CVE-2017-12736
high
CVSS v3
8.8
CVSS v2
5.8
VIR risk
8.8
Description
After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions. This could allow an attacker located in the adjacent network of the targeted device to perform unauthorized administrative actions.
Predictions
Exploit likelihood
82%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: productcert@siemens.com — https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf
References
- http://www.securityfocus.com/bid/101041
- http://www.securitytracker.com/id/1039463
- http://www.securitytracker.com/id/1039464
- https://cert-portal.siemens.com/productcert/html/ssa-856721.html
- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf
- http://www.securityfocus.com/bid/101041
- http://www.securitytracker.com/id/1039463
- http://www.securitytracker.com/id/1039464
- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf
CWEs
CWE-1188 CWE-665
Verify integrity in audit chain (admin only). AS-IS.