CVE-2017-9632 : A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing

A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, LaserJet, all versions, ProTouch Tandem, all versions, ProTouch ICON, all versions, and ProTouch AutoGloss, all versions. The username and password are transmitted insecurely.

Published 2017-08-07 08:29:00

Updated 2019-10-09 23:30:44

Source ICS-CERT

View at NVD, CVE.org

Products affected by CVE-2017-9632

Pdqinc » Laserwash G5 Firmware » Version: N/A
cpe:2.3:o:pdqinc:laserwash_g5_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Pdqinc » Laserwash G5 » Version: N/A
Pdqinc » Laserwash G5 S Firmware » Version: N/A
cpe:2.3:o:pdqinc:laserwash_g5_s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Pdqinc » Laserwash G5 S » Version: N/A
Pdqinc » Laserwash M5 Firmware » Version: N/A
cpe:2.3:o:pdqinc:laserwash_m5_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Pdqinc » Laserwash M5 » Version: N/A
Pdqinc » Laserwash 360 Firmware » Version: N/A
cpe:2.3:o:pdqinc:laserwash_360_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Pdqinc » Laserwash 360 » Version: N/A
Pdqinc » Laserwash 360 Plus Firmware » Version: N/A
cpe:2.3:o:pdqinc:laserwash_360_plus_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Pdqinc » Laserwash 360 Plus » Version: N/A
Pdqinc » Laserwash Autoxpress Firmware » Version: N/A
cpe:2.3:o:pdqinc:laserwash_autoxpress_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Pdqinc » Laserwash Autoxpress » Version: N/A
Pdqinc » Laserwash Autoxpress Plus Firmware » Version: N/A
cpe:2.3:o:pdqinc:laserwash_autoxpress_plus_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Pdqinc » Laserwash Autoxpress Plus » Version: N/A
Pdqinc » Laserjet Firmware » Version: N/A
cpe:2.3:o:pdqinc:laserjet_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Pdqinc » Laserjet » Version: N/A
Pdqinc » Protouch Tandem Firmware » Version: N/A
cpe:2.3:o:pdqinc:protouch_tandem_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Pdqinc » Protouch Tandem » Version: N/A
Pdqinc » Protouch Icon Firmware » Version: N/A
cpe:2.3:o:pdqinc:protouch_icon_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Pdqinc » Protouch Icon » Version: N/A
Pdqinc » Protouch Autogloss Firmware » Version: N/A
cpe:2.3:o:pdqinc:protouch_autogloss_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Pdqinc » Protouch Autogloss » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2017-9632

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 18 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-9632

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-9632

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.
Assigned by:
- ics-cert@hq.dhs.gov (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2017-9632

https://ics-cert.us-cert.gov/advisories/ICSA-17-208-03

PDQ Manufacturing, Inc. LaserWash, Laser Jet and ProTouch | CISA
Mitigation;Third Party Advisory;US Government Resource

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2017-9632

Products affected by CVE-2017-9632

Exploit prediction scoring system (EPSS) score for CVE-2017-9632

CVSS scores for CVE-2017-9632

CWE ids for CVE-2017-9632

References for CVE-2017-9632