CVE-2017-9625

EUVD-2017-18556
An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. The web application lacks proper authentication which could allow an attacker to view information and modify settings or execute code remotely.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
envitechenvidas_ultimate
𝑥
≤ 1.0.0.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/101249
https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03
http://www.securityfocus.com/bid/101249
https://ics-cert.us-cert.gov/advisories/ICSA-17-285-03