Vulnerability Description
After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions. This could allow an attacker located in the adjacent network of the targeted device to perform unauthorized administrative actions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Scalance Xb-200 Firmware | >= 3.0 |
| Siemens | Scalance Xb-200 | - |
| Siemens | Scalance Xc-200 Firmware | >= 3.0 |
| Siemens | Scalance Xc-200 | - |
| Siemens | Scalance Xp-200 Firmware | >= 3.0 |
| Siemens | Scalance Xp-200 | - |
| Siemens | Scalance Xr300-Wg Firmware | >= 3.0 |
| Siemens | Scalance Xr300-Wg | - |
| Siemens | Scalance Xr-500 Firmware | >= 6.1 |
| Siemens | Scalance Xr-500 | - |
| Siemens | Scalance Xm-400 Firmware | >= 6.1 |
| Siemens | Scalance Xm-400 | - |
| Siemens | Ruggedcom Ros | < 5.0.1 |
| Siemens | Ruggedcom Rsl910 | - |
| Siemens | Ruggedcom | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/101041Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039463Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039464Third Party AdvisoryVDB Entry
- https://cert-portal.siemens.com/productcert/html/ssa-856721.html
- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdfIssue TrackingMitigationVendor Advisory
- http://www.securityfocus.com/bid/101041Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039463Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039464Third Party AdvisoryVDB Entry
- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdfIssue TrackingMitigationVendor Advisory
FAQ
What is CVE-2017-12736?
CVE-2017-12736 is a vulnerability with a CVSS score of 8.8 (HIGH). After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions. This could allow an attacker located in the adjacent network of t...
How severe is CVE-2017-12736?
CVE-2017-12736 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-12736?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Scalance Xb-200 Firmware, Siemens Scalance Xb-200, Siemens Scalance Xc-200 Firmware, Siemens Scalance Xc-200, Siemens Scalance Xp-200 Firmware.