Remote code execution in Siemens Viewport for Web Office Portal
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-6869 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Viewport for Web Office Portal Client/Desktop applications / Other client software |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Remote code execution
EUVDB-ID: #VU7269
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-6869
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The weakness exists due to improper input validation. A remote attacker can send specially crafted network packets to ports 443/TCP or 80/TCP and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may result in system compromise.
The vulnerability is addressed in software revision number 1453.
Vulnerable software versionsViewport for Web Office Portal: All versions
CPE2.3 External linkshttps://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-545214.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
