SB2017070701 - Two vulnerabilities in Siemens OZW762 and OZW772
Published: July 7, 2017
Security Bulletin ID
SB2017070701
CSH Severity
Medium
Patch available
NO
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Improper authentication (CVE-ID: CVE-2017-6872)
CWE-ID: CWE-287 - Improper Authentication
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to obtain data on the target system.
The weakness exists due to improper authentication. A remote attacker with access to Port 21/TCP can access or alter historical measurement data stored on the device.
Successful exploitation of the vulnerability results in information disclosure and modification.
2) Improper authentication (CVE-ID: CVE-2017-6873)
CWE-ID: CWE-287 - Improper Authentication
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to obtain data on the target system.
The weakness exists in the integrated web server on Port 443/TCP due to improper authentication. A remote attacker can conduct man-in-the-middle attack to read and manipulate data in TLS sessions.
Successful exploitation of the vulnerability results in information disclosure and modification.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.