000000Z",
"revision_history": [
{
"date": "2017-08-22T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-17-234-01 Automated Logic Corporation WebCTRL, i-VU, SiteScan"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 6.5",
"product": {
"name": "ALC WebCTRL i-Vu SiteScan Web: 6.5 and prior",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "ALC WebCTRL i-Vu SiteScan Web"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 6.0",
"product": {
"name": "ALC WebCTRL i-Vu: 6.0 and prior",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "ALC WebCTRL i-Vu"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.5",
"product": {
"name": "ALC WebCTRL i-Vu SiteScan Web: 5.5 and prior",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "ALC WebCTRL i-Vu SiteScan Web"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.2",
"product": {
"name": "ALC WebCTRL i-Vu SiteScan Web: 5.2 and prior",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "ALC WebCTRL i-Vu SiteScan Web"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 6.1",
"product": {
"name": "ALC WebCTRL SiteScan Web: 6.1 and prior",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "ALC WebCTRL SiteScan Web"
}
],
"category": "vendor",
"name": "Automated Logic Corporation (ALC)"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-9644",
"cwe": {
"id": "CWE-428",
"name": "Unquoted Search Path or Element"
},
"notes": [
{
"category": "summary",
"text": "An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.CVE-2017-9644 has been assigned to this vulnerability. A CVSS v3 base score of 4.2 has been assigned; the CVSS vector string is (AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9644"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "ALC provides support for WebCTRL, i-Vu, SiteScan Web versions 6.0 and greater. Those users using prior versions, including 5.5 and 5.2, must upgrade to supported versions in order to install these mitigation patches.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "ALC applications should always be installed and maintained in accordance with the guidelines found here:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "http://www.automatedlogic.com/Pages/Security.aspx"
},
{
"category": "mitigation",
"details": "In addition ALC has released the following patches, which address these vulnerabilities:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "WebCTRL 6.0: Cumulative Patch #13",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "WebCTRL 6.1: Cumulative Patch #7",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "WebCTRL 6.5: Cumulative Patch #7 + WS65_Security_Update2.update",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "These patch releases may be obtained on the ALC accounts web site or calling Technical Support at 770-429-3002",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "i-Vu 6.0, Cumulative Patch #13",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "i-Vu 6.5, Cumulative Patch #7 + WS65_Security_Update2.update",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "The patch release may be obtained by calling Technical Support at 800-277-9852",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "SiteScan Web Version 6.1, Cumulative Patch #7, and",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "SiteScan Web Version 6.5, Cumulative Patch #7 + WS65_Security_Update2.update.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "These patches may be obtained by contacting Liebert Services at 1-800-543-2378.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2017-9640",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "An authenticated attacker may be able to overwrite files that are used to execute code. This vulnerability does not affect version 6.5 of the software.CVE-2017-9640 has been assigned to this vulnerability. A CVSS v3 base score of 6.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9640"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "ALC provides support for WebCTRL, i-Vu, SiteScan Web versions 6.0 and greater. Those users using prior versions, including 5.5 and 5.2, must upgrade to supported versions in order to install these mitigation patches.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "ALC applications should always be installed and maintained in accordance with the guidelines found here:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "http://www.automatedlogic.com/Pages/Security.aspx"
},
{
"category": "mitigation",
"details": "In addition ALC has released the following patches, which address these vulnerabilities:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "WebCTRL 6.0: Cumulative Patch #13",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "WebCTRL 6.1: Cumulative Patch #7",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "WebCTRL 6.5: Cumulative Patch #7 + WS65_Security_Update2.update",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "These patch releases may be obtained on the ALC accounts web site or calling Technical Support at 770-429-3002",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "i-Vu 6.0, Cumulative Patch #13",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "i-Vu 6.5, Cumulative Patch #7 + WS65_Security_Update2.update",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "The patch release may be obtained by calling Technical Support at 800-277-9852",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "SiteScan Web Version 6.1, Cumulative Patch #7, and",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "SiteScan Web Version 6.5, Cumulative Patch #7 + WS65_Security_Update2.update.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "These patches may be obtained by contacting Liebert Services at 1-800-543-2378.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2017-9650",
