CVE-2017-6868

Name of the Vulnerable Software and Affected Versions Siemens SIMATIC CP 44x-1 RNA versions prior to 1.4.1

Description An issue with improper authentication was found, allowing an unauthenticated remote attacker to perform administrative actions on the Communication Process of the RNA series module. This is possible if network access to Port 102/TCP is available and the configuration file for the CP is stored on the RNA's CPU.

Recommendations For versions prior to 1.4.1, update to version 1.4.1 or later to resolve the issue. As a temporary workaround, consider restricting network access to Port 102/TCP and ensuring the configuration file for the CP is not stored on the RNA's CPU to minimize the risk of exploitation.