PT-2017-19305 · Siemens · Siemens 7Kt Pac1200

Published

2017-12-26

Updated

2019-10-09

CVE-2017-9944

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Siemens 7KT PAC1200 data manager versions prior to V2.03

Description A vulnerability has been identified in the integrated web server of the affected devices, which could allow an unauthenticated remote attacker to perform administrative operations over the network. The issue affects the web server running on port 80/tcp.

Recommendations For versions prior to V2.03, update to version V2.03 or later to resolve the issue. As a temporary workaround, consider restricting access to the integrated web server on port 80/tcp to minimize the risk of exploitation.

Fix

Authentication Bypass Using an Alternate Path or Channel

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-288CWE-269

Related Identifiers

CVE-2017-9944

Affected Products

Siemens 7Kt Pac1200

PT-2017-19305 · Siemens · Siemens 7Kt Pac1200

CVE-2017-9944

Weakness Enumeration

Related Identifiers

Affected Products

References · 4