CVE-2017-12735
published 2017-08-30CVE-2017-12735: A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). An attacker who performs a Man-in-the-Middle attack between…
PriorityP337high7.4CVSS 3.1
AVNACHPRNUINSUCHIHAN
EPSS
1.13%
62.2th percentile
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | logo!_8_bm | — | — |
| siemens | logo_!_8_bm_firmware | < 8.3 | 8.3 |
| vim | vim | >= 0 < 2:7.4.1689-3ubuntu1.3 | 2:7.4.1689-3ubuntu1.3 |
| vim | vim | >= 0 < 2:8.0.1453-1ubuntu1.1 | 2:8.0.1453-1ubuntu1.1 |
CVSS provenance
nvdv3.17.4HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens LOGO! (Update A)
cisa_ics·2017-08-31·CVSS 7.5
[HIGH] Siemens LOGO! (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens LOGO! (Update A)
Last RevisedDecember 08, 2020
Alert CodeICSA-17-243-02
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Siemens
- Equipment: LOGO!
- Vulnerabilities: Insufficiently Protected Credentials, Man-in-the-Middle
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-17-243-02 Siemens LOGO! that was published August 31, 2017, on the ICS webpage on us-cert.cisa.gov.
## 3. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an a
GHSA
GHSA-qxg4-m824-m377: A vulnerability has been identified in LOGO! 8 BM (incl
ghsa_unreviewed·2022-05-13
CVE-2017-12735 [HIGH] CWE-300 GHSA-qxg4-m824-m377: A vulnerability has been identified in LOGO! 8 BM (incl
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic.
OSV
vim vulnerabilities
osv·2019-06-11·CVSS 9.8
CVE-2017-5953 vim vulnerabilities
vim vulnerabilities
It was discovered that Vim incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 16.04 LTS. (CVE-2017-5953)
It was discovered that Vim incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-12735)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-08-30
Published