QID 591401

Date Published: 2023-04-03

QID 591401: Siemens Ruggedcom ROS, SCALANCE Improper Access Control Multiple Vulnerabilities (ICSA-17-271-01B, SSA-856721)

AFFECTED PRODUCTS
RUGGEDCOM ROS for RSL910 devices: All versions prior to ROS v5.0.1
RUGGEDCOM ROS for all other devices: All versions prior to ROS v4.3.4
SCALANCE XB-200/XC-200/XP-200/XR300-WG: All versions between v3.0 and v3.0.2
SCALANCE XR-500/XM-400: All versions between v6.1 and 6.1.1

QID Detection Logic:
This QID checks for the Vulnerable version of Siemens Ruggedcom ROS, SCALANCE using passive scanning.

Successful exploitation of this vulnerability could allow users of networks adjacent to the targeted device to perform unauthorized administrative actions.

CVSS V3 rated as Critical - 8.8 severity.

CVSS V2 rated as Medium - 5.8 severity.

Solution

Customers are advised to refer to CERT MITIGATIONS section icsa-17-271-01b or Siemens MITIGATIONS section SSA-856721 for affected packages and patching details.

Vendor References

ssa-856721 - cert-portal.siemens.com/productcert/pdf/ssa-856721.pdf

CVEs related to QID 591401

CVE-2017-12736 |

Software Advisories

Advisory ID	Software	Component	Link
icsa-17-271-01b			www.cisa.gov/news-events/ics-advisories/icsa-17-271-01b
ssa-856721			cert-portal.siemens.com/productcert/pdf/ssa-856721.pdf

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].