Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-12737 (GCVE-0-2017-12737)
Vulnerability from cvelistv5 – Published: 2017-11-15 08:00 – Updated: 2024-08-05 18:43
VLAI?
EPSS
Summary
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the network.
Severity ?
No CVSS data available.
CWE
- leak of sensitive device information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00 |
Affected:
Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00
|
Date Public ?
2017-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdf"
},
{
"name": "101884",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101884"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00"
}
]
}
],
"datePublic": "2017-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "leak of sensitive device information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-21T10:57:01.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdf"
},
{
"name": "101884",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101884"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2017-12737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00",
"version": {
"version_data": [
{
"version_value": "Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "leak of sensitive device information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdf",
"refsource": "CONFIRM",
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdf"
},
{
"name": "101884",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101884"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2017-12737",
"datePublished": "2017-11-15T08:00:00.000Z",
"dateReserved": "2017-08-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:43:56.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2017-12737",
"date": "2026-04-20",
"epss": "0.00298",
"percentile": "0.53199"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-12737\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2017-11-15T08:29:00.220\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the network.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en los m\u00f3dulos SM-2556 COM de las unidades terminal remotas SICAM de Siemens con las variantes de firmware ENOS00, ERAC00, ETA2, ETLS00, MODi00 y DNPi00. El servidor web integrado (puerto 80/tcp) de los dispositivos afectados podr\u00eda permitir que los atacantes remotos no autenticados obtengan informaci\u00f3n sensible del dispositivo a trav\u00e9s de la red.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sm-2556_firmware:dnpi00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED5101E6-6539-4764-AA69-04F231B579F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sm-2556_firmware:enos00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E03424AF-2BF9-4F1D-98A2-A98D9D413ACF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sm-2556_firmware:erac00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"407642BA-53E7-4D3E-8068-0817BB490953\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sm-2556_firmware:eta2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"972FB974-D711-475F-88F1-5617929D7319\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sm-2556_firmware:etls00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F5FF04-9652-464E-A7CB-490538BE26E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sm-2556_firmware:modi00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B8337D2-8A9C-4554-8B2C-808F59D7F35B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:sm-2556:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D7A2477-9462-47A8-A91F-8771F82B6615\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/101884\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/101884\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}"
}
}
FKIE_CVE-2017-12737
Vulnerability from fkie_nvd - Published: 2017-11-15 08:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the network.
References
| URL | Tags | ||
|---|---|---|---|
| productcert@siemens.com | http://www.securityfocus.com/bid/101884 | Third Party Advisory, VDB Entry | |
| productcert@siemens.com | https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdf | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101884 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdf | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | sm-2556_firmware | dnpi00 | |
| siemens | sm-2556_firmware | enos00 | |
| siemens | sm-2556_firmware | erac00 | |
| siemens | sm-2556_firmware | eta2 | |
| siemens | sm-2556_firmware | etls00 | |
| siemens | sm-2556_firmware | modi00 | |
| siemens | sm-2556 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:sm-2556_firmware:dnpi00:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5101E6-6539-4764-AA69-04F231B579F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sm-2556_firmware:enos00:*:*:*:*:*:*:*",
"matchCriteriaId": "E03424AF-2BF9-4F1D-98A2-A98D9D413ACF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sm-2556_firmware:erac00:*:*:*:*:*:*:*",
"matchCriteriaId": "407642BA-53E7-4D3E-8068-0817BB490953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sm-2556_firmware:eta2:*:*:*:*:*:*:*",
"matchCriteriaId": "972FB974-D711-475F-88F1-5617929D7319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sm-2556_firmware:etls00:*:*:*:*:*:*:*",
"matchCriteriaId": "80F5FF04-9652-464E-A7CB-490538BE26E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:sm-2556_firmware:modi00:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8337D2-8A9C-4554-8B2C-808F59D7F35B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:sm-2556:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D7A2477-9462-47A8-A91F-8771F82B6615",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the network."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en los m\u00f3dulos SM-2556 COM de las unidades terminal remotas SICAM de Siemens con las variantes de firmware ENOS00, ERAC00, ETA2, ETLS00, MODi00 y DNPi00. El servidor web integrado (puerto 80/tcp) de los dispositivos afectados podr\u00eda permitir que los atacantes remotos no autenticados obtengan informaci\u00f3n sensible del dispositivo a trav\u00e9s de la red."
