CVE-2017-9632

moderate-risk
Published 2017-08-07

A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, LaserJet, all versions, ProTouch Tandem, all versions, ProTouch ICON, all versions, and ProTouch AutoGloss, all versions. The username and password are transmitted insecurely.

Do I need to act?

-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (11)

Laserwash G5 Firmware
Laserwash M5 Firmware
Protouch Icon Firmware
Laserwash G5 S Firmware
Laserwash 360 Firmware
Laserwash 360 Plus Firmware
Laserwash Autoxpress Firmware
Laserwash Autoxpress Plus Firmware
Laserjet Firmware
Protouch Tandem Firmware
Protouch Autogloss Firmware

Affected Vendors

Pdqinc

References (2)

Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-17-208-03
Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-17-208-03
48
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 0/34 · Minimal
Exposure 16/34 · Moderate