Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for simatic_cp_44x-1_redundant_network_access_modules by siemens

    CVE-2017-6868 (GCVE-0-2017-6868)

    Vulnerability from nvd – Published: 2017-07-07 17:00 – Updated: 2024-08-05 15:41
    VLAI
    Summary
    An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process (CP) of the RNA series module, if network access to Port 102/TCP is available and the configuration file for the CP is stored on the RNA's CPU.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Siemens SIMATIC CP 44x-1 Redundant Network Access Modules Affected: Siemens SIMATIC CP 44x-1 Redundant Network Access Modules
    Date Public
    2017-07-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:41:17.673Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "99234",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99234"
              },
              {
                "name": "1038788",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038788"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-173-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-126840.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Siemens SIMATIC CP 44x-1 Redundant Network Access Modules",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Siemens SIMATIC CP 44x-1 Redundant Network Access Modules"
                }
              ]
            }
          ],
          "datePublic": "2017-07-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process (CP) of the RNA series module, if network access to Port 102/TCP is available and the configuration file for the CP is stored on the RNA\u0027s CPU."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-29T04:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "name": "99234",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99234"
            },
            {
              "name": "1038788",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038788"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-173-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-126840.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2017-6868",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Siemens SIMATIC CP 44x-1 Redundant Network Access Modules",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Siemens SIMATIC CP 44x-1 Redundant Network Access Modules"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process (CP) of the RNA series module, if network access to Port 102/TCP is available and the configuration file for the CP is stored on the RNA\u0027s CPU."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "99234",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99234"
                },
                {
                  "name": "1038788",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038788"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-173-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-173-01"
                },
                {
                  "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-126840.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-126840.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2017-6868",
        "datePublished": "2017-07-07T17:00:00.000Z",
        "dateReserved": "2017-03-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T15:41:17.673Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6868 (GCVE-0-2017-6868)

    Vulnerability from cvelistv5 – Published: 2017-07-07 17:00 – Updated: 2024-08-05 15:41
    VLAI
    Summary
    An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process (CP) of the RNA series module, if network access to Port 102/TCP is available and the configuration file for the CP is stored on the RNA's CPU.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Siemens SIMATIC CP 44x-1 Redundant Network Access Modules Affected: Siemens SIMATIC CP 44x-1 Redundant Network Access Modules
    Date Public
    2017-07-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:41:17.673Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "99234",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99234"
              },
              {
                "name": "1038788",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038788"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-173-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-126840.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Siemens SIMATIC CP 44x-1 Redundant Network Access Modules",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Siemens SIMATIC CP 44x-1 Redundant Network Access Modules"
                }
              ]
            }
          ],
          "datePublic": "2017-07-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process (CP) of the RNA series module, if network access to Port 102/TCP is available and the configuration file for the CP is stored on the RNA\u0027s CPU."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-29T04:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "name": "99234",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99234"
            },
            {
              "name": "1038788",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038788"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-173-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-126840.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2017-6868",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Siemens SIMATIC CP 44x-1 Redundant Network Access Modules",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Siemens SIMATIC CP 44x-1 Redundant Network Access Modules"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process (CP) of the RNA series module, if network access to Port 102/TCP is available and the configuration file for the CP is stored on the RNA\u0027s CPU."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "99234",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99234"
                },
                {
                  "name": "1038788",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038788"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-173-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-173-01"
                },
                {
                  "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-126840.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-126840.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2017-6868",
        "datePublished": "2017-07-07T17:00:00.000Z",
        "dateReserved": "2017-03-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T15:41:17.673Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }