ID

VAR-201708-1136


CVE

CVE-2017-12734


TITLE

Siemens LOGO! Information disclosure vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-008020

DESCRIPTION

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V1.81.2). An attacker with network access to the integrated web server on port 80/tcp could obtain the session ID of an active user session. A user must be logged in to the web interface. Siemens recommends to use the integrated webserver on port 80/tcp only in trusted networks. Siemens LOGO! The device contains an information disclosure vulnerability.Information may be obtained. LOGO!8 is the 8th generation intelligent logic controller of Siemens. It is the NanoPLC in the Siemens PLC family. It simplifies the programming configuration, the integrated panel can display more content, and can be easily integrated efficiently through the integrated Ethernet interface. interconnected. There is a vulnerability in SiemensLOGO!8BM. An attacker can exploit this issue to obtain sensitive information. Successful exploits may lead to other attacks. Versions prior to LOGO!8 BM FS-05 1.81.2 are vulnerable

Trust: 2.7

sources: NVD: CVE-2017-12734 // JVNDB: JVNDB-2017-008020 // CNVD: CNVD-2017-24122 // BID: 100560 // IVD: 8d7fabcf-0e35-4716-a6e6-04e8b861bfd7 // VULHUB: VHN-103286

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 8d7fabcf-0e35-4716-a6e6-04e8b861bfd7 // CNVD: CNVD-2017-24122

AFFECTED PRODUCTS

vendor:siemensmodel:logo\!8 bm fs-05scope:lteversion:1.81.1

Trust: 1.0

vendor:siemensmodel:logo!8 bm fs-05scope:ltversion:1.81.2

Trust: 0.8

vendor:siemensmodel:logo!8 bmscope:ltversion:1.81.2

Trust: 0.6

vendor:siemensmodel:logo\!8 bm fs-05scope:eqversion:1.81.1

Trust: 0.6

vendor:siemensmodel:logo!8 bm fs-05scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:logo!8 bm fs-05scope:neversion:1.81.2

Trust: 0.3

vendor:logo 8 bm fs 05model: - scope:eqversion:*

Trust: 0.2

sources: IVD: 8d7fabcf-0e35-4716-a6e6-04e8b861bfd7 // CNVD: CNVD-2017-24122 // BID: 100560 // JVNDB: JVNDB-2017-008020 // CNNVD: CNNVD-201708-1272 // NVD: CVE-2017-12734

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12734
value: HIGH

Trust: 1.0

NVD: CVE-2017-12734
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-24122
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201708-1272
value: HIGH

Trust: 0.6

IVD: 8d7fabcf-0e35-4716-a6e6-04e8b861bfd7
value: HIGH

Trust: 0.2

VULHUB: VHN-103286
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12734
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-24122
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 8d7fabcf-0e35-4716-a6e6-04e8b861bfd7
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-103286
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12734
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2017-12734
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 8d7fabcf-0e35-4716-a6e6-04e8b861bfd7 // CNVD: CNVD-2017-24122 // VULHUB: VHN-103286 // JVNDB: JVNDB-2017-008020 // CNNVD: CNNVD-201708-1272 // NVD: CVE-2017-12734

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

problemtype:CWE-895

Trust: 1.0

sources: VULHUB: VHN-103286 // JVNDB: JVNDB-2017-008020 // NVD: CVE-2017-12734

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-1272

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201708-1272

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-008020

PATCH

title:SSA-087240url:https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-087240.pdf

Trust: 0.8

title:SiemensLOGO! 8BM Session ID Disclosure Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/101261

Trust: 0.6

title:Siemens LOGO!8 BM Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74460

Trust: 0.6

sources: CNVD: CNVD-2017-24122 // JVNDB: JVNDB-2017-008020 // CNNVD: CNNVD-201708-1272

EXTERNAL IDS

db:NVDid:CVE-2017-12734

Trust: 3.6

db:SIEMENSid:SSA-087240

Trust: 2.6

db:BIDid:100560

Trust: 2.0

db:ICS CERTid:ICSA-17-243-02

Trust: 1.7

db:CNNVDid:CNNVD-201708-1272

Trust: 0.9

db:CNVDid:CNVD-2017-24122

Trust: 0.8

db:JVNDBid:JVNDB-2017-008020

Trust: 0.8

db:IVDid:8D7FABCF-0E35-4716-A6E6-04E8B861BFD7

Trust: 0.2

db:VULHUBid:VHN-103286

Trust: 0.1

sources: IVD: 8d7fabcf-0e35-4716-a6e6-04e8b861bfd7 // CNVD: CNVD-2017-24122 // VULHUB: VHN-103286 // BID: 100560 // JVNDB: JVNDB-2017-008020 // CNNVD: CNNVD-201708-1272 // NVD: CVE-2017-12734

REFERENCES

url:http://www.securityfocus.com/bid/100560

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-087240.pdf

Trust: 1.7

url:https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-087240.pdf

Trust: 1.5

url:https://ics-cert.us-cert.gov/advisories/icsa-17-243-02

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12734

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-12734

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-17-243-02

Trust: 0.6

url:http://www.siemens.com/

Trust: 0.3

sources: CNVD: CNVD-2017-24122 // VULHUB: VHN-103286 // BID: 100560 // JVNDB: JVNDB-2017-008020 // CNNVD: CNNVD-201708-1272 // NVD: CVE-2017-12734

CREDITS

Maxim Rupp

Trust: 0.3

sources: BID: 100560

SOURCES

db:IVDid:8d7fabcf-0e35-4716-a6e6-04e8b861bfd7
db:CNVDid:CNVD-2017-24122
db:VULHUBid:VHN-103286
db:BIDid:100560
db:JVNDBid:JVNDB-2017-008020
db:CNNVDid:CNNVD-201708-1272
db:NVDid:CVE-2017-12734

LAST UPDATE DATE

2024-11-23T22:12:53.084000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-24122date:2017-08-31T00:00:00
db:VULHUBid:VHN-103286date:2019-10-09T00:00:00
db:BIDid:100560date:2017-08-30T00:00:00
db:JVNDBid:JVNDB-2017-008020date:2017-10-05T00:00:00
db:CNNVDid:CNNVD-201708-1272date:2020-12-15T00:00:00
db:NVDid:CVE-2017-12734date:2024-11-21T03:10:07.130

SOURCES RELEASE DATE

db:IVDid:8d7fabcf-0e35-4716-a6e6-04e8b861bfd7date:2017-08-31T00:00:00
db:CNVDid:CNVD-2017-24122date:2017-08-31T00:00:00
db:VULHUBid:VHN-103286date:2017-08-30T00:00:00
db:BIDid:100560date:2017-08-30T00:00:00
db:JVNDBid:JVNDB-2017-008020date:2017-10-05T00:00:00
db:CNNVDid:CNNVD-201708-1272date:2017-08-30T00:00:00
db:NVDid:CVE-2017-12734date:2017-08-30T19:29:00.273