CVE-2017-2683

8.2HIGH

Key Information:

Vendor: Siemens
Status: Ruggedcom Nms All Versions < V2.1 (windows And Linux)
Vendor: CVE Published:; 27 February 2017

Summary

A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions.

Affected Version(s)

RUGGEDCOM NMS All < V2.1 (Windows and Linux) RUGGEDCOM NMS All versions < V2.1 (Windows and Linux)

References

http://www.siemens.com/cert/pool/cert/siemens_security_ad...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/96455

vdb-entryx_refsource_BID

https://ics-cert.us-cert.gov/advisories/ICSA-17-059-01

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 27, 2017
Vulnerability Reserved
Dec 1, 2016