Details of VAR-201709-1106

ID

VAR-201709-1106

CVE

CVE-2017-9645

TITLE

plural Mirion Technologies Vulnerability related to cryptographic strength in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-008473

DESCRIPTION

An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). Decryption of data is possible at the hardware level. plural Mirion Technologies The product contains a vulnerability related to cryptographic strength.Information may be obtained. Mirion Technologies provides a source of solutions for nuclear, military, radiation detection and monitoring. Mirion Technologies Telemetry Enabled Devices is a denial of service vulnerability that could be exploited by an attacker to transmit fraudulent data or perform denial of service. Successfully exploiting these issues may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. RSD31-AM Package), DRM-1/2 and variants (incl. Security vulnerabilities exist in several Mirion Technologies products

Trust: 2.7

sources: NVD: CVE-2017-9645 // JVNDB: JVNDB-2017-008473 // CNVD: CNVD-2017-22839 // BID: 100001 // IVD: d3a1f9ff-b730-4b2e-ac28-ccbfc599ff91 // VULHUB: VHN-117848

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: d3a1f9ff-b730-4b2e-ac28-ccbfc599ff91 // CNVD: CNVD-2017-22839

AFFECTED PRODUCTS

vendor:	mirion	model:	rds-31	scope:	eq	version:	-	Trust: 1.6
vendor:	mirion	model:	wrm2	scope:	eq	version:	-	Trust: 1.6
vendor:	mirion	model:	drm-2	scope:	eq	version:	-	Trust: 1.6
vendor:	mirion	model:	drm-1\/2	scope:	eq	version:	-	Trust: 1.6
vendor:	mirion	model:	rds-31 itx	scope:	eq	version:	-	Trust: 1.6
vendor:	mirion	model:	dmc 3000 transmitter	scope:	eq	version:	-	Trust: 1.6
vendor:	mirion	model:	ipam transmitter f\/dmc 2000	scope:	eq	version:	-	Trust: 1.6
vendor:	mirion	model:	telepole 2	scope:	eq	version:	-	Trust: 1.6
vendor:	mirion	model:	dmc 3000 transmitter module	scope:	-	version:	-	Trust: 0.8
vendor:	mirion	model:	drm-1/2	scope:	-	version:	-	Trust: 0.8
vendor:	mirion	model:	ipam transmitter f/dmc 2000	scope:	-	version:	-	Trust: 0.8
vendor:	mirion	model:	mesh repeater	scope:	-	version:	-	Trust: 0.8
vendor:	mirion	model:	rds-31 itx	scope:	-	version:	-	Trust: 0.8
vendor:	mirion	model:	rsd31-am	scope:	-	version:	-	Trust: 0.8
vendor:	mirion	model:	telepole ii	scope:	-	version:	-	Trust: 0.8
vendor:	mirion	model:	telemetry enabled devices dmc transmitter module	scope:	eq	version:	3000	Trust: 0.6
vendor:	mirion	model:	telemetry enabled devices ipam transmitter f/dmc	scope:	eq	version:	2000	Trust: 0.6
vendor:	mirion	model:	telemetry enabled devices rds-31 itx and variants	scope:	-	version:	-	Trust: 0.6
vendor:	mirion	model:	telemetry enabled devices drm-1/2 and variants	scope:	-	version:	-	Trust: 0.6
vendor:	mirion	model:	telemetry enabled devices drm and rds based boundary monitors	scope:	-	version:	-	Trust: 0.6
vendor:	mirion	model:	telemetry enabled devices telepole ii	scope:	-	version:	-	Trust: 0.6
vendor:	mirion	model:	telemetry enabled devices external transmitters	scope:	-	version:	-	Trust: 0.6
vendor:	mirion	model:	telemetry enabled devices mesh repeater	scope:	-	version:	-	Trust: 0.6
vendor:	mirion	model:	telepole ii	scope:	eq	version:	0	Trust: 0.3
vendor:	mirion	model:	rds-31 itx	scope:	eq	version:	0	Trust: 0.3
vendor:	mirion	model:	mesh repeater	scope:	eq	version:	0	Trust: 0.3
vendor:	mirion	model:	ipam transmitter f/dmc	scope:	eq	version:	20000	Trust: 0.3
vendor:	mirion	model:	external transmitters	scope:	eq	version:	0	Trust: 0.3
vendor:	mirion	model:	drm-1/2	scope:	eq	version:	0	Trust: 0.3
vendor:	mirion	model:	drm and rds based boundary monitors	scope:	eq	version:	0	Trust: 0.3
vendor:	mirion	model:	dmc transmitter module	scope:	eq	version:	30000	Trust: 0.3
vendor:	dmc 3000 transmitter	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ipam transmitter f dmc 2000	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	rds 31 itx	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	drm 1 2	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	drm 2	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	rds 31	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	telepole 2	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	wrm2	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: d3a1f9ff-b730-4b2e-ac28-ccbfc599ff91 // CNVD: CNVD-2017-22839 // BID: 100001 // JVNDB: JVNDB-2017-008473 // CNNVD: CNNVD-201706-592 // NVD: CVE-2017-9645

