Cross-Site Request Forgery Vulnerability in Siemens RUGGEDCOM NMS
CVE-2017-2682

8.8HIGH

Key Information:

Vendor

Siemens
Status
Ruggedcom Nms All Versions < V2.1 (windows And Linux)
Vendor
CVE Published:
27 February 2017

What is CVE-2017-2682?

The vulnerability in Siemens RUGGEDCOM NMS allows a remote attacker to exploit CSRF weaknesses. If a user has an active session on the affected application and is tricked into clicking a malicious link, the attacker can perform unauthorized actions on behalf of the user. This can lead to security breaches, unauthorized changes to settings, and potentially compromise the integrity of the system. Network operators should be aware of this vulnerability and take necessary measures to mitigate the risk.

Affected Version(s)

RUGGEDCOM NMS All < V2.1 (Windows and Linux) RUGGEDCOM NMS All versions < V2.1 (Windows and Linux)

References

http://www.siemens.com/cert/pool/cert/siemens_security_ad...
x_refsource_CONFIRM
https://ics-cert.us-cert.gov/advisories/ICSA-17-059-01
x_refsource_MISC
http://www.securitytracker.com/id/1037958
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.