9.8

CVE-2017-9632

A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, LaserJet, all versions, ProTouch Tandem, all versions, ProTouch ICON, all versions, and ProTouch AutoGloss, all versions. The username and password are transmitted insecurely.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PdqincLaserwash G5 Firmware Version-
   PdqincLaserwash G5 Version-
PdqincLaserwash G5 S Firmware Version-
   PdqincLaserwash G5 S Version-
PdqincLaserwash M5 Firmware Version-
   PdqincLaserwash M5 Version-
PdqincLaserwash 360 Firmware Version-
   PdqincLaserwash 360 Version-
PdqincLaserjet Firmware Version-
   PdqincLaserjet Version-
PdqincProtouch Tandem Firmware Version-
   PdqincProtouch Tandem Version-
PdqincProtouch Icon Firmware Version-
   PdqincProtouch Icon Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.07% 0.176
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

https://ics-cert.us-cert.gov/advisories/ICSA-17-208-03
Third Party Advisory
US Government Resource
Mitigation