CVE-2017-12736

Severity Score

8.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions < ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions < ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (All versions between V6.1 (including) and V6.1.1 (excluding)). After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to writeto the device under certain conditions, potentially allowing users located in the adjacentnetwork of the targeted device to perform unauthorized administrative actions.

Se identificó una vulnerabilidad en RUGGEDCOM ROS para los dispositivos RSL910 (todas las versiones anteriores a ROS V5.0.1), RUGGEDCOM ROS para todos los demás dispositivos (todas las versiones anteriores a ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (Todas las versiones entre V3.0 (incluido) y V3.0.2 (excluyendo), SCALANCE XR-500/XM-400 (Todas las versiones entre V6.1 (incluido) y V6.1.1 (excluyendo). Después de la configuración inicial, el Ruggedcom Discovery Protocol (RCDP) aún puede escribir hacia el dispositivo bajo ciertas condiciones, esto potencialmente permite que los usuarios ubicados en la red adyacente del dispositivo destino realicen acciones administrativas no autorizadas.

*Credits: N/A

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-08-09 CVE Reserved
2017-12-26 CVE Published
2023-10-10 EPSS Updated
2024-09-17 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-665: Improper Initialization

CAPEC

References (4)

URL	Tag	Source
http://www.securityfocus.com/bid/101041	Third Party Advisory
http://www.securitytracker.com/id/1039463	Third Party Advisory
http://www.securitytracker.com/id/1039464	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf	2019-10-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Siemens Search vendor "Siemens"	Scalance Xb-200 Firmware Search vendor "Siemens" for product "Scalance Xb-200 Firmware"	>= 3.0 Search vendor "Siemens" for product "Scalance Xb-200 Firmware" and version " >= 3.0"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Xb-200 Search vendor "Siemens" for product "Scalance Xb-200"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Xc-200 Firmware Search vendor "Siemens" for product "Scalance Xc-200 Firmware"	>= 3.0 Search vendor "Siemens" for product "Scalance Xc-200 Firmware" and version " >= 3.0"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Xc-200 Search vendor "Siemens" for product "Scalance Xc-200"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Xp-200 Firmware Search vendor "Siemens" for product "Scalance Xp-200 Firmware"	>= 3.0 Search vendor "Siemens" for product "Scalance Xp-200 Firmware" and version " >= 3.0"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Xp-200 Search vendor "Siemens" for product "Scalance Xp-200"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Xr300-wg Firmware Search vendor "Siemens" for product "Scalance Xr300-wg Firmware"	>= 3.0 Search vendor "Siemens" for product "Scalance Xr300-wg Firmware" and version " >= 3.0"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Xr300-wg Search vendor "Siemens" for product "Scalance Xr300-wg"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Xr-500 Firmware Search vendor "Siemens" for product "Scalance Xr-500 Firmware"	>= 6.1 Search vendor "Siemens" for product "Scalance Xr-500 Firmware" and version " >= 6.1"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Xr-500 Search vendor "Siemens" for product "Scalance Xr-500"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance Xm-400 Firmware Search vendor "Siemens" for product "Scalance Xm-400 Firmware"	>= 6.1 Search vendor "Siemens" for product "Scalance Xm-400 Firmware" and version " >= 6.1"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance Xm-400 Search vendor "Siemens" for product "Scalance Xm-400"	-	-	Safe
Siemens Search vendor "Siemens"	Ruggedcom Ros Search vendor "Siemens" for product "Ruggedcom Ros"	< 5.0.1 Search vendor "Siemens" for product "Ruggedcom Ros" and version " < 5.0.1"	-	Affected	in	Siemens Search vendor "Siemens"	Ruggedcom Rsl910 Search vendor "Siemens" for product "Ruggedcom Rsl910"	-	-	Safe
Siemens Search vendor "Siemens"	Ruggedcom Ros Search vendor "Siemens" for product "Ruggedcom Ros"	< 4.3.4 Search vendor "Siemens" for product "Ruggedcom Ros" and version " < 4.3.4"	-	Affected	in	Siemens Search vendor "Siemens"	Ruggedcom Search vendor "Siemens" for product "Ruggedcom"	-	-	Safe