CVE-2017-9625

EPSS 2.3%CWE-287

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 2.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

17 Oct 2017Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely.

Affected products

n/a · Envitech Ltd. EnviDAS Ultimate

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03 http://www.securityfocus.com/bid/101249