CVE-2017-13992

An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mechanism, which could allow remote code execution.
References
Link Resource
http://www.securityfocus.com/bid/100847 Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01 Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/100847 Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:loytec:lvis-3me_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:loytec:lvis-3me:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:11

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/100847 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/100847 - Third Party Advisory, VDB Entry
References () https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01 - Third Party Advisory, US Government Resource () https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01 - Third Party Advisory, US Government Resource

Information

Published : 2017-10-05 21:29

Updated : 2024-11-21 03:11


NVD link : CVE-2017-13992

Mitre link : CVE-2017-13992

CVE.ORG link : CVE-2017-13992


JSON object : View

Products Affected

loytec

  • lvis-3me
  • lvis-3me_firmware
CWE
CWE-331

Insufficient Entropy