A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions < ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions < ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (All versions between V6.1 (including) and V6.1.1 (excluding)). After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to writeto the device under certain conditions, potentially allowing users located in the adjacentnetwork of the targeted device to perform unauthorized administrative actions.

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:A/AC:L/Au:N/C:P/I:P/A:P
Vendors Products
Siemens
  • Scalance Xm-400 Firmware
  • Scalance Xp-200
  • Scalance Xc-200 Firmware
  • Scalance Xc-200
  • Scalance Xr-500
  • Ruggedcom Ros
  • Scalance Xr300-wg
  • Scalance Xp-200 Firmware
  • Scalance Xr-500 Firmware
  • Ruggedcom Rsl910
  • Scalance Xr300-wg Firmware
  • Scalance Xb-200 Firmware
  • Scalance Xb-200
  • Scalance Xm-400
  • Ruggedcom

Configuration 1 [-]

AND
cpe:2.3:o:siemens:scalance_xb-200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_xb-200:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:siemens:scalance_xc-200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_xc-200:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:siemens:scalance_xp-200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_xp-200:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:siemens:scalance_xr300-wg_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_xr300-wg:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:siemens:scalance_xr-500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_xr-500:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:siemens:scalance_xm-400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_xm-400:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:siemens:ruggedcom_ros:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_rsl910:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:siemens:ruggedcom_ros:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom:-:*:*:*:*:*:*:*
References
Link Resource
http://www.securityfocus.com/bid/101041 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039463 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039464 Third Party Advisory VDB Entry
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf Issue Tracking Mitigation Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: siemens

Published: 2017-05-08T00:00:00

Updated: 2018-02-28T20:57:01

Reserved: 2017-08-09T00:00:00

Link: CVE-2017-12736

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2017-12-26T04:29:13.643

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-12736

JSON object: View

cve-icon Redhat Information

No data.

CWE