CVE-2017-12736
HIGHSiemens SCALANCE and RUGGEDCOM - Unauthenticated Unauthorized Administrative Access via RCDP
Title source: llmDescription
After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions. This could allow an attacker located in the adjacent network of the targeted device to perform unauthorized administrative actions.
References (5)
Core 5
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-856721.html
Issue Tracking, Mitigation, Vendor Advisory x_refsource_confirm
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039463
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039464
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101041
Scores
CVSS v3
8.8
EPSS
0.0100
EPSS Percentile
58.1%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-1188
CWE-665
Status
published
Products (50)
Siemens/RUGGEDCOM i800
< V4.3.4
Siemens/RUGGEDCOM i800NC
< V4.3.4
Siemens/RUGGEDCOM i801
< V4.3.4
Siemens/RUGGEDCOM i801NC
< V4.3.4
Siemens/RUGGEDCOM i802
< V4.3.4
Siemens/RUGGEDCOM i802NC
< V4.3.4
Siemens/RUGGEDCOM i803
< V4.3.4
Siemens/RUGGEDCOM i803NC
< V4.3.4
Siemens/RUGGEDCOM M2100
< V4.3.4
Siemens/RUGGEDCOM M2100NC
< V4.3.4
... and 40 more
Published
Dec 26, 2017
Tracked Since
Feb 18, 2026