CVE-2017-17691

Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
contronicshomeputer_cl_studio_fur_homematic
𝑥
< 4.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2017-031_homematic.txt
https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2017-031_homematic.txt