CVE-2017-12737

Name of the Vulnerable Software and Affected Versions Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00

Description An issue was discovered that could allow unauthenticated remote attackers to obtain sensitive device information over the network through the integrated web server on port 80/tcp.

Recommendations For Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00, restrict access to the integrated web server on port 80/tcp to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.