var-201712-0701
Vulnerability from variot

A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions < ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions < ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (All versions between V6.1 (including) and V6.1.1 (excluding)). After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to writeto the device under certain conditions, potentially allowing users located in the adjacentnetwork of the targeted device to perform unauthorized administrative actions. plural Siemens The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens RuggedCom ROS is a ROX-based device for connecting devices in harsh environments, such as substations, traffic management chassis, etc. The SCALANCE XB-200 is an industrial Ethernet switch. Siemens Ruggedcom ROS and SCALANCE are not authorized to exploit the vulnerability. Multiple Siemens Products are prone to a remote security bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. RUGGEDCOM ROS prior to 4.3.4 for all other devices. SCALANCE XB-200/XC-200/XP-200/XR300-WG 3.0 and later. SCALANCE XR-500/XM-400 6.1 and later

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201712-0701",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ruggedcom ros",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "4.3.4"
      },
      {
        "model": "scalance xm-400",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.1"
      },
      {
        "model": "scalance xr-500",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.1"
      },
      {
        "model": "ruggedcom ros",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.0.1"
      },
      {
        "model": "scalance xp-200",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "scalance xc-200",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "scalance xb-200",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "scalance xr300-wg",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "ruggedcom ros",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance xb-200",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance xc-200",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance xm400",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance xp-200",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance xr-300-wg",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance xr500",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ruggedcom ros for rsl910",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "5.0.1"
      },
      {
        "model": "scalance xb-200",
        "scope": "gt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "scalance xc-200",
        "scope": "gt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "scalance xp-200",
        "scope": "gt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "scalance xr300-wg",
        "scope": "gt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "scalance xr-500",
        "scope": "gt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "6.1"
      },
      {
        "model": "scalance xm-400",
        "scope": "gt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "6.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "ruggedcom ros",
        "version": "*"
      },
      {
        "model": "scalance xr300-wg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "scalance xr-500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "6.1"
      },
      {
        "model": "scalance xp-200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "scalance xm-400",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "6.1"
      },
      {
        "model": "scalance xc-200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "scalance xb-200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "ruggedcom ros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.2.1"
      },
      {
        "model": "ruggedcom ros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "5.0.0"
      },
      {
        "model": "ruggedcom ros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.3.3"
      },
      {
        "model": "ruggedcom ros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.2.0"
      },
      {
        "model": "ruggedcom ros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.1.0"
      },
      {
        "model": "rsl910",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "ruggedcom ros",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "5.0.1"
      },
      {
        "model": "ruggedcom ros",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.3.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance xb 200",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance xc 200",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance xp 200",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance xr300 wg",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance xr 500",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance xm 400",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-28656"
      },
      {
        "db": "BID",
        "id": "101041"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011797"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12736"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xb-200_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "3.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xb-200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xc-200_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "3.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xc-200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xp-200_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "3.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xp-200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xr300-wg_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "3.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xr300-wg:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xr-500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "6.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xr-500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:scalance_xm-400_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionStartIncluding": "6.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:scalance_xm-400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_ros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "5.0.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rsl910:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_ros:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.3.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-12736"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens",
    "sources": [
      {
        "db": "BID",
        "id": "101041"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1396"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-12736",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-12736",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-28656",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-12736",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-12736",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-28656",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201709-1396",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b",
            "trust": 0.2,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-28656"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011797"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12736"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1396"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions \u003c ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions \u003c ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (All versions between V6.1 (including) and V6.1.1 (excluding)). After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to writeto the device under certain conditions, potentially allowing users located in the adjacentnetwork of the targeted device to perform unauthorized administrative actions. plural Siemens The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens RuggedCom ROS is a ROX-based device for connecting devices in harsh environments, such as substations, traffic management chassis, etc. The SCALANCE XB-200 is an industrial Ethernet switch. Siemens Ruggedcom ROS and SCALANCE are not authorized to exploit the vulnerability. Multiple Siemens Products are prone to a remote security bypass vulnerability. \nSuccessfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. \nRUGGEDCOM ROS prior to 4.3.4 for all other devices. \nSCALANCE XB-200/XC-200/XP-200/XR300-WG 3.0 and later. \nSCALANCE XR-500/XM-400 6.1 and later",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-12736"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011797"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-28656"
      },
      {
        "db": "BID",
        "id": "101041"
      },
      {
        "db": "IVD",
        "id": "8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-12736",
        "trust": 3.5
      },
      {
        "db": "SIEMENS",
        "id": "SSA-856721",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "101041",
        "trust": 1.9
      },
      {
        "db": "SECTRACK",
        "id": "1039464",
        "trust": 1.6
      },
      {
        "db": "SECTRACK",
        "id": "1039463",
        "trust": 1.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-28656",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1396",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-271-01B",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011797",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-271-01",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "8E5E8CB8-D4EE-4AD5-9084-3BF21BBBDB6B",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-28656"
      },
      {
        "db": "BID",
        "id": "101041"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011797"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12736"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1396"
      }
    ]
  },
  "id": "VAR-201712-0701",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-28656"
      }
    ],
    "trust": 1.390392178
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-28656"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:03:00.334000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-856721",
        "trust": 0.8,
        "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf"
      },
      {
        "title": "Siemens Ruggedcom ROS and SCALANCE Unauthorized Patch for Operational Vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/103044"
      },
      {
        "title": "Multiple Siemens Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75254"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-28656"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011797"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1396"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-665",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011797"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12736"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/101041"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id/1039463"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id/1039464"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12736"
      },
      {
        "trust": 0.8,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-271-01b"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12736"
      },
      {
        "trust": 0.6,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-271-01"
      },
      {
        "trust": 0.3,
        "url": "http://www.siemens.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-28656"
      },
      {
        "db": "BID",
        "id": "101041"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011797"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12736"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1396"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-28656"
      },
      {
        "db": "BID",
        "id": "101041"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011797"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12736"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1396"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-29T00:00:00",
        "db": "IVD",
        "id": "8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b"
      },
      {
        "date": "2017-09-29T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-28656"
      },
      {
        "date": "2017-09-28T00:00:00",
        "db": "BID",
        "id": "101041"
      },
      {
        "date": "2018-01-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-011797"
      },
      {
        "date": "2017-12-26T04:29:13.643000",
        "db": "NVD",
        "id": "CVE-2017-12736"
      },
      {
        "date": "2017-09-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201709-1396"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-29T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-28656"
      },
      {
        "date": "2017-09-28T00:00:00",
        "db": "BID",
        "id": "101041"
      },
      {
        "date": "2018-03-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-011797"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2017-12736"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201709-1396"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1396"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Siemens Vulnerabilities related to authorization, authority, and access control in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011797"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1396"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.