CVE-2017-12822
CRITICALSentinel LDK RTE < 7.55 - Unauthenticated Admin Interface Enabling and Disabling
Title source: llmDescription
Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-008-sentinel-ldk-rte-remote-enabling-and-disabling-admin-interface/
Various Sources x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01
Vendor Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102906
Scores
CVSS v3
9.9
EPSS
0.0117
EPSS Percentile
63.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
Details
CWE
CWE-306
Status
published
Products (2)
Gemalto/Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE
7.55
sentinel/sentinel_ldk_rte_firmware
< 7.50
Published
Oct 04, 2017
Tracked Since
Feb 18, 2026