cnvd - cnvd-2017-05694

cnvd-2017-05694

Vulnerability from cnvd

Title: GE Multilin SR继电保护器未授权访问漏洞

Description:

750 Feeder/760 Feeder/469 Motor/489 Generator/745 Transformer/369 Motor都是GE公司的一款继电保护器。

GE Multilin SR继电保护器存在未授权访问漏洞，攻击者可通过暴力破解从前面板或Modbus命令获取用户密码，未经授权即可访问GE MultilinSR系列继电保护器产品。

Severity: 高

Patch Name: GE Multilin SR继电保护器未授权访问漏洞的补丁

Patch Description:

750 Feeder/760 Feeder/469 Motor/489 Generator/745 Transformer/369 Motor都是GE公司的一款继电保护器。

GE Multilin SR继电保护器存在未授权访问漏洞，攻击者可通过暴力破解从前面板或Modbus命令获取用户密码，未经授权即可访问GE MultilinSR系列继电保护器产品。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可联系供应商获得补丁信息： https://ics-cert.us-cert.gov/advisories/ICSA-17-117-01

Reference: https://ics-cert.us-cert.gov/advisories/ICSA-17-117-01

Impacted products

Name
['GE 750 Feeder Protection Relay <7.47', 'GE 760 Feeder Protection Relay <7.47', 'GE 469 Motor Protection Relay <5.23', 'GE 489 Generator Protection Relay <4.06', 'GE 745 Transformer Protection Relay <5.23']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-7095"
    }
  },
  "description": "750 Feeder/760 Feeder/469 Motor/489 Generator/745 Transformer/369 Motor\u90fd\u662fGE\u516c\u53f8\u7684\u4e00\u6b3e\u7ee7\u7535\u4fdd\u62a4\u5668\u3002\r\n\r\nGE Multilin SR\u7ee7\u7535\u4fdd\u62a4\u5668\u5b58\u5728\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u66b4\u529b\u7834\u89e3\u4ece\u524d\u9762\u677f\u6216Modbus\u547d\u4ee4\u83b7\u53d6\u7528\u6237\u5bc6\u7801\uff0c\u672a\u7ecf\u6388\u6743\u5373\u53ef\u8bbf\u95eeGE MultilinSR\u7cfb\u5217\u7ee7\u7535\u4fdd\u62a4\u5668\u4ea7\u54c1\u3002",
  "discovererName": "New York University security researchers Anastasis Keliris, Charalambos Konstantinou, Marios Sazos, and Dr. Michail (Mihalis) Maniatakos.",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://ics-cert.us-cert.gov/advisories/ICSA-17-117-01",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-05694",
  "openTime": "2017-05-01",
  "patchDescription": "750 Feeder/760 Feeder/469 Motor/489 Generator/745 Transformer/369 Motor\u90fd\u662fGE\u516c\u53f8\u7684\u4e00\u6b3e\u7ee7\u7535\u4fdd\u62a4\u5668\u3002\r\n\r\nGE Multilin SR\u7ee7\u7535\u4fdd\u62a4\u5668\u5b58\u5728\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u66b4\u529b\u7834\u89e3\u4ece\u524d\u9762\u677f\u6216Modbus\u547d\u4ee4\u83b7\u53d6\u7528\u6237\u5bc6\u7801\uff0c\u672a\u7ecf\u6388\u6743\u5373\u53ef\u8bbf\u95eeGE MultilinSR\u7cfb\u5217\u7ee7\u7535\u4fdd\u62a4\u5668\u4ea7\u54c1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "GE Multilin SR\u7ee7\u7535\u4fdd\u62a4\u5668\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "GE 750 Feeder Protection Relay \u003c7.47",
      "GE 760 Feeder Protection Relay \u003c7.47",
      "GE 469 Motor Protection Relay \u003c5.23",
      "GE 489 Generator Protection Relay \u003c4.06",
      "GE 745 Transformer Protection Relay \u003c5.23"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-17-117-01",
  "serverity": "\u9ad8",
  "submitTime": "2017-05-01",
  "title": "GE Multilin SR\u7ee7\u7535\u4fdd\u62a4\u5668\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e"
}

CVE-2017-7095 (GCVE-0-2017-7095)

Vulnerability from cvelistv5

Published

2017-10-23 01:00

Modified

2024-08-05 15:49

Severity ?

CWE

Summary

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

References

▼	URL	Tags
	https://support.apple.com/HT208141	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1039384	vdb-entry, x_refsource_SECTRACK
	https://support.apple.com/HT208142	x_refsource_CONFIRM
	https://support.apple.com/HT208113	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/101006	vdb-entry, x_refsource_BID
	https://support.apple.com/HT208112	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1039428	vdb-entry, x_refsource_SECTRACK
	https://support.apple.com/HT208116	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:49:03.153Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208141"
          },
          {
            "name": "1039384",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039384"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208142"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208113"
          },
          {
            "name": "101006",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101006"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208112"
          },
          {
            "name": "1039428",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039428"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208116"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-09-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-23T09:57:01",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208141"
        },
        {
          "name": "1039384",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039384"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208142"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208113"
        },
        {
          "name": "101006",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101006"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208112"
        },
        {
          "name": "1039428",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039428"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208116"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2017-7095",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT208141",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208141"
            },
            {
              "name": "1039384",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039384"
            },
            {
              "name": "https://support.apple.com/HT208142",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208142"
            },
            {
              "name": "https://support.apple.com/HT208113",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208113"
            },
            {
              "name": "101006",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101006"
            },
            {
              "name": "https://support.apple.com/HT208112",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208112"
            },
            {
              "name": "1039428",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039428"
            },
            {
              "name": "https://support.apple.com/HT208116",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208116"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2017-7095",
    "datePublished": "2017-10-23T01:00:00",
    "dateReserved": "2017-03-17T00:00:00",
    "dateUpdated": "2024-08-05T15:49:03.153Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted