CVE-2017-12731

Published Sep 9, 2017

Last updated 5 years ago

CVSS critical 9.8

Overview

Description: A SQL Injection issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. The application is vulnerable to injection of malicious SQL queries via the input from the client.
Source: ics-cert@hq.dhs.gov
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89
ics-cert@hq.dhs.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A065260A-6ED8-45F2-9190-D4F3F1CA4948",
            "versionEndIncluding": "175"
          },
          {
            "criteria": "cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:16q3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "316BBC8F-75C9-49D4-8971-A16C67DAAC9B"
          },
          {
            "criteria": "cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:189:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AABDF8A-4058-45BE-9246-5133494BDD80"
          },
          {
            "criteria": "cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:191:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC929081-714F-4F86-9B84-2E06F7623753"
          },
          {
            "criteria": "cpe:2.3:o:opwglobal:sitesentinel_isite_atg_firmware:195:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9239F35E-C6D2-41D7-A4A1-127C3E607573"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:opwglobal:sitesentinel_isite_atg:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EEB71D3F-AAB9-4333-B47A-524F80ED9F78"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F2B9FEC-D4EC-4284-8B11-BD7C1AE46AF7",
            "versionEndIncluding": "175"
          },
          {
            "criteria": "cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:16q3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7527D23C-F614-4317-83C5-DAC1355DE70F"
          },
          {
            "criteria": "cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:189:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D6B6A28-A289-4CF7-9CA4-93A2317306B5"
          },
          {
            "criteria": "cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:191:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DCC190C-2F13-4192-B4CD-F6C404DEC4FC"
          },
          {
            "criteria": "cpe:2.3:o:opwglobal:sitesentinel_integra_500_firmware:195:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4B4B62F-4828-4E34-ADB5-D5D808D6B0A6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:opwglobal:sitesentinel_integra_500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F123D060-C5EA-44CB-AB0A-10D7D94BF96A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opwglobal:sitesentinel_integra_100_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EA66397-344F-4B95-A742-761D32AB6EF6",
            "versionEndIncluding": "175"
          },
          {
            "criteria": "cpe:2.3:o:opwglobal:sitesentinel_integra_100_firmware:16q3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A28ECD62-417B-4FEC-A84A-FD2E2E35A14B"
          },
          {
            "criteria": "cpe:2.3:o:opwglobal:sitesentinel_integra_100_firmware:189:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF8E0ABE-2228-431D-92F9-45257AD8D8DD"
          },
          {
            "criteria": "cpe:2.3:o:opwglobal:sitesentinel_integra_100_firmware:191:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4FC1AA6-DEEC-4DFA-8EFB-7FE250DA5301"
          },
          {
            "criteria": "cpe:2.3:o:opwglobal:sitesentinel_integra_100_firmware:195:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "975D97B5-EB10-4DFF-A9F6-EF5414E55EE6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:opwglobal:sitesentinel_integra_100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "32CBB664-CFC2-4F74-969B-3FC73BD4B61A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References