CVE-2017-6868

Sažetak

An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process (CP) of the RNA series module, if network access to Port 102/TCP is available and the configuration file for the CP is stored on the RNA's CPU.

Reference

http://www.securityfocus.com/bid/99234
http://www.securitytracker.com/id/1038788
https://ics-cert.us-cert.gov/advisories/ICSA-17-173-01
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-126840.pdf

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

30-12-2017 - 02:29

Objavljeno

07-07-2017 - 17:29