CVE-2017-14009 Information

Description

An Information Exposure issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When an authenticated user uses the Change Password feature on the application the current password for the user is specified in plaintext. This may allow an attacker who has been authenticated to gain access to the password.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.securityfocus.com/bid/101259 https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5