CVE-2017-9632 - OpenCVE

A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, LaserJet, all versions, ProTouch Tandem, all versions, ProTouch ICON, all versions, and ProTouch AutoGloss, all versions. The username and password are transmitted insecurely.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Pdqinc	Laserwash 360 Firmware Laserwash G5 S Firmware Laserwash Autoxpress Plus Laserwash G5 S Protouch Autogloss Firmware Laserwash 360 Plus Firmware Laserwash Autoxpress Laserwash 360 Plus Laserwash Autoxpress Firmware Protouch Icon Protouch Autogloss Laserjet Protouch Tandem Firmware Laserjet Firmware Laserwash M5 Firmware Laserwash Autoxpress Plus Firmware Protouch Tandem Laserwash G5 Firmware Laserwash G5 Laserwash 360 Laserwash M5 Protouch Icon Firmware

Configuration 1 [-]

AND

cpe:2.3:o:pdqinc:laserwash_g5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:pdqinc:laserwash_g5:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:pdqinc:laserwash_g5_s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:pdqinc:laserwash_g5_s:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:pdqinc:laserwash_m5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:pdqinc:laserwash_m5:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:pdqinc:laserwash_360_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:pdqinc:laserwash_360:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:pdqinc:laserwash_360_plus_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:pdqinc:laserwash_360_plus:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:pdqinc:laserwash_autoxpress_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:pdqinc:laserwash_autoxpress:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:pdqinc:laserwash_autoxpress_plus_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:pdqinc:laserwash_autoxpress_plus:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:pdqinc:laserjet_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:pdqinc:laserjet:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:pdqinc:protouch_tandem_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:pdqinc:protouch_tandem:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:pdqinc:protouch_icon_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:pdqinc:protouch_icon:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:pdqinc:protouch_autogloss_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:pdqinc:protouch_autogloss:-:*:*:*:*:*:*:*

References

Link	Resource
https://ics-cert.us-cert.gov/advisories/ICSA-17-208-03	Mitigation Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2017-08-07T08:00:00

Updated: 2017-08-07T07:57:01

Reserved: 2017-06-14T00:00:00

Link: CVE-2017-9632

JSON object: View

NVD Information

Status : Modified

Published: 2017-08-07T08:29:00.400

Modified: 2019-10-09T23:30:44.097

Link: CVE-2017-9632

JSON object: View

Redhat Information

No data.

CWE

CWE-311