Auth bypass in Ice Qube Thermal Management Center
CVE-2017-14026
In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information.
Vulnerability class: Broken Authentication
EPSS: 0.018 (75.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Ice Qube Thermal Management Center — versions All versions prior to version 4.13
- Iceqube Thermal_management_center
- Iceqube Thermal_management_center_firmware
Weakness classification (CWE)
References
- ics-cert@hq.dhs.gov (US Government Resource, Third Party Advisory, x_refsource_MISC)
- ics-cert@hq.dhs.gov (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
Frequently asked questions
- What is CVE-2017-14026?
- CVE-2017-14026 is a high-severity vulnerability in Ice Qube Thermal Management Center, classified under Improper Authentication. CVSS score: 7.5/10. Published 2018-09-06.
- How severe is CVE-2017-14026?
- High severity. CVSS v3 base score is 7.5 out of 10.