CVE-2017-12709 — MEDIUM (5.3)

Vulnerability Description

A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device.

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Westermo	Mrd-305-Din Firmware	-
Westermo	Mrd-305-Din	-
Westermo	Mrd-315-Din Firmware	-
Westermo	Mrd-315-Din	-
Westermo	Mrd-355-Din Firmware	-
Westermo	Mrd-355-Din	-
Westermo	Mrd-455-Din Firmware	-
Westermo	Mrd-455-Din	-

Related Weaknesses (CWE)

CWE-798

References

http://www.securityfocus.com/bid/100470Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/100470Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2017-12709?

CVE-2017-12709 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, ...

How severe is CVE-2017-12709?

CVE-2017-12709 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-12709?

Check the references section above for vendor advisories and patch information. Affected products include: Westermo Mrd-305-Din Firmware, Westermo Mrd-305-Din, Westermo Mrd-315-Din Firmware, Westermo Mrd-315-Din, Westermo Mrd-355-Din Firmware.