cvelistv5 - cve-2017-12740

CVE-2017-12740 (GCVE-0-2017-12740)

Vulnerability from cvelistv5 – Published: 2017-12-26 04:00 – Updated: 2024-08-05 18:43

Summary

Severity ?

No CVSS data available.

CWE

CWE-494 - Download of Code Without Integrity Check

Assigner

siemens

References

URL

Tags

https://www.siemens.com/cert/pool/cert/siemens_se…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Siemens LOGO! Soft Comfort (All versions before V8.2)	Affected: Siemens LOGO! Soft Comfort (All versions before V8.2)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:43:56.668Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-888929.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Siemens LOGO! Soft Comfort (All versions before V8.2)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Siemens LOGO! Soft Comfort (All versions before V8.2)"
            }
          ]
        }
      ],
      "datePublic": "2017-12-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-494",
              "description": "CWE-494: Download of Code Without Integrity Check",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-26T04:57:01",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-888929.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2017-12740",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Siemens LOGO! Soft Comfort (All versions before V8.2)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Siemens LOGO! Soft Comfort (All versions before V8.2)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-494: Download of Code Without Integrity Check"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-888929.pdf",
              "refsource": "CONFIRM",
              "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-888929.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2017-12740",
    "datePublished": "2017-12-26T04:00:00",
    "dateReserved": "2017-08-09T00:00:00",
    "dateUpdated": "2024-08-05T18:43:56.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:logo\\\\!_soft_comfort:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.2\", \"matchCriteriaId\": \"DF69C737-B070-464E-B256-50BCE0106A11\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack.\"}, {\"lang\": \"es\", \"value\": \"Siemens LOGO! Soft Comfort en todas las versiones anteriores a la V8.2 carece de verificaci\\u00f3n de integridad de los paquetes de software descargados mediante un canal de comunicaci\\u00f3n sin protecci\\u00f3n. Esto podr\\u00eda permitir que un atacante remoto manipulase el paquete de software mientras realiza un ataque Man-in-the-Middle (MitM).\"}]",
      "id": "CVE-2017-12740",
      "lastModified": "2024-11-21T03:10:07.853",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-12-26T04:29:13.673",
      "references": "[{\"url\": \"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-888929.pdf\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-888929.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "productcert@siemens.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"productcert@siemens.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-494\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-345\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-12740\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2017-12-26T04:29:13.673\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack.\"},{\"lang\":\"es\",\"value\":\"Siemens LOGO! Soft Comfort en todas las versiones anteriores a la V8.2 carece de verificaci\u00f3n de integridad de los paquetes de software descargados mediante un canal de comunicaci\u00f3n sin protecci\u00f3n. Esto podr\u00eda permitir que un atacante remoto manipulase el paquete de software mientras realiza un ataque Man-in-the-Middle (MitM).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-494\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:logo\\\\!_soft_comfort:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.2\",\"matchCriteriaId\":\"DF69C737-B070-464E-B256-50BCE0106A11\"}]}]}],\"references\":[{\"url\":\"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-888929.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-888929.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GSD-2017-12740

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-12740

Aliases

CVE-2017-12740

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-12740",
    "description": "Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack.",
    "id": "GSD-2017-12740"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-12740"
      ],
      "details": "Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack.",
      "id": "GSD-2017-12740",
      "modified": "2023-12-13T01:21:03.277796Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2017-12740",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Siemens LOGO! Soft Comfort (All versions before V8.2)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Siemens LOGO! Soft Comfort (All versions before V8.2)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-494: Download of Code Without Integrity Check"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-888929.pdf",
            "refsource": "CONFIRM",
            "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-888929.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:logo\\!_soft_comfort:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2017-12740"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-345"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-888929.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-888929.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-09T23:23Z",
      "publishedDate": "2017-12-26T04:29Z"
    }
  }
}

ICSA-17-353-04

Vulnerability from csaf_cisa - Published: 2017-12-19 00:00 - Updated: 2017-12-19 00:00

Summary

Siemens LOGO! Soft Comfort

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

ATTENTION: Remotely exploitable.

