Sign-up

ID

VAR-201709-1107


CVE

CVE-2017-9649


TITLE

Mirion Technologies Telemetry Enabled Devices Denial of service vulnerability

Trust: 0.8

sources: IVD: bb97c299-9654-48d6-b71d-ff9ddcbcad7f // CNVD: CNVD-2017-22838

DESCRIPTION

A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). An unchangeable, factory-set key is included in the 900 MHz transmitter firmware. plural Mirion Technologies The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Mirion Technologies provides a source of solutions for nuclear, military, radiation detection and monitoring. Mirion Technologies Telemetry Enabled Devices is a denial of service vulnerability that could allow an attacker to transmit fraudulent data or perform denial of service. Successfully exploiting these issues may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. RSD31-AM Package), DRM-1/2 and variants (incl. are products of Mirion Technologies in the United States. Mirion Technologies DMC 3000 Transmitter Module is a DMC 3000 series control card

Trust: 2.7

sources: NVD: CVE-2017-9649 // JVNDB: JVNDB-2017-008474 // CNVD: CNVD-2017-22838 // BID: 100001 // IVD: bb97c299-9654-48d6-b71d-ff9ddcbcad7f // VULHUB: VHN-117852

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: bb97c299-9654-48d6-b71d-ff9ddcbcad7f // CNVD: CNVD-2017-22838

AFFECTED PRODUCTS

vendor:mirionmodel:dmc 3000scope:eqversion: -

Trust: 1.6

vendor:mirionmodel:wrm2 mesh repeaterscope:eqversion: -

Trust: 1.6

vendor:mirionmodel:telepole iiscope:eqversion: -

Trust: 1.6

vendor:mirionmodel:rds-31 itxscope:eqversion: -

Trust: 1.6

vendor:mirionmodel:ipam transmitter f\/dmc 2000scope:eqversion: -

Trust: 1.6

vendor:mirionmodel:rsd31-amscope:eqversion: -

Trust: 1.6

vendor:mirionmodel:drm-1\/2scope:eqversion: -

Trust: 1.6

vendor:mirionmodel:dmc 3000 transmitter modulescope: - version: -

Trust: 0.8

vendor:mirionmodel:drm-1/2scope: - version: -

Trust: 0.8

vendor:mirionmodel:ipam transmitter f/dmc 2000scope: - version: -

Trust: 0.8

vendor:mirionmodel:mesh repeaterscope: - version: -

Trust: 0.8

vendor:mirionmodel:rds-31 itxscope: - version: -

Trust: 0.8

vendor:mirionmodel:rsd31-amscope: - version: -

Trust: 0.8

vendor:mirionmodel:telepole iiscope: - version: -

Trust: 0.8

vendor:mirionmodel:telemetry enabled devices dmc transmitter modulescope:eqversion:3000

Trust: 0.6

vendor:mirionmodel:telemetry enabled devices ipam transmitter f/dmcscope:eqversion:2000

Trust: 0.6

vendor:mirionmodel:telemetry enabled devices rds-31 itx and variantsscope: - version: -

Trust: 0.6

vendor:mirionmodel:telemetry enabled devices drm-1/2 and variantsscope: - version: -

Trust: 0.6

vendor:mirionmodel:telemetry enabled devices drm and rds based boundary monitorsscope: - version: -

Trust: 0.6

vendor:mirionmodel:telemetry enabled devices telepole iiscope: - version: -

Trust: 0.6

vendor:mirionmodel:telemetry enabled devices external transmittersscope: - version: -

Trust: 0.6

vendor:mirionmodel:telemetry enabled devices mesh repeaterscope: - version: -

Trust: 0.6

vendor:mirionmodel:telepole iiscope:eqversion:0

Trust: 0.3

vendor:mirionmodel:rds-31 itxscope:eqversion:0

Trust: 0.3

vendor:mirionmodel:mesh repeaterscope:eqversion:0

Trust: 0.3

vendor:mirionmodel:ipam transmitter f/dmcscope:eqversion:20000

Trust: 0.3

vendor:mirionmodel:external transmittersscope:eqversion:0

Trust: 0.3

vendor:mirionmodel:drm-1/2scope:eqversion:0

Trust: 0.3

vendor:mirionmodel:drm and rds based boundary monitorsscope:eqversion:0

Trust: 0.3

vendor:mirionmodel:dmc transmitter modulescope:eqversion:30000

Trust: 0.3

vendor:dmc 3000model: - scope:eqversion: -

Trust: 0.2

vendor:ipam transmitter f dmc 2000model: - scope:eqversion: -

Trust: 0.2

vendor:telepole iimodel: - scope:eqversion: -

Trust: 0.2

vendor:rds 31 itxmodel: - scope:eqversion: -

Trust: 0.2

vendor:rsd31 ammodel: - scope:eqversion: -

Trust: 0.2

vendor:wrm2 mesh repeatermodel: - scope:eqversion: -

Trust: 0.2

vendor:drm 1 2model: - scope:eqversion: -

Trust: 0.2

sources: IVD: bb97c299-9654-48d6-b71d-ff9ddcbcad7f // CNVD: CNVD-2017-22838 // BID: 100001 // JVNDB: JVNDB-2017-008474 // CNNVD: CNNVD-201706-588 // NVD: CVE-2017-9649

