CVE-2017-12734

{"id": "CVE-2017-12734", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-08-30T19:29:00.273", "references": [{"url": "http://www.securityfocus.com/bid/100560", "tags": ["Third Party Advisory", "VDB Entry"], "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-087240.pdf", "tags": ["Patch", "Vendor Advisory"], "source": "productcert@siemens.com"}, {"url": "http://www.securityfocus.com/bid/100560", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-087240.pdf", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-895"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V1.81.2). An attacker with network access to the integrated web server on port 80/tcp could obtain the session ID of an active user session. A user must be logged in to the web interface. Siemens recommends to use the integrated webserver on port 80/tcp only in trusted networks."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en LOGO! 8 BM (incl. Variantes SIPLUS) (todas las versiones anteriores a V1.81.2). Un atacante con acceso de red al servidor web integrado en el puerto 80/tcp podr\u00eda obtener la ID de sesi\u00f3n de una sesi\u00f3n de usuario activa. Un usuario debe iniciar sesi\u00f3n en la interfaz web. Siemens recomienda utilizar el servidor web integrado en el puerto 80/tcp solo en redes de confianza."}], "lastModified": "2024-11-21T03:10:07.130", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:logo\\!8_bm_fs-05_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6128EB35-6031-4F61-8B25-596E6FE664A1", "versionEndIncluding": "1.81.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:logo\\!8_bm_fs-05:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "641F5F08-8D9F-425C-9735-DC174431EEA3"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "productcert@siemens.com"}