Critical infrastructure sectors

Commercial Facilities, Transportation Systems

Countries/areas deployed

Worldwide

Company headquarters location

Germany

Recommended Practices

NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.

Recommended Practices

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target this vulnerability. High skill level is needed to exploit.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Tobias Gebhardt"
        ],
        "summary": "reporting this vulnerability to Siemens"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "ATTENTION: Remotely exploitable.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Commercial Facilities, Transportation Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability. High skill level is needed to exploit.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-353-04 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-353-04.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-353-04 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-353-04"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-353-04"
      }
    ],
    "title": "Siemens LOGO! Soft Comfort",
    "tracking": {
      "current_release_date": "2017-12-19T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-17-353-04",
      "initial_release_date": "2017-12-19T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-12-19T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-17-353-04 Siemens LOGO! Soft Comfort"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 8.2",
                "product": {
                  "name": "LOGO! Soft Comfort: All versions prior to V8.2",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "LOGO! Soft Comfort"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-12740",
      "cwe": {
        "id": "CWE-494",
        "name": "Download of Code Without Integrity Check"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The update center of LOGO! Soft Comfort lacks integrity verification on software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a man-in-the-middle (MitM) attack.CVE-2017-12740 has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12740"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Siemens removed the Update Center from LOGO! Soft Comfort V8.2 and provides SHA-256 checksums for all LOGO! Soft Comfort software packages via a secured HTTPS channel. Siemens recommends verifying legitimacy by comparing the SHA-256 checksum of the downloaded software package with the SHA-256 checksum provided for the software package. Software version 8.2 for LOGO! Soft Comfort and SHA-256 checksums for LOGO! Soft Comfort downloads can be obtained via:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://www.siemens.com/logo-update",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.siemens.com/logo-update"
        },
        {
          "category": "vendor_fix",
          "details": "As a general security measure, Siemens strongly recommends protecting network access to the devices with appropriate mechanisms. Siemens advises configuring the environment according to Siemens operational guidelines in order to run the devices in a protected IT environment.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://www.siemens.com/cert/operational-guidelines-industrial-security",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
        },
        {
          "category": "vendor_fix",
          "details": "For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-888929 at the following location:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "http://www.siemens.com/cert/en/cert-security-advisories.htm",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "http://www.siemens.com/cert/en/cert-security-advisories.htm"
        },
        {
          "category": "vendor_fix",
          "details": "In addition, ICS-CERT recommends that users take the following measures to protect themselves from social engineering attacks:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

FKIE_CVE-2017-12740

Vulnerability from fkie_nvd - Published: 2017-12-26 04:29 - Updated: 2025-04-20 01:37

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

	URL	Tags
	productcert@siemens.com	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-888929.pdf	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-888929.pdf	Vendor Advisory

Impacted products

	Vendor	Product	Version
	siemens	logo\!_soft_comfort	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:logo\\!_soft_comfort:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF69C737-B070-464E-B256-50BCE0106A11",
              "versionEndExcluding": "8.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack."
    },
    {
      "lang": "es",
      "value": "Siemens LOGO! Soft Comfort en todas las versiones anteriores a la V8.2 carece de verificaci\u00f3n de integridad de los paquetes de software descargados mediante un canal de comunicaci\u00f3n sin protecci\u00f3n. Esto podr\u00eda permitir que un atacante remoto manipulase el paquete de software mientras realiza un ataque Man-in-the-Middle (MitM)."
    }
  ],
  "id": "CVE-2017-12740",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-12-26T04:29:13.673",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-888929.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-888929.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-494"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-345"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2017-AVI-478

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans SCADA les produits Siemens . Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	Siemens SIMATIC RF650M toutes versions avec Summit Client Utility antérieures à V22.3.5.16
Siemens	N/A	Siemens LOGO! Soft Comfort toutes versions antérieures à V8.2
Siemens	N/A	Siemens SIMATIC RF350M toutes versions avec Summit Client Utility antérieures à V22.3.5.16

