CVE-2017-12736

After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions.

This could allow an attacker located in the adjacent network of the targeted device to perform unauthorized administrative actions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
siemensCNA
8.8 HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
siemensscalance_xb-200_firmware
3.0 ≤
siemensscalance_xc-200_firmware
3.0 ≤
siemensscalance_xp-200_firmware
3.0 ≤
siemensscalance_xr300-wg_firmware
3.0 ≤
siemensscalance_xr-500_firmware
6.1 ≤
siemensscalance_xm-400_firmware
6.1 ≤
siemensruggedcom_ros
𝑥
< 5.0.1
siemensruggedcom_ros
𝑥
< 4.3.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/101041
http://www.securitytracker.com/id/1039463
http://www.securitytracker.com/id/1039464
https://cert-portal.siemens.com/productcert/html/ssa-856721.html
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf
http://www.securityfocus.com/bid/101041
http://www.securitytracker.com/id/1039463
http://www.securitytracker.com/id/1039464
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf