Details of VAR-201712-0701

ID

VAR-201712-0701

CVE

CVE-2017-12736

TITLE

plural Siemens Vulnerabilities related to authorization, authority, and access control in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-011797

DESCRIPTION

A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions < ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions < ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (All versions between V6.1 (including) and V6.1.1 (excluding)). After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to writeto the device under certain conditions, potentially allowing users located in the adjacentnetwork of the targeted device to perform unauthorized administrative actions. plural Siemens The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens RuggedCom ROS is a ROX-based device for connecting devices in harsh environments, such as substations, traffic management chassis, etc. The SCALANCE XB-200 is an industrial Ethernet switch. Siemens Ruggedcom ROS and SCALANCE are not authorized to exploit the vulnerability. Multiple Siemens Products are prone to a remote security bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. RUGGEDCOM ROS prior to 4.3.4 for all other devices. SCALANCE XB-200/XC-200/XP-200/XR300-WG 3.0 and later. SCALANCE XR-500/XM-400 6.1 and later

Trust: 2.61

sources: NVD: CVE-2017-12736 // JVNDB: JVNDB-2017-011797 // CNVD: CNVD-2017-28656 // BID: 101041 // IVD: 8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b // CNVD: CNVD-2017-28656

AFFECTED PRODUCTS

vendor:	siemens	model:	ruggedcom ros	scope:	lt	version:	4.3.4	Trust: 1.6
vendor:	siemens	model:	scalance xc-200	scope:	gte	version:	3.0	Trust: 1.0
vendor:	siemens	model:	scalance xr-500	scope:	gte	version:	6.1	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros	scope:	lt	version:	5.0.1	Trust: 1.0
vendor:	siemens	model:	scalance xp-200	scope:	gte	version:	3.0	Trust: 1.0
vendor:	siemens	model:	scalance xr300-wg	scope:	gte	version:	3.0	Trust: 1.0
vendor:	siemens	model:	scalance xm-400	scope:	gte	version:	6.1	Trust: 1.0
vendor:	siemens	model:	scalance xb-200	scope:	gte	version:	3.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom ros	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance xb-200	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance xc-200	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance xm400	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance xp-200	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance xr-300-wg	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	scalance xr500	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	ruggedcom ros for rsl910	scope:	lt	version:	5.0.1	Trust: 0.6
vendor:	siemens	model:	scalance xb-200	scope:	gt	version:	3.0	Trust: 0.6
vendor:	siemens	model:	scalance xc-200	scope:	gt	version:	3.0	Trust: 0.6
vendor:	siemens	model:	scalance xp-200	scope:	gt	version:	3.0	Trust: 0.6
vendor:	siemens	model:	scalance xr300-wg	scope:	gt	version:	3.0	Trust: 0.6
vendor:	siemens	model:	scalance xr-500	scope:	gt	version:	6.1	Trust: 0.6
vendor:	siemens	model:	scalance xm-400	scope:	gt	version:	6.1	Trust: 0.6
vendor:	ruggedcom ros	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	siemens	model:	scalance xr300-wg	scope:	eq	version:	3.0	Trust: 0.3
vendor:	siemens	model:	scalance xr-500	scope:	eq	version:	6.1	Trust: 0.3
vendor:	siemens	model:	scalance xp-200	scope:	eq	version:	3.0	Trust: 0.3
vendor:	siemens	model:	scalance xm-400	scope:	eq	version:	6.1	Trust: 0.3
vendor:	siemens	model:	scalance xc-200	scope:	eq	version:	3.0	Trust: 0.3
vendor:	siemens	model:	scalance xb-200	scope:	eq	version:	3.0	Trust: 0.3
vendor:	siemens	model:	ruggedcom ros	scope:	eq	version:	4.2.1	Trust: 0.3
vendor:	siemens	model:	ruggedcom ros	scope:	eq	version:	5.0.0	Trust: 0.3
vendor:	siemens	model:	ruggedcom ros	scope:	eq	version:	4.3.3	Trust: 0.3
vendor:	siemens	model:	ruggedcom ros	scope:	eq	version:	4.2.0	Trust: 0.3
vendor:	siemens	model:	ruggedcom ros	scope:	eq	version:	4.1.0	Trust: 0.3
vendor:	siemens	model:	rsl910	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	ruggedcom ros	scope:	ne	version:	5.0.1	Trust: 0.3
vendor:	siemens	model:	ruggedcom ros	scope:	ne	version:	4.3.4	Trust: 0.3
vendor:	scalance xb 200	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	scalance xc 200	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	scalance xp 200	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	scalance xr300 wg	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	scalance xr 500	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	scalance xm 400	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b // CNVD: CNVD-2017-28656 // BID: 101041 // JVNDB: JVNDB-2017-011797 // NVD: CVE-2017-12736

