RCE in Siemens Ruggedcom
CVE-2017-12736
After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions. This could allow an attacker located in the adjacent network of the targeted device to perform unauthori…
EPSS: 0.005 (65.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Siemens Ruggedcom
- Siemens Ruggedcom I800 — versions 0
- Siemens Ruggedcom I800nc — versions 0
- Siemens Ruggedcom I801 — versions 0
- Siemens Ruggedcom I801nc — versions 0
- Siemens Ruggedcom I802 — versions 0
- Siemens Ruggedcom I802nc — versions 0
- Siemens Ruggedcom I803 — versions 0
- Siemens Ruggedcom I803nc — versions 0
- Siemens Ruggedcom M2100 — versions 0
Weakness classification (CWE)
References
- productcert@siemens.com (x_refsource_CONFIRM, Mitigation, Issue Tracking, Vendor Advisory)
- productcert@siemens.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
- productcert@siemens.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
- productcert@siemens.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- productcert@siemens.com
Frequently asked questions
- What is CVE-2017-12736?
- CVE-2017-12736 is a high-severity vulnerability in Siemens Ruggedcom, classified under Initialization of a Resource with an Insecure Default. CVSS score: 8.8/10. Published 2017-12-26.
- How severe is CVE-2017-12736?
- High severity. CVSS v3 base score is 8.8 out of 10.