Security restrictions bypass in RUGGEDCOM ROS and Scalance X Switches Firmware - CVE-2017-12736
Published: October 4, 2017
Vulnerability identifier: #VU8670
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-12736
CWE-ID: CWE-284
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Siemens
Affected software:
RUGGEDCOM ROS
Scalance X Switches Firmware
RUGGEDCOM ROS
Scalance X Switches Firmware
Detailed vulnerability description
The vulnerability allows a adjacent attacker to bypass security restrictions on the target system.
The weakness exists due to improper access controls in the RCDP implementation that is used by Siemens Ruggedcom ROS-based devices and Siemens Scalance X switch models. An adjacent attacker on the same collision or broadcast domain as the target system can bypass security restrictions, gain unauthorized access and perform administrative actions.
The weakness exists due to improper access controls in the RCDP implementation that is used by Siemens Ruggedcom ROS-based devices and Siemens Scalance X switch models. An adjacent attacker on the same collision or broadcast domain as the target system can bypass security restrictions, gain unauthorized access and perform administrative actions.
How to mitigate CVE-2017-12736
Update RUGGEDCOM ROS to version 4.3.4 or 5.0.1.
Update Scalance X Switches Firmware to version 3.0 or 6.1.
Update Scalance X Switches Firmware to version 3.0 or 6.1.