CVE-2017-12736

HIGH

Ruggedcom - Privilege Escalation

Title source: llm

Description

After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions. This could allow an attacker located in the adjacent network of the targeted device to perform unauthorized administrative actions.

References (5)

[Vendor Advisory] https://cert-portal.siemens.com/productcert/html/ssa-856721.html

[Issue Tracking, Mitigation, Vendor Advisory] https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1039463

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1039464

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/101041

Scores

CVSS v3 8.8

EPSS 0.0047

EPSS Percentile 64.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-665 CWE-1188

Status published

Products (50)

Siemens/RUGGEDCOM i800 < V4.3.4

Siemens/RUGGEDCOM i800NC < V4.3.4

Siemens/RUGGEDCOM i801 < V4.3.4

Siemens/RUGGEDCOM i801NC < V4.3.4

Siemens/RUGGEDCOM i802 < V4.3.4

Siemens/RUGGEDCOM i802NC < V4.3.4

Siemens/RUGGEDCOM i803 < V4.3.4

Siemens/RUGGEDCOM i803NC < V4.3.4

Siemens/RUGGEDCOM M2100 < V4.3.4

Siemens/RUGGEDCOM M2100NC < V4.3.4

... and 40 more

Published Dec 26, 2017

Tracked Since Feb 18, 2026