PT-2017-12675 · Siemens · Sicam Rtus Sm-2556 Com Modules

Published

2017-11-15

Updated

2017-11-30

CVE-2017-12737

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00

Description An issue was discovered that could allow unauthenticated remote attackers to obtain sensitive device information over the network through the integrated web server on port 80/tcp.

Recommendations For Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00, restrict access to the integrated web server on port 80/tcp to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-12737

Affected Products

Sicam Rtus Sm-2556 Com Modules

PT-2017-12675 · Siemens · Sicam Rtus Sm-2556 Com Modules

CVE-2017-12737

Weakness Enumeration

Related Identifiers

Affected Products

References · 4