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-9649
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-9649
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-22838
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201706-588
value: MEDIUM

Trust: 0.6

IVD: bb97c299-9654-48d6-b71d-ff9ddcbcad7f
value: MEDIUM

Trust: 0.2

VULHUB: VHN-117852
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-9649
severity: MEDIUM
baseScore: 5.4
vectorString: AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-22838
severity: MEDIUM
baseScore: 4.3
vectorString: AV:A/AC:H/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.2
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: bb97c299-9654-48d6-b71d-ff9ddcbcad7f
severity: MEDIUM
baseScore: 4.3
vectorString: AV:A/AC:H/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.2
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-117852
severity: MEDIUM
baseScore: 5.4
vectorString: AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-9649
baseSeverity: MEDIUM
baseScore: 5.0
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.6
impactScore: 3.4
version: 3.0

Trust: 1.8

sources: IVD: bb97c299-9654-48d6-b71d-ff9ddcbcad7f // CNVD: CNVD-2017-22838 // VULHUB: VHN-117852 // JVNDB: JVNDB-2017-008474 // CNNVD: CNNVD-201706-588 // NVD: CVE-2017-9649

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

problemtype:CWE-321

Trust: 1.0

sources: VULHUB: VHN-117852 // JVNDB: JVNDB-2017-008474 // NVD: CVE-2017-9649

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201706-588

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201706-588

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-008474

PATCH
title:Top Pageurl:https://www.mirion.com/
Trust: 0.8
title:Mirion Technologies Telemetry Enabled Devices Patch for Denial of Service Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/100845
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-22838 // 
            
            
            
            JVNDB: JVNDB-2017-008474

EXTERNAL IDS
db:NVDid:CVE-2017-9649
Trust: 3.6
db:ICS CERTid:ICSA-17-208-02
Trust: 3.4
db:BIDid:100001
Trust: 2.0
db:CNNVDid:CNNVD-201706-588
Trust: 0.9
db:CNVDid:CNVD-2017-22838
Trust: 0.8
db:JVNDBid:JVNDB-2017-008474
Trust: 0.8
db:IVDid:BB97C299-9654-48D6-B71D-FF9DDCBCAD7F
Trust: 0.2
db:VULHUBid:VHN-117852
Trust: 0.1
sources:
            
            
            IVD: bb97c299-9654-48d6-b71d-ff9ddcbcad7f // 
            
            
            
            CNVD: CNVD-2017-22838 // 
            
            
            
            VULHUB: VHN-117852 // 
            
            
            
            BID: 100001 // 
            
            
            
            JVNDB: JVNDB-2017-008474 // 
            
            
            
            CNNVD: CNNVD-201706-588 // 
            
            
            
            NVD: CVE-2017-9649

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-17-208-02
Trust: 3.4
url:http://www.securityfocus.com/bid/100001
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9649
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-9649
Trust: 0.8
url:https://www.mirion.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-22838 // 
            
            
            
            VULHUB: VHN-117852 // 
            
            
            
            BID: 100001 // 
            
            
            
            JVNDB: JVNDB-2017-008474 // 
            
            
            
            CNNVD: CNNVD-201706-588 // 
            
            
            
            NVD: CVE-2017-9649

CREDITS
Ruben Santamarta of IOActive
Trust: 0.3
sources:
            
            
            BID: 100001

SOURCES
db:IVDid:bb97c299-9654-48d6-b71d-ff9ddcbcad7f
db:CNVDid:CNVD-2017-22838
db:VULHUBid:VHN-117852
db:BIDid:100001
db:JVNDBid:JVNDB-2017-008474
db:CNNVDid:CNNVD-201706-588
db:NVDid:CVE-2017-9649

LAST UPDATE DATE
2024-11-23T22:45:35.651000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-22838date:2017-08-25T00:00:00
db:VULHUBid:VHN-117852date:2019-10-09T00:00:00
db:BIDid:100001date:2017-07-27T00:00:00
db:JVNDBid:JVNDB-2017-008474date:2017-10-19T00:00:00
db:CNNVDid:CNNVD-201706-588date:2019-10-17T00:00:00
db:NVDid:CVE-2017-9649date:2024-11-21T03:36:35.103

SOURCES RELEASE DATE
db:IVDid:bb97c299-9654-48d6-b71d-ff9ddcbcad7fdate:2017-08-25T00:00:00
db:CNVDid:CNVD-2017-22838date:2017-08-25T00:00:00
db:VULHUBid:VHN-117852date:2017-09-20T00:00:00
db:BIDid:100001date:2017-07-27T00:00:00
db:JVNDBid:JVNDB-2017-008474date:2017-10-19T00:00:00
db:CNNVDid:CNNVD-201706-588date:2017-06-15T00:00:00
db:NVDid:CVE-2017-9649date:2017-09-20T16:29:01.097