8.8

CVE-2017-12736

After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions.

This could allow an attacker located in the adjacent network of the targeted device to perform unauthorized administrative actions.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SiemensScalance Xb-200 Firmware Version >= 3.0
   SiemensScalance Xb-200 Version-
SiemensScalance Xc-200 Firmware Version >= 3.0
   SiemensScalance Xc-200 Version-
SiemensScalance Xp-200 Firmware Version >= 3.0
   SiemensScalance Xp-200 Version-
SiemensScalance Xr300-wg Firmware Version >= 3.0
   SiemensScalance Xr300-wg Version-
SiemensScalance Xr-500 Firmware Version >= 6.1
   SiemensScalance Xr-500 Version-
SiemensScalance Xm-400 Firmware Version >= 6.1
   SiemensScalance Xm-400 Version-
SiemensRuggedcom Ros Version < 5.0.1
   SiemensRuggedcom Rsl910 Version-
SiemensRuggedcom Ros Version < 4.3.4
   SiemensRuggedcom Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.511
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
productcert@siemens.com 8.8 2.8 5.9
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 5.8 6.5 6.4
AV:A/AC:L/Au:N/C:P/I:P/A:P
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-1188 Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

CWE-665 Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

http://www.securityfocus.com/bid/101041
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039463
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039464
Third Party Advisory
VDB Entry