CVE-2017-12739

Name of the Vulnerable Software and Affected Versions Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00

Description The issue is related to the integrated web server of the affected devices, which could allow unauthenticated remote attackers to execute arbitrary code on the device. This is due to insufficient access control in the GoAhead web server of the COM module.

Recommendations For Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00, consider restricting access to the integrated web server on port 80/tcp until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.