}
],
"id": "CVE-2017-12737",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-15T08:29:00.220",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101884"
},
{
"source": "productcert@siemens.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2017-12737
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the network.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-12737",
"description": "An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the network.",
"id": "GSD-2017-12737",
"references": [
"https://packetstormsecurity.com/files/cve/CVE-2017-12737"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-12737"
],
"details": "An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the network.",
"id": "GSD-2017-12737",
"modified": "2023-12-13T01:21:03.238306Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2017-12737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00",
"version": {
"version_data": [
{
"version_value": "Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "leak of sensitive device information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdf",
"refsource": "CONFIRM",
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdf"
},
{
"name": "101884",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101884"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:sm-2556_firmware:enos00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:sm-2556_firmware:eta2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:sm-2556_firmware:etls00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:sm-2556_firmware:modi00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:sm-2556_firmware:dnpi00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:sm-2556_firmware:erac00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:sm-2556:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2017-12737"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdf",
"refsource": "CONFIRM",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdf"
},
{
"name": "101884",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101884"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
},
"lastModifiedDate": "2017-11-30T18:55Z",
"publishedDate": "2017-11-15T08:29Z"
}
}
}
GHSA-MP48-5296-PCMP
Vulnerability from github – Published: 2022-05-17 00:19 – Updated: 2022-05-17 00:19
VLAI?
Details
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the network.
Severity ?
5.3 (Medium)
{
"affected": [],
"aliases": [
"CVE-2017-12737"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-15T08:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the network.",
"id": "GHSA-mp48-5296-pcmp",
"modified": "2022-05-17T00:19:36Z",
"published": "2022-05-17T00:19:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12737"
},
{
"type": "WEB",
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdf"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101884"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
VAR-201711-0759
Vulnerability from variot - Updated: 2025-04-20 23:25An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the network. The SM-2556 communication module is a protocol component for LAN/WAN communication with a Fast Ethernet interface that can be connected to the SICAM1703 and SICAMRTU substation controllers. Multiple Siemens SICAM RTU Products are prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, to execute arbitrary code or arbitrary HTML or script code in the browser of an unsuspecting user within the context of the affected application. This can allow the attacker to steal cookie-based authentication credentials and aid in further attacks. Siemens SICAM RTUs is a substation controller of Siemens (Siemens) in Germany. SM-2556 COM Modules is used in one of the communication modules for LAN/WAN. Products using the following firmware are affected: ENOS00; ERAC00; ETA2; ETLS00; MODi00; DNPi00. SEC Consult Vulnerability Lab Security Advisory < 20171114-0 > ======================================================================= title: Authentication bypass, cross-site scripting & code execution product: Siemens SICAM RTUs SM-2556 COM Modules (firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00 and DNPi00 vulnerable version: FW 1549 Revision 07 fixed version: none, see Workaround section below CVE number: CVE-2017-12737 (authentication bypass) CVE-2017-12738 (XSS) CVE-2017-12739 (web server) impact: critical homepage: www.siemens.com found: 2017-08-17 by: SEC Consult Vulnerability Lab
An integrated part of SEC Consult
Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow
Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich
https://www.sec-consult.com
=======================================================================
Vendor description:
"Siemens is a global powerhouse focusing on the areas of electrification, automation and digitalization. One of the world's largest producers of energy-efficient, resource-saving technologies, Siemens is a leading supplier of systems for power generation and transmission as well as medical diagnosis."
Source: https://www.siemens.com/global/en/home/company/about.html
Business recommendation:
SEC Consult recommends not to use this device in production until a thorough security review has been performed by security professionals and all identified issues have been resolved. The device must not be accessible from untrusted networks.
Vulnerability overview/description:
1) Authentication Bypass (client-side "authentication" enforcement) The web interface (TCP port 80) suffers from an authentication bypass vulnerability that allows unauthenticated attackers to access arbitray functionality and information (i.e. password lists) available through the webserver.
2) Reflected Cross-Site Scripting The web interface provides a "ping" functionality. This form is vulnerable to reflected cross-site-scripting because of missing input handling and output encoding.
3) Outdated Webserver (GoAhead) The used webserver version contains known weaknesses.
Proof of concept:
1) Authentication Bypass Use a browser which has JavaScript disabled ("Authentication" checks are performed client-side) and open legitimate URLs directly.
Examples: http:///start.asp http:///pwliste.asp http:///goform/webforms_readmem?start_addr=0&length=100
2) Reflected Cross-Site Scripting All parameters in "webforms_ping" are vulnerable to reflected XSS: http:///goform/webforms_ping?ip_address=1.1.1.com%3Cscript%3Ealert(%27XSS%20proof-of-concept%27)%3C/script%3E1&length_data=32&count_pings=4&timeout=1
3) Outdated Webserver The used version of "GoAhead" webserver is 2.1.7 (released in Oct. 2003) This version has known vulnerabilities:
http://aluigi.altervista.org/adv/goahead-adv3.txt https://web.archive.org/web/20080314153252/http:/data.goahead.com:80/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp
Vulnerable / tested versions:
SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00 and DNPi00 (FW 1549 Revision 07)
Vendor contact timeline:
2017-09-25: Encrypted advisory sent to Siemens ProductCERT 2017-10-02: Requesting status update. 2017-10-09: Vendor states that the "affected device is out of service" and provides workaround (disable webserver). They are "still assessing the next steps". 2017-11-02: Requesting status update. 2017-11-06: Siemens ProductCERT will reach out to development team and keep us posted. 2017-11-08: Siemens ProductCERT prepares advisory. 2017-11-08: Asking about planned release date. 2017-11-13: Siemens ProductCERT provides planned release date (2017-11-14) 2017-11-14: Coordinated public release.
Solution:
No firmware update is available as the device is no longer supported by the vendor.
Workaround:
According to the vendor the webserver can be disabled to mitigate all the vulnerabilities documented in this advisory. The webserver is optional and only used for commissioning and debugging purposes.
The vendor published the following document for further information: https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdf
Advisory URL:
https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html
SEC Consult Vulnerability Lab
SEC Consult
Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow
Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich
About SEC Consult Vulnerability Lab
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It
ensures the continued knowledge gain of SEC Consult in the field of network
and application security to stay ahead of the attacker. The SEC Consult
Vulnerability Lab supports high-quality penetration testing and the evaluation
of new offensive and defensive technologies for our customers. Hence our
customers obtain the most current information about vulnerabilities and valid
recommendation about the risk profile of new technologies.
Interested to work with the experts of SEC Consult? Send us your application https://www.sec-consult.com/en/career/index.html
Interested in improving your cyber security with the experts of SEC Consult? Contact our local offices https://www.sec-consult.com/en/contact/index.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mail: research at sec-consult dot com Web: https://www.sec-consult.com Twitter: https://twitter.com/sec_consult
EOF SEC Consult Vulnerability Lab / @2017
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0759",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sm-2556",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "dnpi00"
},
{
"model": "sm-2556",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "enos00"
},
{
"model": "sm-2556",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "erac00"
},
{
"model": "sm-2556",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "eta2"
},
{
"model": "sm-2556",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "etls00"
},
{
"model": "sm-2556",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "modi00"
},
{
"model": "sicam rtus sm-2556 com modules",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sicam rtus sm-2556 com modules modi00",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "sicam rtus sm-2556 com modules etls00",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "sicam rtus sm-2556 com modules eta2",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "sicam rtus sm-2556 com modules erac00",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "sicam rtus sm-2556 com modules enos00",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "sicam rtus sm-2556 com modules dnpi00",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "dnpi00",
