CVE-2017-2682

Name of the Vulnerable Software and Affected Versions Siemens RUGGEDCOM NMS versions prior to V1.2

Description The issue allows a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack. This could potentially enable an attacker to execute administrative operations if the targeted user has an active session and is induced to trigger a malicious request.

Recommendations For versions prior to V1.2, update to version V1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the web application on port 8080/TCP and 8081/TCP to minimize the risk of exploitation.