10

CVE-2017-6869

EPSS 1.47%
Published 08.08.2017 00:29:00
Last modified 20.04.2025 01:37:25
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability was discovered in Siemens ViewPort for Web Office Portal before revision number 1453 that could allow an unauthenticated remote user to upload arbitrary code and execute it with the permissions of the operating-system user running the web server by sending specially crafted network packets to port 443/TCP or port 80/TCP.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Viewport For Web Office Portal Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.47%	0.791

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.securityfocus.com/bid/99343

Third Party Advisory

VDB Entry

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-545214.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-6869

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-6869

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-6869

EUVD