High severity8.8NVD Advisory· Published Oct 17, 2017· Updated Jun 17, 2026
CVE-2017-14005
CVE-2017-14005
Description
An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a user, the application does not require the user to know the original password. An attacker who is authenticated could change a user's password, enabling future access and possible configuration changes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:o:prominent:multiflex_m10a_controller_firmware:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:prominent:multiflex_m10a_controller_firmware:*:*:*:*:*:*:*:*
- (no CPE)
Patches
Vulnerability mechanics
References
2- www.securityfocus.com/bid/101259nvdThird Party AdvisoryVDB Entry
- ics-cert.us-cert.gov/advisories/ICSA-17-285-01nvdMitigationThird Party AdvisoryUS Government Resource
News mentions
0No linked articles in our index yet.