Vulnerability Details CVE-2017-12736
After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions.
This could allow an attacker located in the adjacent network of the targeted device to perform unauthorized administrative actions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.3%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 5.8
References
- http://www.securityfocus.com/bid/101041
- http://www.securitytracker.com/id/1039463
- http://www.securitytracker.com/id/1039464
- https://cert-portal.siemens.com/productcert/html/ssa-856721.html
- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf
- http://www.securityfocus.com/bid/101041
- http://www.securitytracker.com/id/1039463
- http://www.securitytracker.com/id/1039464
- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf
Products affected by CVE-2017-12736
-
cpe:2.3:h:siemens:ruggedcom:-
-
cpe:2.3:h:siemens:ruggedcom_rsl910:-
-
cpe:2.3:h:siemens:scalance_xb-200:-
-
cpe:2.3:h:siemens:scalance_xc-200:-
-
cpe:2.3:h:siemens:scalance_xm-400:-
-
cpe:2.3:h:siemens:scalance_xp-200:-
-
cpe:2.3:h:siemens:scalance_xr-500:-
-
cpe:2.3:h:siemens:scalance_xr300-wg:-
-
cpe:2.3:o:siemens:ruggedcom_ros:*
-
cpe:2.3:o:siemens:ruggedcom_ros:4.3.4
-
cpe:2.3:o:siemens:ruggedcom_ros:4.3.7
-
cpe:2.3:o:siemens:ruggedcom_ros:4.3.8
-
cpe:2.3:o:siemens:scalance_xb-200_firmware:3.0
-
cpe:2.3:o:siemens:scalance_xb-200_firmware:4.1
-
cpe:2.3:o:siemens:scalance_xb-200_firmware:4.3
-
cpe:2.3:o:siemens:scalance_xb-200_firmware:5.2.4
-
cpe:2.3:o:siemens:scalance_xc-200_firmware:3.0
-
cpe:2.3:o:siemens:scalance_xc-200_firmware:4.1
-
cpe:2.3:o:siemens:scalance_xc-200_firmware:4.3
-
cpe:2.3:o:siemens:scalance_xc-200_firmware:5.2.4
-
cpe:2.3:o:siemens:scalance_xm-400_firmware:6.2.3
-
cpe:2.3:o:siemens:scalance_xm-400_firmware:6.4
-
cpe:2.3:o:siemens:scalance_xp-200_firmware:3.0
-
cpe:2.3:o:siemens:scalance_xp-200_firmware:4.1
-
cpe:2.3:o:siemens:scalance_xp-200_firmware:4.3
-
cpe:2.3:o:siemens:scalance_xp-200_firmware:5.2.4
-
cpe:2.3:o:siemens:scalance_xr-500_firmware:*
-
cpe:2.3:o:siemens:scalance_xr300-wg_firmware:*