SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-161792536] CyberVision Kaa IoT Platform

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-05-02OtherCyberVisionJacob Baines from Tenable Network Security is credited with the discovery of this vulnerability. N/ACVE-2017-7911 N/AN/AN/A

Source

						
							
								
#
# CyberVision Kaa IoT Platform
#


### VULNERABLE VENDOR
CyberVision


### VULNERABLE PRODUCT
Kaa IoT Platform



### RESEARCHER
Jacob Baines from Tenable Network Security is credited with the discovery of this vulnerability.



### AFFECTED PRODUCTS

The following version of Kaa IoT Platform, a middleware platform, is affected:

Kaa IoT Platform, Version 0.7.4, and possibly other versions.



### IMPACT

Successful exploitation of this vulnerability could allow for the creation of files with custom content, movement of files, and execution of arbitrary OS commands.



### VULNERABILITY OVERVIEW

INSUFFICIENT ENCAPSULATION CWE-485
A code injection vulnerability has been identified, which may allow remote code execution.
CVE-2017-7911 has been assigned to this vulnerability.
A CVSS v3 base score of 6.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)





### BACKGROUND

Critical Infrastructure Sector(s): Commercial Facilities, Critical Manufacturing, Food and Agriculture, Healthcare and Public Health, Information Technology
Countries Deployed: Worldwide
Company Headquarters Location: Florida, United States




### MITIGATION

CyberVision's Kaa Project has been unresponsive to multiple contact requests and has produced no mitigations for this vulnerability.