A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V1.81.2). An attacker with network access to the integrated web server on port 80/tcp could obtain the session ID of an active user session. A user must be logged in to the web interface. Siemens recommends to use the integrated webserver on port 80/tcp only in trusted networks.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/100560 | Third Party Advisory VDB Entry |
https://cert-portal.siemens.com/productcert/pdf/ssa-087240.pdf | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: siemens
Published: 2017-08-30T19:00:00
Updated: 2020-12-14T21:05:17
Reserved: 2017-08-09T00:00:00
Link: CVE-2017-12734
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-08-30T19:29:00.273
Modified: 2022-01-04T18:09:36.570
Link: CVE-2017-12734
JSON object: View
Redhat Information
No data.