CVE-2017-12736

{"id": "CVE-2017-12736", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2017-12-26T04:29:13.643", "references": [{"url": "http://www.securityfocus.com/bid/101041", "tags": ["Third Party Advisory", "VDB Entry"], "source": "productcert@siemens.com"}, {"url": "http://www.securitytracker.com/id/1039463", "tags": ["Third Party Advisory", "VDB Entry"], "source": "productcert@siemens.com"}, {"url": "http://www.securitytracker.com/id/1039464", "tags": ["Third Party Advisory", "VDB Entry"], "source": "productcert@siemens.com"}, {"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf", "tags": ["Issue Tracking", "Mitigation", "Vendor Advisory"], "source": "productcert@siemens.com"}, {"url": "http://www.securityfocus.com/bid/101041", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1039463", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1039464", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf", "tags": ["Issue Tracking", "Mitigation", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-665"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions < ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions < ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (All versions between V6.1 (including) and V6.1.1 (excluding)). After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to writeto the device under certain conditions, potentially allowing users located in the adjacentnetwork of the targeted device to perform unauthorized administrative actions."}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad en RUGGEDCOM ROS para los dispositivos RSL910 (todas las versiones anteriores a ROS V5.0.1), RUGGEDCOM ROS para todos los dem\u00e1s dispositivos (todas las versiones anteriores a ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (Todas las versiones entre V3.0 (incluido) y V3.0.2 (excluyendo), SCALANCE XR-500/XM-400 (Todas las versiones entre V6.1 (incluido) y V6.1.1 (excluyendo). Despu\u00e9s de la configuraci\u00f3n inicial, el Ruggedcom Discovery Protocol (RCDP) a\u00fan puede escribir hacia el dispositivo bajo ciertas condiciones, esto potencialmente permite que los usuarios ubicados en la red adyacente del dispositivo destino realicen acciones administrativas no autorizadas."}], "lastModified": "2024-11-21T03:10:07.373", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_xb-200_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA12DF53-5DB1-4279-9E46-6031258ACE68", "versionStartIncluding": "3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_xb-200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6CB3CC2D-CBF0-4F53-A412-01BBC39E34C2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_xc-200_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5501093A-B4A4-4E9C-AE5A-38A012B81E07", "versionStartIncluding": "3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_xc-200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7719E194-EE3D-4CE8-8C85-CF0D82A553AA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_xp-200_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F5B80A4-0EFC-4488-A569-574B942FC7D9", "versionStartIncluding": "3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_xp-200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8F962FC7-0616-467F-8CCA-ADEA224B5F7B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_xr300-wg_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DEF3486-F27F-4FC3-ADE5-A5BCAD477C47", "versionStartIncluding": "3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_xr300-wg:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "43C240D0-5169-4800-B336-A2B889475CD6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_xr-500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C6310FD-6DD7-4420-BE94-C791D18CA1E1", "versionStartIncluding": "6.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_xr-500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "96EA9D9A-AD86-4983-8FD2-33B1E447D7D1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:scalance_xm-400_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF503997-A9E6-4722-A774-D3089B3468B3", "versionStartIncluding": "6.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:scalance_xm-400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "798E900F-5EF9-4B39-B8C2-79FAE659E7F5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:ruggedcom_ros:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8AEFEF0-6AA1-4C07-BE94-0FBD7CECA354", "versionEndExcluding": "5.0.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:ruggedcom_rsl910:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5F0C8879-659D-4A28-BA72-7BE05B5215CC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:ruggedcom_ros:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF1FAD6D-C62C-46CF-A752-E0844A496344", "versionEndExcluding": "4.3.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:ruggedcom:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9EABA893-37F5-4877-BC13-3557C654857E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "productcert@siemens.com"}