CVE-2017-9649

A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). An unchangeable, factory-set key is included in the 900 MHz transmitter firmware.

CVSS v3 5.0 MEDIUM
CVSS v2.0 5.4 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability : 1.6 / Impact : 3.4

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

5.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 5.5 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/100001	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-208-02	Mitigation Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/100001	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-208-02	Mitigation Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:mirion_technologies:dmc_3000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mirion_technologies:dmc_3000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:mirion_technologies:ipam_transmitter_f\/dmc_2000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mirion_technologies:ipam_transmitter_f\/dmc_2000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:mirion_technologies:telepole_ii_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mirion_technologies:telepole_ii:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:mirion_technologies:rds-31_itx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mirion_technologies:rds-31_itx:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:mirion_technologies:rsd31-am_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mirion_technologies:rsd31-am:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:mirion_technologies:wrm2_mesh_repeater_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mirion_technologies:wrm2_mesh_repeater:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:mirion_technologies:drm-1\/2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mirion_technologies:drm-1\/2:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:36

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/100001 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/100001 - Third Party Advisory, VDB Entry
References	~~() https://ics-cert.us-cert.gov/advisories/ICSA-17-208-02 - Mitigation, Third Party Advisory, US Government Resource~~	() https://ics-cert.us-cert.gov/advisories/ICSA-17-208-02 - Mitigation, Third Party Advisory, US Government Resource

Information

Published : 2017-09-20 16:29

Updated : 2024-11-21 03:36

NVD link : CVE-2017-9649

Mitre link : CVE-2017-9649

CVE.ORG link : CVE-2017-9649

JSON object : View

Products Affected

mirion_technologies

ipam_transmitter_f\/dmc_2000_firmware
rds-31_itx_firmware
rsd31-am_firmware
rsd31-am
telepole_ii
drm-1\/2
dmc_3000
drm-1\/2_firmware
dmc_3000_firmware
rds-31_itx
ipam_transmitter_f\/dmc_2000
telepole_ii_firmware
wrm2_mesh_repeater
wrm2_mesh_repeater_firmware

CWE

CWE-321

Use of Hard-coded Cryptographic Key

CWE-798

Use of Hard-coded Credentials

5.0 /10