A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker in a Man-in-the-Middle position between the SiPass integrated server and SiPass integrated clients to read or modify the network communication.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N
Vendors Products
Siemens
  • Sipass Integrated

Configuration 1 [-]

cpe:2.3:a:siemens:sipass_integrated:*:sp2:*:*:*:*:*:*
References
Link Resource
http://www.securityfocus.com/bid/99578 Third Party Advisory VDB Entry
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: siemens

Published: 2017-08-08T00:00:00

Updated: 2017-08-08T09:57:01

Reserved: 2017-06-26T00:00:00

Link: CVE-2017-9941

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2017-08-08T00:29:00.447

Modified: 2019-10-09T23:30:53.567

Link: CVE-2017-9941

JSON object: View

cve-icon Redhat Information

No data.

CWE