CVE-2017-3210
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.
EPSS 0.05% · 15.7th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Portrait Display | SDK | 2.30 |
| fujitsu | displayview_click_suite | 5.0 |
| hp | display_assistant | 2.1 |
| portrait | portrait_display_sdk | 2.30 |
| hp | my_display | 2.0 |
| philips | smart_control_premium | 2.25, 2.23 |
| fujitsu | displayview_click | 6.01, 6.0 |
Timeline
- Apr 26, 2017 PoC Published
- Jul 24, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- 98006 vdb
- VU#219739 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2017-3210 advisory