CVE-2017-12736

CWE-1188 CWE-665 CWE-20 — Improper Input Validation3 documents3 sources

Severity

8.8HIGH

EPSS

0.5%

top 35.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

222

Siemens Ruggedcom I800 Siemens Ruggedcom I800nc Siemens Ruggedcom I801 +219 more

Timeline

PublishedDec 26

Latest updateMay 13

Description

After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions. This could allow an attacker located in the adjacent network of the targeted device to perform unauthorized administrative actions.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages222 packages

▶NVDsiemens/ruggedcom_ros< 5.0.1+1

▶CVEListV5siemens/ruggedcom_i800< V4.3.4

▶CVEListV5siemens/ruggedcom_i801< V4.3.4

▶CVEListV5siemens/ruggedcom_i802< V4.3.4

▶CVEListV5siemens/ruggedcom_i803< V4.3.4

🔴Vulnerability Details

GHSA

GHSA-wjv4-g95p-rg69: A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions < ROS V5↗2022-05-13

▶

CVEList

CVE-2017-12736: After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions↗2017-12-26

▶