CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-14007

An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The user's session is available for an extended period beyond the last activity, allowing an attacker to reuse an old session for authorization.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.4%

CVSS Severity

CVSS v3 Score 5.6

CVSS v2 Score 6.8

References

http://www.securityfocus.com/bid/101259
https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01
http://www.securityfocus.com/bid/101259
https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01

Products affected by CVE-2017-14007

Prominent » Multiflex M10a Controller » Version: N/A

cpe:2.3:h:prominent:multiflex_m10a_controller:-
Prominent » Multiflex M10a Controller Firmware » Version: N/A

cpe:2.3:o:prominent:multiflex_m10a_controller_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-14007

Products

Pricing

Contact Us