Vulnerability Details : CVE-2017-9645
An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). Decryption of data is possible at the hardware level.
Products affected by CVE-2017-9645
- cpe:2.3:o:mirion:dmc_3000_transmitter_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mirion:ipam_transmitter_f\/dmc_2000_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mirion:rds-31_itx_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mirion:drm-1\/2_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mirion:drm-2_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mirion:rds-31_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mirion:telepole_2_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mirion:wrm2_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-9645
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 19 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-9645
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.3
|
LOW | AV:A/AC:L/Au:N/C:P/I:N/A:N |
6.5
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2017-9645
-
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.Assigned by:
- ics-cert@hq.dhs.gov (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2017-9645
-
http://www.securityfocus.com/bid/100001
Mirion Technologies Multiple Telemetry Enabled Devices Multiple Security Bypass VulnerabilitiesThird Party Advisory;VDB Entry
-
https://ics-cert.us-cert.gov/advisories/ICSA-17-208-02
Mirion Technologies Telemetry Enabled Devices | CISAMitigation;Third Party Advisory;US Government Resource
Jump to