Unauthorized Access Vulnerability in RUGGEDCOM and SCALANCE Products
CVE-2017-12736

8.8HIGH

Key Information:

Vendor
Siemens
Status
Ruggedcom Ros For Rsl910 Devices, Ruggedcom Ros For All Other Devices, Scalance Xb-200/xc-200/xp-200/xr300-wg, Scalance Xr-500/xm-400
Vendor
CVE Published:
26 December 2017

Summary

A vulnerability exists in RUGGEDCOM and SCALANCE products due to the Ruggedcom Discovery Protocol (RCDP), which can write to devices under certain conditions. This flaw allows users within the adjacent network to potentially execute unauthorized administrative actions on the devices, emphasizing the need for proper security measures and timely updates to safeguard against unauthorized access.

Affected Version(s)

RUGGEDCOM ROS for RSL910 devices, RUGGEDCOM ROS for all other devices, SCALANCE XB-200/XC-200/XP-200/XR300-WG, SCALANCE XR-500/XM-400 RUGGEDCOM ROS for RSL910 devices : All versions < ROS V5.0.1 < RUGGEDCOM ROS for RSL910 devices : All versions ROS V5.0.1

RUGGEDCOM ROS for RSL910 devices, RUGGEDCOM ROS for all other devices, SCALANCE XB-200/XC-200/XP-200/XR300-WG, SCALANCE XR-500/XM-400 RUGGEDCOM ROS for all other devices : All versions < ROS V4.3.4 < RUGGEDCOM ROS for all other devices : All versions ROS V4.3.4

RUGGEDCOM ROS for RSL910 devices, RUGGEDCOM ROS for all other devices, SCALANCE XB-200/XC-200/XP-200/XR300-WG, SCALANCE XR-500/XM-400 SCALANCE XB-200/XC-200/XP-200/XR300-WG : All versions between V3.0 (including) and V3.0.2 (excluding)

References

https://www.siemens.com/cert/pool/cert/siemens_security_a...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039463
vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1039464
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.