SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-490200866] Detcon SiteWatch Gateway

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-05-16OtherDetconIndependent researcher Maxim Rupp reported the vulnerabilities. N/ACVE-2017-6049 CVE-2017-6047 N/AN/AN/A

Source

						
							
								
#
# Detcon SiteWatch Gateway
#


### VULNERABLE VENDOR
Detcon


### VULNERABLE PRODUCT
SiteWatch Gateway



### RESEARCHER
Independent researcher Maxim Rupp reported the vulnerabilities.



### AFFECTED PRODUCTS

The following versions of Detcon SiteWatch Gateway, an Ethernet Notification System, are affected:

All SiteWatch Gateway versions are affected.
Detcon reports Cellular versions not impacted.



### IMPACT

Successful exploitation of these vulnerabilities may allow remote code execution. An attacker who exploits these vulnerabilities may be able to change settings on the affected product or obtain user passwords.



### VULNERABILITY OVERVIEW

IMPROPER AUTHENTICATION CWE-287
An attacker can edit settings on the device using a specially crafted URL.
CVE-2017-6049 has been assigned to this vulnerability.
A CVSS v3 base score of 9.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)


PLAINTEXT STORAGE OF A PASSWORD CWE-256
Passwords are presented in plaintext in a file that is accessible without authentication.
CVE-2017-6047 has been assigned to this vulnerability.
A CVSS v3 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)





### BACKGROUND

Critical Infrastructure Sectors: Commercial Facilities, Critical Manufacturing, Energy, Water and Wastewater Systems
Countries/Areas Deployed: United States, Europe, Asia
Company Headquarters Location: The Woodlands, Texas




### MITIGATION

Detcon no longer sells or maintains the SiteWatch Gateway product. They have attempted to send a notification to all SiteWatch users.