Unauthorized Access Vulnerability in RUGGEDCOM and SCALANCE Products
CVE-2017-12736

8.8HIGH

Key Information:

Vendor: Siemens
Status: Ruggedcom I800; Ruggedcom I800nc; Ruggedcom I801; Ruggedcom I801nc
Vendor: CVE Published:; 26 December 2017

What is CVE-2017-12736?

A vulnerability exists in RUGGEDCOM and SCALANCE products due to the Ruggedcom Discovery Protocol (RCDP), which can write to devices under certain conditions. This flaw allows users within the adjacent network to potentially execute unauthorized administrative actions on the devices, emphasizing the need for proper security measures and timely updates to safeguard against unauthorized access.

Affected Version(s)

RUGGEDCOM i800 0

RUGGEDCOM i800NC 0

RUGGEDCOM i801 0

References

https://www.siemens.com/cert/pool/cert/siemens_security_a...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1039463

vdb-entryx_refsource_SECTRACK

http://www.securitytracker.com/id/1039464

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 26, 2017
Vulnerability Reserved
Aug 9, 2017

Siemens

What is CVE-2017-12736?

Affected Version(s)

References

CVSS V3.1

Timeline