"scope": null,
"trust": 0.2,
"vendor": "sm 2556",
"version": null
},
{
"model": "enos00",
"scope": null,
"trust": 0.2,
"vendor": "sm 2556",
"version": null
},
{
"model": "erac00",
"scope": null,
"trust": 0.2,
"vendor": "sm 2556",
"version": null
},
{
"model": "eta2",
"scope": null,
"trust": 0.2,
"vendor": "sm 2556",
"version": null
},
{
"model": "etls00",
"scope": null,
"trust": 0.2,
"vendor": "sm 2556",
"version": null
},
{
"model": "modi00",
"scope": null,
"trust": 0.2,
"vendor": "sm 2556",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "0a156d51-9c78-4879-ae59-6f5c635e9965"
},
{
"db": "CNVD",
"id": "CNVD-2017-33869"
},
{
"db": "BID",
"id": "101884"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010178"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-558"
},
{
"db": "NVD",
"id": "CVE-2017-12737"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:siemens:sm-2556_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010178"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SEC Consult Vulnerability Lab.",
"sources": [
{
"db": "BID",
"id": "101884"
}
],
"trust": 0.3
},
"cve": "CVE-2017-12737",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-12737",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-33869",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "0a156d51-9c78-4879-ae59-6f5c635e9965",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-103289",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2017-12737",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-12737",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-12737",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-33869",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-558",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "0a156d51-9c78-4879-ae59-6f5c635e9965",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-103289",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0a156d51-9c78-4879-ae59-6f5c635e9965"
},
{
"db": "CNVD",
"id": "CNVD-2017-33869"
},
{
"db": "VULHUB",
"id": "VHN-103289"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010178"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-558"
},
{
"db": "NVD",
"id": "CVE-2017-12737"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the network. The SM-2556 communication module is a protocol component for LAN/WAN communication with a Fast Ethernet interface that can be connected to the SICAM1703 and SICAMRTU substation controllers. Multiple Siemens SICAM RTU Products are prone to multiple security vulnerabilities. \nAttackers can exploit these issues to obtain sensitive information, to execute arbitrary code or arbitrary HTML or script code in the browser of an unsuspecting user within the context of the affected application. This can allow the attacker to steal cookie-based authentication credentials and aid in further attacks. Siemens SICAM RTUs is a substation controller of Siemens (Siemens) in Germany. SM-2556 COM Modules is used in one of the communication modules for LAN/WAN. Products using the following firmware are affected: ENOS00; ERAC00; ETA2; ETLS00; MODi00; DNPi00. SEC Consult Vulnerability Lab Security Advisory \u003c 20171114-0 \u003e\n=======================================================================\n title: Authentication bypass, cross-site scripting \u0026 code\n execution\n product: Siemens SICAM RTUs SM-2556 COM Modules\n (firmware variants ENOS00, ERAC00, ETA2, ETLS00,\n MODi00 and DNPi00\n vulnerable version: FW 1549 Revision 07\n fixed version: none, see Workaround section below\n CVE number: CVE-2017-12737 (authentication bypass)\n CVE-2017-12738 (XSS)\n CVE-2017-12739 (web server)\n impact: critical\n homepage: www.siemens.com\n found: 2017-08-17\n by: SEC Consult Vulnerability Lab\n\n An integrated part of SEC Consult\n Bangkok - Berlin - Linz - Luxembourg - Montreal - Moscow\n Kuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich\n\n https://www.sec-consult.com\n\n=======================================================================\n\nVendor description:\n-------------------\n\"Siemens is a global powerhouse focusing on the areas of electrification,\nautomation and digitalization. One of the world\u0027s largest producers of\nenergy-efficient, resource-saving technologies, Siemens is a leading supplier\nof systems for power generation and transmission as well as medical diagnosis.