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-9645
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-9645
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-22839
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201706-592
value:	MEDIUM
Trust: 0.6
IVD:	d3a1f9ff-b730-4b2e-ac28-ccbfc599ff91
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-117848
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-9645
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-22839
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:A/AC:H/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.2
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	d3a1f9ff-b730-4b2e-ac28-ccbfc599ff91
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:A/AC:H/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.2
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-117848
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-9645
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: IVD: d3a1f9ff-b730-4b2e-ac28-ccbfc599ff91 // CNVD: CNVD-2017-22839 // VULHUB: VHN-117848 // JVNDB: JVNDB-2017-008473 // CNNVD: CNNVD-201706-592 // NVD: CVE-2017-9645

PROBLEMTYPE DATA

problemtype:

CWE-326

Trust: 1.9

sources: VULHUB: VHN-117848 // JVNDB: JVNDB-2017-008473 // NVD: CVE-2017-9645

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201706-592

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201706-592

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-008473

PATCH

title:	Top Page	url:	https://www.mirion.com/	Trust: 0.8
title:	Patch for Mirion Technologies Telemetry Enabled Devices Denial of Service Vulnerability (CNVD-2017-22839)	url:	https://www.cnvd.org.cn/patchInfo/show/100842	Trust: 0.6

sources: CNVD: CNVD-2017-22839 // JVNDB: JVNDB-2017-008473

EXTERNAL IDS

db:	NVD	id:	CVE-2017-9645	Trust: 3.6
db:	ICS CERT	id:	ICSA-17-208-02	Trust: 3.4
db:	BID	id:	100001	Trust: 2.0
db:	CNNVD	id:	CNNVD-201706-592	Trust: 0.9
db:	CNVD	id:	CNVD-2017-22839	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-008473	Trust: 0.8
db:	IVD	id:	D3A1F9FF-B730-4B2E-AC28-CCBFC599FF91	Trust: 0.2
db:	VULHUB	id:	VHN-117848	Trust: 0.1

sources: IVD: d3a1f9ff-b730-4b2e-ac28-ccbfc599ff91 // CNVD: CNVD-2017-22839 // VULHUB: VHN-117848 // BID: 100001 // JVNDB: JVNDB-2017-008473 // CNNVD: CNNVD-201706-592 // NVD: CVE-2017-9645

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-208-02	Trust: 3.4
url:	http://www.securityfocus.com/bid/100001	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9645	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9645	Trust: 0.8
url:	https://www.mirion.com/	Trust: 0.3

sources: CNVD: CNVD-2017-22839 // VULHUB: VHN-117848 // BID: 100001 // JVNDB: JVNDB-2017-008473 // CNNVD: CNNVD-201706-592 // NVD: CVE-2017-9645

CREDITS

Ruben Santamarta of IOActive

Trust: 0.3

sources: BID: 100001

SOURCES

db:	IVD	id:	d3a1f9ff-b730-4b2e-ac28-ccbfc599ff91
db:	CNVD	id:	CNVD-2017-22839
db:	VULHUB	id:	VHN-117848
db:	BID	id:	100001
db:	JVNDB	id:	JVNDB-2017-008473
db:	CNNVD	id:	CNNVD-201706-592
db:	NVD	id:	CVE-2017-9645

LAST UPDATE DATE

2024-11-23T22:45:35.612000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-22839	date:	2017-08-25T00:00:00
db:	VULHUB	id:	VHN-117848	date:	2019-10-09T00:00:00
db:	BID	id:	100001	date:	2017-07-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-008473	date:	2017-10-19T00:00:00
db:	CNNVD	id:	CNNVD-201706-592	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-9645	date:	2024-11-21T03:36:34.633

SOURCES RELEASE DATE

db:	IVD	id:	d3a1f9ff-b730-4b2e-ac28-ccbfc599ff91	date:	2017-08-25T00:00:00
db:	CNVD	id:	CNVD-2017-22839	date:	2017-08-25T00:00:00
db:	VULHUB	id:	VHN-117848	date:	2017-09-20T00:00:00
db:	BID	id:	100001	date:	2017-07-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-008473	date:	2017-10-19T00:00:00
db:	CNNVD	id:	CNNVD-201706-592	date:	2017-06-15T00:00:00
db:	NVD	id:	CVE-2017-9645	date:	2017-09-20T16:29:01.003