CVE-2017-11349

Опубликовано: 17 июл. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data.

Ссылки

https://nullku7.github.io/stuff/exposure/industrial/2017/05/02/Thermofisher-dataTaker.html
Exploit
Product
Third Party Advisory
https://twitter.com/nullku7/status/859238295959609344
Third Party Advisory
https://nullku7.github.io/stuff/exposure/industrial/2017/05/02/Thermofisher-dataTaker.html
Exploit
Product
Third Party Advisory
https://twitter.com/nullku7/status/859238295959609344
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:datataker:dt8x_firmware:1.72.007:*:*:*:*:*:*:*

cpe:2.3:h:datataker:dt8x:-:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00612

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-522

Связанные уязвимости

GHSA-5c6j-5c43-8hhw