{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T05:24:28.660","vulnerabilities":[{"cve":{"id":"CVE-2017-14005","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-10-17T22:29:00.260","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a user, the application does not require the user to know the original password. An attacker who is authenticated could change a user's password, enabling future access and possible configuration changes."},{"lang":"es","value":"Se ha descubierto un problema de cambio de contraseña sin verificación en la interfaz web de ProMinent MultiFLEX M10a Controller. Cuando se establece una nueva contraseña para un usuario, la aplicación no requiere que el usuario conozca la contraseña original. Un atacante autenticado podría cambiar una contraseña de usuario, permitiendo futuros accesos y posibles cambios de configuración."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-620"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-640"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:prominent:multiflex_m10a_controller_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"BD9BF155-29F4-45CD-8F53-957AAB24FA2C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:prominent:multiflex_m10a_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"C3AFF952-BF09-4A00-934A-F03D49D95E97"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/101259","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/101259","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}}]}