CVE-2017-12739

CRITICAL

Siemens SICAM RTUs SM-2556 COM Modules - RCE

Title source: llm

Description

An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to execute arbitrary code on the affected device.

References (2)

[Mitigation, Vendor Advisory] https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdf

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/101884

Scores

CVSS v3 9.8

EPSS 0.0314

EPSS Percentile 86.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-1188

Status published

Products (7)

n/a/Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00 Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi

siemens/sm-2556_firmware dnpi00

siemens/sm-2556_firmware enos00

siemens/sm-2556_firmware erac00

siemens/sm-2556_firmware eta2

siemens/sm-2556_firmware etls00

siemens/sm-2556_firmware modi00

Published Nov 15, 2017

Tracked Since Feb 18, 2026