CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-14005

An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a user, the application does not require the user to know the original password. An attacker who is authenticated could change a user's password, enabling future access and possible configuration changes.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 59.9%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

http://www.securityfocus.com/bid/101259
https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01
http://www.securityfocus.com/bid/101259
https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01

Products affected by CVE-2017-14005

Prominent » Multiflex M10a Controller » Version: N/A

cpe:2.3:h:prominent:multiflex_m10a_controller:-
Prominent » Multiflex M10a Controller Firmware » Version: N/A

cpe:2.3:o:prominent:multiflex_m10a_controller_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-14005

Products

Pricing

Contact Us