CVE-2017-2682

8.8HIGH

Key Information:

Vendor: Siemens
Status: Ruggedcom Nms All Versions < V2.1 (windows And Linux)
Vendor: CVE Published:; 27 February 2017

Summary

The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to trigger a malicious request.

Affected Version(s)

RUGGEDCOM NMS All < V2.1 (Windows and Linux) RUGGEDCOM NMS All versions < V2.1 (Windows and Linux)

References

http://www.siemens.com/cert/pool/cert/siemens_security_ad...

x_refsource_CONFIRM

https://ics-cert.us-cert.gov/advisories/ICSA-17-059-01

x_refsource_MISC

http://www.securitytracker.com/id/1037958

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2017
Vulnerability Reserved
Dec 1, 2016

.