CVE-2017-14005

2017-10-1722:00:00

CWE-620

icscert

www.cve.org

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

36.0%

JSON

An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a user, the application does not require the user to know the original password. An attacker who is authenticated could change a user’s password, enabling future access and possible configuration changes.

CNA Affected

[
  {
    "product": "ProMinent MultiFLEX M10a Controller",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "ProMinent MultiFLEX M10a Controller"
      }
    ]
  }
]

References

www.securityfocus.com/bid/101259

ics-cert.us-cert.gov/advisories/ICSA-17-285-01