CVE-2017-12736

Name of the Vulnerable Software and Affected Versions RUGGEDCOM ROS for RSL910 devices versions prior to 5.0.1 RUGGEDCOM ROS for all other devices versions prior to 4.3.4 SCALANCE XB-200/XC-200/XP-200/XR300-WG versions 3.0 through 3.0.2 (excluding 3.0.2) SCALANCE XR-500/XM-400 versions 6.1 through 6.1.1 (excluding 6.1.1)

Description A vulnerability has been identified that potentially allows users to perform unauthorized administrative actions on affected devices. The Ruggedcom Discovery Protocol (RCDP) can still write to the device under certain conditions after initial configuration, posing a risk to devices on adjacent networks.

Recommendations For RUGGEDCOM ROS for RSL910 devices versions prior to 5.0.1, update to version 5.0.1 or later. For RUGGEDCOM ROS for all other devices versions prior to 4.3.4, update to version 4.3.4 or later. For SCALANCE XB-200/XC-200/XP-200/XR300-WG versions 3.0 through 3.0.2 (excluding 3.0.2), update to version 3.0.2 or later. For SCALANCE XR-500/XM-400 versions 6.1 through 6.1.1 (excluding 6.1.1), update to version 6.1.1 or later. As a temporary workaround, consider restricting access to the RCDP to minimize the risk of exploitation.