CVE-2017-9630

EUVD-2017-18561

07.08.2017, 08:29

An Improper Authentication issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, LaserJet, all versions, ProTouch Tandem, all versions, ProTouch ICON, all versions, and ProTouch AutoGloss, all versions. The web server does not properly verify that provided authentication information is correct.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.4 CRITICAL	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 41%

Affected Products (NVD)

Vendor	Product	Version
pdqinc	laserwash_g5_firmware	-
pdqinc	laserwash_g5_s_firmware	-
pdqinc	laserwash_m5_firmware	-
pdqinc	laserwash_360_firmware	-
pdqinc	laserwash_360_plus_firmware	-
pdqinc	laserwash_autoxpress_firmware	-
pdqinc	laserwash_autoxpress_plus_firmware	-
pdqinc	laserjet_firmware	-
pdqinc	protouch_tandem_firmware	-
pdqinc	protouch_icon_firmware	-
pdqinc	protouch_autogloss_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

References

https://ics-cert.us-cert.gov/advisories/ICSA-17-208-03