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12736
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-12736
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-28656
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201709-1396
value:	HIGH
Trust: 0.6
IVD:	8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2017-12736
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-28656
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2017-12736
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: 8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b // CNVD: CNVD-2017-28656 // JVNDB: JVNDB-2017-011797 // CNNVD: CNNVD-201709-1396 // NVD: CVE-2017-12736

PROBLEMTYPE DATA

problemtype:	CWE-665	Trust: 1.0
problemtype:	CWE-20	Trust: 1.0
problemtype:	CWE-264	Trust: 0.8

sources: JVNDB: JVNDB-2017-011797 // NVD: CVE-2017-12736

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201709-1396

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201709-1396

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-011797

PATCH

title:	SSA-856721	url:	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf	Trust: 0.8
title:	Siemens Ruggedcom ROS and SCALANCE Unauthorized Patch for Operational Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/103044	Trust: 0.6
title:	Multiple Siemens Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75254	Trust: 0.6

sources: CNVD: CNVD-2017-28656 // JVNDB: JVNDB-2017-011797 // CNNVD: CNNVD-201709-1396

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12736	Trust: 3.5
db:	SIEMENS	id:	SSA-856721	Trust: 2.5
db:	BID	id:	101041	Trust: 1.9
db:	SECTRACK	id:	1039464	Trust: 1.6
db:	SECTRACK	id:	1039463	Trust: 1.6
db:	CNVD	id:	CNVD-2017-28656	Trust: 0.8
db:	CNNVD	id:	CNNVD-201709-1396	Trust: 0.8
db:	ICS CERT	id:	ICSA-17-271-01B	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-011797	Trust: 0.8
db:	ICS CERT	id:	ICSA-17-271-01	Trust: 0.6
db:	IVD	id:	8E5E8CB8-D4EE-4AD5-9084-3BF21BBBDB6B	Trust: 0.2

sources: IVD: 8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b // CNVD: CNVD-2017-28656 // BID: 101041 // JVNDB: JVNDB-2017-011797 // CNNVD: CNNVD-201709-1396 // NVD: CVE-2017-12736

REFERENCES

url:	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf	Trust: 2.5
url:	http://www.securityfocus.com/bid/101041	Trust: 1.6
url:	http://www.securitytracker.com/id/1039463	Trust: 1.6
url:	http://www.securitytracker.com/id/1039464	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12736	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-271-01b	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12736	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-271-01	Trust: 0.6
url:	http://www.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2017-28656 // BID: 101041 // JVNDB: JVNDB-2017-011797 // CNNVD: CNNVD-201709-1396 // NVD: CVE-2017-12736

CREDITS

Siemens

Trust: 0.9

sources: BID: 101041 // CNNVD: CNNVD-201709-1396

SOURCES

db:	IVD	id:	8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b
db:	CNVD	id:	CNVD-2017-28656
db:	BID	id:	101041
db:	JVNDB	id:	JVNDB-2017-011797
db:	CNNVD	id:	CNNVD-201709-1396
db:	NVD	id:	CVE-2017-12736

LAST UPDATE DATE

2024-08-14T15:39:24.583000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-28656	date:	2017-09-29T00:00:00
db:	BID	id:	101041	date:	2017-09-28T00:00:00
db:	JVNDB	id:	JVNDB-2017-011797	date:	2018-03-05T00:00:00
db:	CNNVD	id:	CNNVD-201709-1396	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-12736	date:	2019-10-03T00:03:26.223

SOURCES RELEASE DATE

db:	IVD	id:	8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b	date:	2017-09-29T00:00:00
db:	CNVD	id:	CNVD-2017-28656	date:	2017-09-29T00:00:00
db:	BID	id:	101041	date:	2017-09-28T00:00:00
db:	JVNDB	id:	JVNDB-2017-011797	date:	2018-01-26T00:00:00
db:	CNNVD	id:	CNNVD-201709-1396	date:	2017-09-28T00:00:00
db:	NVD	id:	CVE-2017-12736	date:	2017-12-26T04:29:13.643