"cwe": {
"id": "CWE-434",
"name": "Unrestricted Upload of File with Dangerous Type"
},
"notes": [
{
"category": "summary",
"text": "An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code.CVE-2017-9650 has been assigned to this vulnerability. A CVSS v3 base score of 8.3 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9650"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "ALC provides support for WebCTRL, i-Vu, SiteScan Web versions 6.0 and greater. Those users using prior versions, including 5.5 and 5.2, must upgrade to supported versions in order to install these mitigation patches.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "ALC applications should always be installed and maintained in accordance with the guidelines found here:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "http://www.automatedlogic.com/Pages/Security.aspx"
},
{
"category": "mitigation",
"details": "In addition ALC has released the following patches, which address these vulnerabilities:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "WebCTRL 6.0: Cumulative Patch #13",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "WebCTRL 6.1: Cumulative Patch #7",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "WebCTRL 6.5: Cumulative Patch #7 + WS65_Security_Update2.update",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "These patch releases may be obtained on the ALC accounts web site or calling Technical Support at 770-429-3002",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "i-Vu 6.0, Cumulative Patch #13",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "i-Vu 6.5, Cumulative Patch #7 + WS65_Security_Update2.update",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "The patch release may be obtained by calling Technical Support at 800-277-9852",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "SiteScan Web Version 6.1, Cumulative Patch #7, and",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "SiteScan Web Version 6.5, Cumulative Patch #7 + WS65_Security_Update2.update.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "These patches may be obtained by contacting Liebert Services at 1-800-543-2378.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
]
}
]
}
fkie_cve-2017-9644
Vulnerability from fkie_nvd
Published
2017-08-25 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/100454 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01 | Mitigation, Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.exploit-db.com/exploits/42542/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100454 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/42542/ | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5948CDA4-5FE6-448B-9F64-D077F41DDF11",
"versionEndIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E829060A-3BA2-43ED-AAC9-E0E5008345DE",
"versionEndIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F476895F-3AF0-4F96-8420-E57801B03F33",
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*",
"matchCriteriaId": "865ECF73-F257-4A48-831E-4A542ADA4BD4",
"versionEndIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6C18E1-2165-49FE-B351-56BF2B3142A1",
"versionEndIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "701AF14C-15DE-496A-8077-53D6BF3C80DC",
"versionEndIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A35BFAD-0A53-438B-8A7A-78F92210DDE4",
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D602FF0F-8AFE-4815-BFA0-623DE28D26FC",
"versionEndIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A41C3278-DB17-488C-BFEF-AA51B8289DD0",
"versionEndIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27E012C0-3E9B-484C-A697-B39DF43F0F69",
"versionEndIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A6E893-4D91-4D54-A831-B47F792FC6E6",
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E912DDD9-081A-49A1-9CD5-9127B676A190",
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "292B6AC3-89A7-4E81-946A-7C0FED0DF79D",
"versionEndIncluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges."
},
{
"lang": "es",
"value": "Se ha descubierto un problema de ruta de b\u00fasqueda o elemento sin comillas en Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 y anteriores; ALC WebCTRL, SiteScan Web 6.1 y anteriores; ALC WebCTRL, i-Vu 6.0 y anteriores; ALC WebCTRL, i-Vu, SiteScan Web 5.5 y anteriores; y ALC WebCTRL, i-Vu, SiteScan Web 5.2 y anteriores. Una vulnerabilidad de ruta de b\u00fasqueda sin comillas podr\u00eda permitir que un atacante local sin privilegios cambie archivos en el directorio de instalaci\u00f3n y ejecute c\u00f3digo arbitrario con privilegios elevados."
}
],
"id": "CVE-2017-9644",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-25T19:29:00.457",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100454"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42542/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42542/"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-428"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-428"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-c6hg-x56f-2f88
Vulnerability from github
Published
2022-05-13 01:07
Modified
2025-04-20 03:43
Severity ?
VLAI Severity ?
Details
An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.