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-418456 du 18 décembre 2017	None	vendor-advisory
Bulletin de sécurité Siemens SSA-888929 du 18 décembre 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Siemens SIMATIC RF650M toutes versions avec Summit Client Utility ant\u00e9rieures \u00e0 V22.3.5.16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens LOGO! Soft Comfort toutes versions ant\u00e9rieures \u00e0 V8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens SIMATIC RF350M toutes versions avec Summit Client Utility ant\u00e9rieures \u00e0 V22.3.5.16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-13078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13078"
    },
    {
      "name": "CVE-2017-12740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12740"
    },
    {
      "name": "CVE-2017-13081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13081"
    },
    {
      "name": "CVE-2017-13079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13079"
    },
    {
      "name": "CVE-2017-13077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13077"
    },
    {
      "name": "CVE-2017-13080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13080"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-478",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-12-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SCADA les produits\nSiemens . Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-418456 du 18 d\u00e9cembre 2017",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-418456.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-888929 du 18 d\u00e9cembre 2017",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-888929.pdf"
    }
  ]
}

CERTFR-2017-AVI-478

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	Siemens SIMATIC RF650M toutes versions avec Summit Client Utility antérieures à V22.3.5.16
Siemens	N/A	Siemens LOGO! Soft Comfort toutes versions antérieures à V8.2
Siemens	N/A	Siemens SIMATIC RF350M toutes versions avec Summit Client Utility antérieures à V22.3.5.16

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-418456 du 18 décembre 2017	None	vendor-advisory
Bulletin de sécurité Siemens SSA-888929 du 18 décembre 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Siemens SIMATIC RF650M toutes versions avec Summit Client Utility ant\u00e9rieures \u00e0 V22.3.5.16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens LOGO! Soft Comfort toutes versions ant\u00e9rieures \u00e0 V8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siemens SIMATIC RF350M toutes versions avec Summit Client Utility ant\u00e9rieures \u00e0 V22.3.5.16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-13078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13078"
    },
    {
      "name": "CVE-2017-12740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12740"
    },
    {
      "name": "CVE-2017-13081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13081"
    },
    {
      "name": "CVE-2017-13079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13079"
    },
    {
      "name": "CVE-2017-13077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13077"
    },
    {
      "name": "CVE-2017-13080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13080"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-478",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-12-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SCADA les produits\nSiemens . Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-418456 du 18 d\u00e9cembre 2017",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-418456.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-888929 du 18 d\u00e9cembre 2017",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-888929.pdf"
    }
  ]
}

VAR-201712-0702

Vulnerability from variot - Updated: 2023-12-18 12:37

Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack. Successfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. Versions prior to LOGO! Soft Comfort 8.2 are vulnerable

