CVE-2017-17691

HIGH

Contronics Homeputer CL Studio Fur Ho... - Insufficiently Protected Credentials

Title source: rule

Description

Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack.

References (1)

[Exploit, Mitigation, Third Party Advisory] https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2017-031_homematic.txt

Scores

CVSS v3 8.1

EPSS 0.0029

EPSS Percentile 51.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (1)

contronics/homeputer_cl_studio_fur_homematic < 4.0

Timeline

Published Sep 07, 2018

Tracked Since Feb 18, 2026