CVE-2017-12733

A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An attacker may create an application user account to gain administrative privileges.
References
Link Resource
https://ics-cert.us-cert.gov/advisories/ICSA-17-243-04 Mitigation Third Party Advisory US Government Resource VDB Entry
http://www.securityfocus.com/bid/100563 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:191:*:*:*:*:*:*:*
cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:16q3.1:*:*:*:*:*:*:*
cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:189:*:*:*:*:*:*:*
cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:195:*:*:*:*:*:*:*
cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:opwglobal:sitesentinel_isite_atg:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:16q3.1:*:*:*:*:*:*:*
cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:189:*:*:*:*:*:*:*
cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:191:*:*:*:*:*:*:*
cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:195:*:*:*:*:*:*:*
cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:opwglobal:sitesentinel_integra_500:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:opwglobal:sitesentinel_integra_100_firmware:189:*:*:*:*:*:*:*
cpe:2.3:o:opwglobal:sitesentinel_integra_100_firmware:191:*:*:*:*:*:*:*
cpe:2.3:o:opwglobal:sitesentinel_integra_100_firmware:16q3.1:*:*:*:*:*:*:*
cpe:2.3:o:opwglobal:sitesentinel_integra_100_firmware:195:*:*:*:*:*:*:*
cpe:2.3:o:opwglobal:sitesentinel_integra_100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:opwglobal:sitesentinel_integra_100:-:*:*:*:*:*:*:*

Information

Published : 2017-09-08 18:29

Updated : 2019-10-09 16:23


NVD link : CVE-2017-12733

Mitre link : CVE-2017-12733


JSON object : View

CWE
CWE-306

Missing Authentication for Critical Function

Advertisement

dedicated server usa

Products Affected

opwglobal

  • sitesentinel_integra_500
  • sitesentinel_isite_atg
  • sitesentinel_integra_500_firmware
  • sitesentinel_integra_100
  • sitesentinel_integra_100_firmware
  • sitesentinel_isite_atg_firmware