{
"affected": [],
"aliases": [
"CVE-2017-9644"
],
"database_specific": {
"cwe_ids": [
"CWE-428"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-25T19:29:00Z",
"severity": "HIGH"
},
"details": "An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.",
"id": "GHSA-c6hg-x56f-2f88",
"modified": "2025-04-20T03:43:51Z",
"published": "2022-05-13T01:07:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9644"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/42542"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100454"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
gsd-2017-9644
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-9644",
"description": "An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.",
"id": "GSD-2017-9644",
"references": [
"https://packetstormsecurity.com/files/cve/CVE-2017-9644"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-9644"
],
"details": "An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.",
"id": "GSD-2017-9644",
"modified": "2023-12-13T01:21:08.124688Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-9644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automated Logic Corporation WebCTRL, i-VU, SiteScan",
"version": {
"version_data": [
{
"version_value": "Automated Logic Corporation WebCTRL, i-VU, SiteScan"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100454",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100454"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01"
},
{
"name": "42542",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42542/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:i-vu:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:automatedlogic:sitescan_web:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-9644"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-428"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01",
"refsource": "MISC",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01"
},
{
"name": "42542",
"refsource": "EXPLOIT-DB",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/42542/"
},
{
"name": "100454",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100454"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
},
"lastModifiedDate": "2021-07-27T19:25Z",
"publishedDate": "2017-08-25T19:29Z"
}
}
}
cnvd-2017-22828
Vulnerability from cnvd
Title: ALC WebCTRL i-Vu/SiteScan Web未引用搜索路径漏洞
Description:
ALC WebCTRL是建筑自动化平台。
ALC WebCTRL, i-Vu, SiteScan Web 6.5及之前版本在实现上存在未引用搜索路径漏洞,允许经身份验证的用户提升权限,在系统上执行任意代码。
Severity: 中
Patch Name: ALC WebCTRL i-Vu/SiteScan Web未引用搜索路径漏洞的补丁
Patch Description:
ALC WebCTRL是建筑自动化平台。
ALC WebCTRL, i-Vu, SiteScan Web 6.5及之前版本在实现上存在未引用搜索路径漏洞,允许经身份验证的用户提升权限,在系统上执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.automatedlogic.com/Pages/Security.aspx
Reference: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9644
Impacted products
| Name | ['IBM Automated Logic Corporation SiteScan Web <= 6.5', 'Automated Logic Corporation ALC WebCTRL,i-Vu <=6.0', 'Automated Logic Corporation ALC WebCTRL,SiteScan Web <=6.1', 'Automated Logic Corporation SiteScan Web,i-Vu,ALC WebCTRL <=6.5', 'Automated Logic Corporation SiteScan Web,i-Vu,ALC WebCTRL <=5.5', 'Automated Logic Corporation SiteScan Web,i-Vu,ALC WebCTRL <=5.2'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-9644"
}
},
"description": "ALC WebCTRL\u662f\u5efa\u7b51\u81ea\u52a8\u5316\u5e73\u53f0\u3002\r\n\r\nALC WebCTRL, i-Vu, SiteScan Web 6.5\u53ca\u4e4b\u524d\u7248\u672c\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u672a\u5f15\u7528\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\uff0c\u5141\u8bb8\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u7528\u6237\u63d0\u5347\u6743\u9650\uff0c\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"discovererName": "Gjoko Krstic \uff08liquidworm@gmail.com\uff09",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://www.automatedlogic.com/Pages/Security.aspx",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-22828",
"openTime": "2017-08-25",
"patchDescription": "ALC WebCTRL\u662f\u5efa\u7b51\u81ea\u52a8\u5316\u5e73\u53f0\u3002\r\n\r\nALC WebCTRL, i-Vu, SiteScan Web 6.5\u53ca\u4e4b\u524d\u7248\u672c\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u672a\u5f15\u7528\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\uff0c\u5141\u8bb8\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u7528\u6237\u63d0\u5347\u6743\u9650\uff0c\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "ALC WebCTRL i-Vu/SiteScan Web\u672a\u5f15\u7528\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"IBM Automated Logic Corporation SiteScan Web \u003c= 6.5",
"Automated Logic Corporation ALC WebCTRL\uff0ci-Vu \u003c=6.0",
"Automated Logic Corporation ALC WebCTRL\uff0cSiteScan Web \u003c=6.1",
"Automated Logic Corporation SiteScan Web\uff0ci-Vu\uff0cALC WebCTRL \u003c=6.5",
"Automated Logic Corporation SiteScan Web\uff0ci-Vu\uff0cALC WebCTRL \u003c=5.5",
"Automated Logic Corporation SiteScan Web\uff0ci-Vu\uff0cALC WebCTRL \u003c=5.2"
]
},
"referenceLink": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9644",
"serverity": "\u4e2d",
"submitTime": "2017-08-24",
"title": "ALC WebCTRL i-Vu/SiteScan Web\u672a\u5f15\u7528\u641c\u7d22\u8def\u5f84\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…