Details of VAR-201708-1137

ID

VAR-201708-1137

CVE

CVE-2017-12735

TITLE

Siemens LOGO!8 BM Man-in-the-middle attack vulnerability

Trust: 0.8

sources: IVD: 29fab2f5-9e11-4346-ac56-489f82c76976 // CNVD: CNVD-2017-24121

DESCRIPTION

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic. Siemens LOGO! The device contains an access control vulnerability.Information may be obtained and information may be altered. LOGO!8 is the 8th generation intelligent logic controller of Siemens. It is the NanoPLC in the Siemens PLC family. It simplifies the programming configuration, the integrated panel can display more content, and can be easily integrated efficiently through the integrated Ethernet interface. interconnected. Successfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks

Trust: 2.7

sources: NVD: CVE-2017-12735 // JVNDB: JVNDB-2017-007570 // CNVD: CNVD-2017-24121 // BID: 100561 // IVD: 29fab2f5-9e11-4346-ac56-489f82c76976 // VULHUB: VHN-103287

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 29fab2f5-9e11-4346-ac56-489f82c76976 // CNVD: CNVD-2017-24121

AFFECTED PRODUCTS

vendor:	siemens	model:	logo\! 8 bm	scope:	lt	version:	8.3	Trust: 1.0
vendor:	siemens	model:	logo! 8 bm	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	logo!8 bm	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	logo\!8 bm	scope:	eq	version:	-	Trust: 0.6
vendor:	siemens	model:	logo!8 bm fs-05	scope:	eq	version:	0	Trust: 0.3
vendor:	logo 8 bm	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: 29fab2f5-9e11-4346-ac56-489f82c76976 // CNVD: CNVD-2017-24121 // BID: 100561 // JVNDB: JVNDB-2017-007570 // CNNVD: CNNVD-201708-1271 // NVD: CVE-2017-12735

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12735
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-12735
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-24121
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201708-1271
value:	HIGH
Trust: 0.6
IVD:	29fab2f5-9e11-4346-ac56-489f82c76976
value:	HIGH
Trust: 0.2
VULHUB:	VHN-103287
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12735
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-24121
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	29fab2f5-9e11-4346-ac56-489f82c76976
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-103287
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12735
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2017-12735
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 29fab2f5-9e11-4346-ac56-489f82c76976 // CNVD: CNVD-2017-24121 // VULHUB: VHN-103287 // JVNDB: JVNDB-2017-007570 // CNNVD: CNNVD-201708-1271 // NVD: CVE-2017-12735

PROBLEMTYPE DATA

problemtype:	CWE-300	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-103287 // JVNDB: JVNDB-2017-007570 // NVD: CVE-2017-12735

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-1271

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201708-1271

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007570

PATCH

title:	SSA-087240	url:	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-087240.pdf	Trust: 0.8
title:	Siemens LOGO!8 BM Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74459	Trust: 0.6

sources: JVNDB: JVNDB-2017-007570 // CNNVD: CNNVD-201708-1271

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12735	Trust: 3.6
db:	SIEMENS	id:	SSA-087240	Trust: 2.6
db:	BID	id:	100561	Trust: 2.0
db:	ICS CERT	id:	ICSA-17-243-02	Trust: 1.7
db:	CNNVD	id:	CNNVD-201708-1271	Trust: 0.9
db:	CNVD	id:	CNVD-2017-24121	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-007570	Trust: 0.8
db:	IVD	id:	29FAB2F5-9E11-4346-AC56-489F82C76976	Trust: 0.2
db:	VULHUB	id:	VHN-103287	Trust: 0.1

sources: IVD: 29fab2f5-9e11-4346-ac56-489f82c76976 // CNVD: CNVD-2017-24121 // VULHUB: VHN-103287 // BID: 100561 // JVNDB: JVNDB-2017-007570 // CNNVD: CNNVD-201708-1271 // NVD: CVE-2017-12735

REFERENCES

url:	http://www.securityfocus.com/bid/100561	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-087240.pdf	Trust: 1.7
url:	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-087240.pdf	Trust: 1.5
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-243-02	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12735	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12735	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-17-243-02	Trust: 0.6
url:	http://www.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2017-24121 // VULHUB: VHN-103287 // BID: 100561 // JVNDB: JVNDB-2017-007570 // CNNVD: CNNVD-201708-1271 // NVD: CVE-2017-12735

CREDITS

Maxim Rupp

Trust: 0.3

sources: BID: 100561

SOURCES

db:	IVD	id:	29fab2f5-9e11-4346-ac56-489f82c76976
db:	CNVD	id:	CNVD-2017-24121
db:	VULHUB	id:	VHN-103287
db:	BID	id:	100561
db:	JVNDB	id:	JVNDB-2017-007570
db:	CNNVD	id:	CNNVD-201708-1271
db:	NVD	id:	CVE-2017-12735

LAST UPDATE DATE

2024-11-23T22:12:53.124000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-24121	date:	2017-08-31T00:00:00
db:	VULHUB	id:	VHN-103287	date:	2019-10-09T00:00:00
db:	BID	id:	100561	date:	2017-08-30T00:00:00
db:	JVNDB	id:	JVNDB-2017-007570	date:	2017-12-25T00:00:00
db:	CNNVD	id:	CNNVD-201708-1271	date:	2020-12-31T00:00:00
db:	NVD	id:	CVE-2017-12735	date:	2024-11-21T03:10:07.250

SOURCES RELEASE DATE

db:	IVD	id:	29fab2f5-9e11-4346-ac56-489f82c76976	date:	2017-08-31T00:00:00
db:	CNVD	id:	CNVD-2017-24121	date:	2017-08-31T00:00:00
db:	VULHUB	id:	VHN-103287	date:	2017-08-30T00:00:00
db:	BID	id:	100561	date:	2017-08-30T00:00:00
db:	JVNDB	id:	JVNDB-2017-007570	date:	2017-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201708-1271	date:	2017-08-30T00:00:00
db:	NVD	id:	CVE-2017-12735	date:	2017-08-30T19:29:00.320