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201712-0702",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "logo! soft comfort",
        "scope": "lt",
        "trust": 1.4,
        "vendor": "siemens",
        "version": "8.2"
      },
      {
        "model": "logo\\! soft comfort",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "8.2"
      },
      {
        "model": "logo! soft comfort",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "8.0"
      },
      {
        "model": "logo! soft comfort",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.0"
      },
      {
        "model": "logo! soft comfort",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "6.0"
      },
      {
        "model": "logo! soft comfort",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "5.0"
      },
      {
        "model": "logo! soft comfort",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.0"
      },
      {
        "model": "logo! soft comfort",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "logo! soft comfort",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2.0"
      },
      {
        "model": "logo! soft comfort",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.0"
      },
      {
        "model": "logo! soft comfort",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "8.2"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "logo soft comfort",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2dfcf21-39ab-11e9-83c6-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-37691"
      },
      {
        "db": "BID",
        "id": "102225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011879"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12740"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:logo\\!_soft_comfort:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-12740"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Tobias Gebhardt",
    "sources": [
      {
        "db": "BID",
        "id": "102225"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-743"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-12740",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-12740",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 4.9,
            "id": "CNVD-2017-37691",
            "impactScore": 6.9,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:C/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 4.9,
            "id": "e2dfcf21-39ab-11e9-83c6-000c29342cb1",
            "impactScore": 6.9,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:C/A:N",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-12740",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-12740",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-37691",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201712-743",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "e2dfcf21-39ab-11e9-83c6-000c29342cb1",
            "trust": 0.2,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2dfcf21-39ab-11e9-83c6-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-37691"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011879"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12740"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-743"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack. \nSuccessfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a  man-in-the-middle attack. This may lead to other attacks. \nVersions prior to LOGO! Soft Comfort 8.2 are vulnerable",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-12740"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011879"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-37691"
      },
      {
        "db": "BID",
        "id": "102225"
      },
      {
        "db": "IVD",
        "id": "e2dfcf21-39ab-11e9-83c6-000c29342cb1"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-12740",
        "trust": 3.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-353-04",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-888929",
        "trust": 1.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-37691",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-743",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011879",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "102225",
        "trust": 0.3
      },
      {
        "db": "IVD",
        "id": "E2DFCF21-39AB-11E9-83C6-000C29342CB1",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2dfcf21-39ab-11e9-83c6-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-37691"
      },
      {
        "db": "BID",
        "id": "102225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011879"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12740"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-743"
      }
    ]
  },
  "id": "VAR-201712-0702",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "e2dfcf21-39ab-11e9-83c6-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-37691"
      }
    ],
    "trust": 1.64615386
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2dfcf21-39ab-11e9-83c6-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-37691"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:37:03.906000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-888929",
        "trust": 0.8,
        "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-888929.pdf"
      },
      {
        "title": "Siemens LOGO! Patch for Soft Comfort Man-in-the-Middle Attack Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/111289"
      },
      {
        "title": "Siemens LOGO! Soft Comfort Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77235"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37691"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011879"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-743"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-345",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011879"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12740"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-353-04"
      },
      {
        "trust": 1.6,
        "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-888929.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12740"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12740"
      },
      {
        "trust": 0.3,
        "url": "http://www.siemens.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37691"
      },
      {
        "db": "BID",
        "id": "102225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011879"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12740"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-743"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "e2dfcf21-39ab-11e9-83c6-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-37691"
      },
      {
        "db": "BID",
        "id": "102225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011879"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12740"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-743"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-21T00:00:00",
        "db": "IVD",
        "id": "e2dfcf21-39ab-11e9-83c6-000c29342cb1"
      },
      {
        "date": "2017-12-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-37691"
      },
      {
        "date": "2017-12-19T00:00:00",
        "db": "BID",
        "id": "102225"
      },
      {
        "date": "2018-02-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-011879"
      },
      {
        "date": "2017-12-26T04:29:13.673000",
        "db": "NVD",
        "id": "CVE-2017-12740"
      },
      {
        "date": "2017-12-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-743"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-37691"
      },
      {
        "date": "2017-12-19T00:00:00",
        "db": "BID",
        "id": "102225"
      },
      {
        "date": "2018-04-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-011879"
      },
      {
        "date": "2019-10-09T23:23:13.997000",
        "db": "NVD",
        "id": "CVE-2017-12740"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-743"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-743"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens LOGO! Soft Comfort Man-in-the-middle attack vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "e2dfcf21-39ab-11e9-83c6-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-37691"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "data forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-743"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2017-37691

Vulnerability from cnvd - Published: 2017-12-21

Title

Siemens LOGO! Soft Comfort中间人攻击漏洞

Description

LOGO!Soft Comfort是一个西门子LOGO!编程软件，支持新增文本显示模块。 Siemens LOGO! Soft Comfort存在中间人攻击漏洞，由于LOGO！的更新中心Soft Comfort缺乏对下载软件包的完整性验证，导致远程攻击者在执行中间人（MitM）攻击时操纵软件包。

