CVE-2017-12736
CVSS V2 Medium 5.8
CVSS V3 High 8.8
Description
A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions < ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions < ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (All versions between V6.1 (including) and V6.1.1 (excluding)). After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to writeto the device under certain conditions, potentially allowing users located in the adjacentnetwork of the targeted device to perform unauthorized administrative actions.
Overview
- CVE ID
- CVE-2017-12736
- Assigner
- productcert@siemens.com
- Vulnerability Status
- Modified
- Published Version
- 2017-12-26T04:29:13
- Last Modified Date
- 2019-10-03T00:03:26
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:o:siemens:scalance_xb-200_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.0 | |
| cpe:2.3:h:siemens:scalance_xb-200:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:scalance_xc-200_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.0 | |
| cpe:2.3:h:siemens:scalance_xc-200:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:scalance_xp-200_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.0 | |
| cpe:2.3:h:siemens:scalance_xp-200:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:scalance_xr300-wg_firmware:*:*:*:*:*:*:*:* | 1 | OR | 3.0 | |
| cpe:2.3:h:siemens:scalance_xr300-wg:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:scalance_xr-500_firmware:*:*:*:*:*:*:*:* | 1 | OR | 6.1 | |
| cpe:2.3:h:siemens:scalance_xr-500:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:scalance_xm-400_firmware:*:*:*:*:*:*:*:* | 1 | OR | 6.1 | |
| cpe:2.3:h:siemens:scalance_xm-400:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:ruggedcom_ros:*:*:*:*:*:*:*:* | 1 | OR | 5.0.1 | |
| cpe:2.3:h:siemens:ruggedcom_rsl910:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:siemens:ruggedcom_ros:*:*:*:*:*:*:*:* | 1 | OR | 4.3.4 | |
| cpe:2.3:h:siemens:ruggedcom:-:*:*:*:*:*:*:* | 0 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:A/AC:L/Au:N/C:P/I:P/A:P
- Access Vector
- ADJACENT_NETWORK
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- PARTIAL
- Availability Impact
- PARTIAL
- Base Score
- 5.8
- Severity
- MEDIUM
- Exploitability Score
- 6.5
- Impact Score
- 6.4
CVSS Version 3
- Version
- 3.0
- Vector String
- CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Attack Vector
- ADJACENT_NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- HIGH
- Base Score
- 8.8
- Base Severity
- HIGH
- Exploitability Score
- 2.8
- Impact Score
- 5.9
References
| Reference URL | Reference Tags |
|---|---|
| https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf | Issue Tracking Mitigation Vendor Advisory |
| http://www.securitytracker.com/id/1039464 | Third Party Advisory VDB Entry |
| http://www.securitytracker.com/id/1039463 | Third Party Advisory VDB Entry |
| http://www.securityfocus.com/bid/101041 | Third Party Advisory VDB Entry |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2017-12736 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12736 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 17:21:17 | Added to TrackCVE | |||
| 2022-12-03 00:21:59 | 2017-12-26T04:29Z | 2017-12-26T04:29:13 | CVE Published Date | updated |
| 2022-12-03 00:21:59 | 2019-10-03T00:03:26 | CVE Modified Date | updated | |
| 2022-12-03 00:21:59 | Modified | Vulnerability Status | updated |