10

CVE-2017-12739

An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to execute arbitrary code on the affected device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SiemensSm-2556 Firmware Versiondnpi00
   SiemensSm-2556 Version-
SiemensSm-2556 Firmware Versionenos00
   SiemensSm-2556 Version-
SiemensSm-2556 Firmware Versionerac00
   SiemensSm-2556 Version-
SiemensSm-2556 Firmware Versioneta2
   SiemensSm-2556 Version-
SiemensSm-2556 Firmware Versionetls00
   SiemensSm-2556 Version-
SiemensSm-2556 Firmware Versionmodi00
   SiemensSm-2556 Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.65% 0.92
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-1188 Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.

http://www.securityfocus.com/bid/101884
Third Party Advisory
VDB Entry
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdf
Vendor Advisory
Mitigation