CVE-2017-14007

EPSS 0.23%
Veröffentlicht 17.10.2017 22:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The user's session is available for an extended period beyond the last activity, allowing an attacker to reuse an old session for authorization.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Prominent ≫ Multiflex M10a Controller Firmware

Prominent ≫ Multiflex M10a Controller Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.425

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.6	2.2	3.4	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-613 Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

http://www.securityfocus.com/bid/101259

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01

Third Party Advisory

US Government Resource

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2017-14007

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-14007

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-14007

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-14007