Severity

中

Patch Name

Siemens LOGO! Soft Comfort中间人攻击漏洞的补丁

Patch Description

LOGO!Soft Comfort是一个西门子LOGO!编程软件，支持新增文本显示模块。 Siemens LOGO! Soft Comfort存在中间人攻击漏洞，由于LOGO！的更新中心Soft Comfort缺乏对下载软件包的完整性验证，导致远程攻击者在执行中间人（MitM）攻击时操纵软件包。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可联系供应商获得补丁信息： https://www.siemens.com/logo-update

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-17-353-04

Impacted products

Name
Siemens LOGO! Soft Comfort <8.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-12740"
    }
  },
  "description": "LOGO!Soft Comfort\u662f\u4e00\u4e2a\u897f\u95e8\u5b50LOGO!\u7f16\u7a0b\u8f6f\u4ef6\uff0c\u652f\u6301\u65b0\u589e\u6587\u672c\u663e\u793a\u6a21\u5757\u3002\r\n\r\nSiemens LOGO! Soft Comfort\u5b58\u5728\u4e2d\u95f4\u4eba\u653b\u51fb\u6f0f\u6d1e\uff0c\u7531\u4e8eLOGO\uff01\u7684\u66f4\u65b0\u4e2d\u5fc3Soft Comfort\u7f3a\u4e4f\u5bf9\u4e0b\u8f7d\u8f6f\u4ef6\u5305\u7684\u5b8c\u6574\u6027\u9a8c\u8bc1\uff0c\u5bfc\u81f4\u8fdc\u7a0b\u653b\u51fb\u8005\u5728\u6267\u884c\u4e2d\u95f4\u4eba\uff08MitM\uff09\u653b\u51fb\u65f6\u64cd\u7eb5\u8f6f\u4ef6\u5305\u3002",
  "discovererName": "Tobias Gebhardt",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.siemens.com/logo-update",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-37691",
  "openTime": "2017-12-21",
  "patchDescription": "LOGO!Soft Comfort\u662f\u4e00\u4e2a\u897f\u95e8\u5b50LOGO!\u7f16\u7a0b\u8f6f\u4ef6\uff0c\u652f\u6301\u65b0\u589e\u6587\u672c\u663e\u793a\u6a21\u5757\u3002\r\n\r\nSiemens LOGO! Soft Comfort\u5b58\u5728\u4e2d\u95f4\u4eba\u653b\u51fb\u6f0f\u6d1e\uff0c\u7531\u4e8eLOGO\uff01\u7684\u66f4\u65b0\u4e2d\u5fc3Soft Comfort\u7f3a\u4e4f\u5bf9\u4e0b\u8f7d\u8f6f\u4ef6\u5305\u7684\u5b8c\u6574\u6027\u9a8c\u8bc1\uff0c\u5bfc\u81f4\u8fdc\u7a0b\u653b\u51fb\u8005\u5728\u6267\u884c\u4e2d\u95f4\u4eba\uff08MitM\uff09\u653b\u51fb\u65f6\u64cd\u7eb5\u8f6f\u4ef6\u5305\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens LOGO! Soft Comfort\u4e2d\u95f4\u4eba\u653b\u51fb\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Siemens LOGO! Soft Comfort \u003c8.2"
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-17-353-04",
  "serverity": "\u4e2d",
  "submitTime": "2017-12-21",
  "title": "Siemens LOGO! Soft Comfort\u4e2d\u95f4\u4eba\u653b\u51fb\u6f0f\u6d1e"
}

GHSA-G8WQ-427W-WGQM

Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37

Details

Severity ?

5.9 (Medium)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-12740"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-345",
      "CWE-494"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-26T04:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack.",
  "id": "GHSA-g8wq-427w-wgqm",
  "modified": "2022-05-13T01:37:44Z",
  "published": "2022-05-13T01:37:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12740"
    },
    {
      "type": "WEB",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-888929.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-12740 (GCVE-0-2017-12740)

Solution

Solution

Tags

Sightings

Nomenclature