Improper authentication in Siemens OZW772 and Siemens OZW672 - CVE-2017-6873
Published: July 7, 2017
Vulnerability identifier: #VU7373
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-6873
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Siemens
Affected software:
Siemens OZW772
Siemens OZW672
Siemens OZW772
Siemens OZW672
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain data on the target system.
The weakness exists in the integrated web server on Port 443/TCP due to improper authentication. A remote attacker can conduct man-in-the-middle attack to read and manipulate data in TLS sessions.
Successful exploitation of the vulnerability results in information disclosure and modification.
The weakness exists in the integrated web server on Port 443/TCP due to improper authentication. A remote attacker can conduct man-in-the-middle attack to read and manipulate data in TLS sessions.
Successful exploitation of the vulnerability results in information disclosure and modification.
How to mitigate CVE-2017-6873
Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.