CVE-2017-14026 - OpenCVE

In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Iceqube	Thermal Management Center Thermal Management Center Firmware

Configuration 1 [-]

AND

cpe:2.3:o:iceqube:thermal_management_center_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:iceqube:thermal_management_center:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/105303	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2018-09-06T00:00:00

Updated: 2018-09-11T09:57:01

Reserved: 2017-08-30T00:00:00

Link: CVE-2017-14026

JSON object: View

NVD Information

Status : Modified

Published: 2018-09-06T19:29:00.253

Modified: 2019-10-09T23:23:45.483

Link: CVE-2017-14026

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "Thermal Management Center", "vendor": "Ice Qube", "versions": [{"status": "affected", "version": "All versions prior to version 4.13"}]}], "datePublic": "2018-09-06T00:00:00", "descriptions": [{"lang": "en", "value": "In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "IMPROPER AUTHENTICATION CWE-287", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-09-11T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01"}, {"name": "105303", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105303"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-09-06T00:00:00", "ID": "CVE-2017-14026", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Thermal Management Center", "version": {"version_data": [{"version_value": "All versions prior to version 4.13"}]}}]}, "vendor_name": "Ice Qube"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "IMPROPER AUTHENTICATION CWE-287"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01"}, {"name": "105303", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105303"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-14026", "datePublished": "2018-09-06T00:00:00", "dateReserved": "2017-08-30T00:00:00", "dateUpdated": "2018-09-11T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:iceqube:thermal_management_center_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2C1BBB5-8DE9-4092-A744-1DFD8F2FB1DA", "versionEndExcluding": "4.13", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:iceqube:thermal_management_center:-:*:*:*:*:*:*:*", "matchCriteriaId": "24A23450-45E8-4184-B7C0-8E39924E1B38", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information."}, {"lang": "es", "value": "En versiones anteriores a la 4.13 de Ice Qube Thermal Management Center, la aplicaci\u00f3n web no autentica correctamente a los usuarios, lo que podr\u00eda permitir que un atacante obtenga acceso a informaci\u00f3n sensible."}], "id": "CVE-2017-14026", "lastModified": "2019-10-09T23:23:45.483", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-06T19:29:00.253", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105303"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}