CVE-2017-9649

Published Sep 20, 2017

Last updated 5 years ago

CVSS medium 5.0

Overview

Description: A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). An unchangeable, factory-set key is included in the 900 MHz transmitter firmware.
Source: ics-cert@hq.dhs.gov
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 5
Impact score: 3.4
Exploitability score: 1.6
Vector string: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 5.4
Impact score: 6.4
Exploitability score: 5.5
Vector string: AV:A/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-798
ics-cert@hq.dhs.gov: CWE-321

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mirion_technologies:dmc_3000_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECBC6372-8CD1-45F4-BE53-53D24BF22054"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mirion_technologies:dmc_3000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E64F77B6-9389-4FF3-AB9B-99DD73590860"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mirion_technologies:ipam_transmitter_f\\/dmc_2000_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E14D28BB-776A-401B-B832-E57BAACD3FA5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mirion_technologies:ipam_transmitter_f\\/dmc_2000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CA09D90D-53D8-4EE8-9966-D2884FBEFF7F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mirion_technologies:telepole_ii_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC1D83AF-67AC-4B1A-ACAB-599A1A629536"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mirion_technologies:telepole_ii:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C188712C-2656-495B-871D-7025BCD84049"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mirion_technologies:rds-31_itx_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1079AAF-23EC-4793-AE6A-E79DAF542E19"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mirion_technologies:rds-31_itx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EE8121F6-BFF1-4E14-8341-5B29D1AD2F23"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mirion_technologies:rsd31-am_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB8A46A6-58EC-403A-A5B7-05970784EB03"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mirion_technologies:rsd31-am:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F09B515E-38E6-4C8D-8ECC-AD831DE407AD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mirion_technologies:wrm2_mesh_repeater_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64296E40-113A-4A82-A293-9E4525EA2233"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mirion_technologies:wrm2_mesh_repeater:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "223DC579-D37A-4AC7-8399-00BEA6B20D29"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:mirion_technologies:drm-1\\/2_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30378F88-26B0-49B3-934D-7C3DB340D63E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mirion_technologies:drm-1\\/2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6B1ABCEE-AA08-4D81-88BF-E18CEB923509"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References