\"\n\nSource: https://www.siemens.com/global/en/home/company/about.html\n\n\nBusiness recommendation:\n------------------------\nSEC Consult recommends not to use this device in production until a thorough\nsecurity review has been performed by security professionals and all\nidentified issues have been resolved. The device must not be accessible from\nuntrusted networks. \n\n\nVulnerability overview/description:\n-----------------------------------\n1) Authentication Bypass (client-side \"authentication\" enforcement)\nThe web interface (TCP port 80) suffers from an authentication bypass\nvulnerability that allows unauthenticated attackers to access arbitray\nfunctionality and information (i.e. password lists) available through\nthe webserver. \n\n\n2) Reflected Cross-Site Scripting\nThe web interface provides a \"ping\" functionality. This form is\nvulnerable to reflected cross-site-scripting because of missing input\nhandling and output encoding. \n\n\n3) Outdated Webserver (GoAhead)\nThe used webserver version contains known weaknesses. \n\n\nProof of concept:\n-----------------\n1) Authentication Bypass\nUse a browser which has JavaScript disabled (\"Authentication\" checks are\nperformed client-side) and open legitimate URLs directly. \n\nExamples:\nhttp://\u003chostname\u003e/start.asp\nhttp://\u003chostname\u003e/pwliste.asp\nhttp://\u003chostname\u003e/goform/webforms_readmem?start_addr=0\u0026length=100\n\n\n2) Reflected Cross-Site Scripting\nAll parameters in \"webforms_ping\" are vulnerable to reflected XSS:\nhttp://\u003chostname\u003e/goform/webforms_ping?ip_address=1.1.1.com%3Cscript%3Ealert(%27XSS%20proof-of-concept%27)%3C/script%3E1\u0026length_data=32\u0026count_pings=4\u0026timeout=1\n\n\n3) Outdated Webserver\nThe used version of \"GoAhead\" webserver is 2.1.7 (released in Oct. 2003)\nThis version has known vulnerabilities:\n\nhttp://aluigi.altervista.org/adv/goahead-adv3.txt\nhttps://web.archive.org/web/20080314153252/http:/data.goahead.com:80/Software/Webserver/2.1.8/release.htm#bug-with-urls-like-asp\n\n\n\nVulnerable / tested versions:\n-----------------------------\nSM-2556 COM Modules with the firmware variants ENOS00, ERAC00,\nETA2, ETLS00, MODi00 and DNPi00\n(FW 1549 Revision 07)\n\n\nVendor contact timeline:\n------------------------\n2017-09-25: Encrypted advisory sent to Siemens ProductCERT\n2017-10-02: Requesting status update. \n2017-10-09: Vendor states that the \"affected device is out of service\"\n and provides workaround (disable webserver). They are\n \"still assessing the next steps\". \n2017-11-02: Requesting status update. \n2017-11-06: Siemens ProductCERT will reach out to development team and keep us\n posted. \n2017-11-08: Siemens ProductCERT prepares advisory. \n2017-11-08: Asking about planned release date. \n2017-11-13: Siemens ProductCERT provides planned release date (2017-11-14)\n2017-11-14: Coordinated public release. \n\n\nSolution:\n---------\nNo firmware update is available as the device is no longer supported by\nthe vendor. \n\n\nWorkaround:\n-----------\nAccording to the vendor the webserver can be disabled to mitigate all\nthe vulnerabilities documented in this advisory. \nThe webserver is optional and only used for commissioning and debugging\npurposes. \n\nThe vendor published the following document for further information:\nhttps://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdf\n\n\nAdvisory URL:\n-------------\nhttps://www.sec-consult.com/en/vulnerability-lab/advisories/index.html\n\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSEC Consult Vulnerability Lab\n\nSEC Consult\nBangkok - Berlin - Linz - Luxembourg - Montreal - Moscow\nKuala Lumpur - Singapore - Vienna (HQ) - Vilnius - Zurich\n\nAbout SEC Consult Vulnerability Lab\nThe SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It\nensures the continued knowledge gain of SEC Consult in the field of network\nand application security to stay ahead of the attacker. The SEC Consult\nVulnerability Lab supports high-quality penetration testing and the evaluation\nof new offensive and defensive technologies for our customers. Hence our\ncustomers obtain the most current information about vulnerabilities and valid\nrecommendation about the risk profile of new technologies. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nInterested to work with the experts of SEC Consult?\nSend us your application https://www.sec-consult.com/en/career/index.html\n\nInterested in improving your cyber security with the experts of SEC Consult?\nContact our local offices https://www.sec-consult.com/en/contact/index.html\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nMail: research at sec-consult dot com\nWeb: https://www.sec-consult.com\nTwitter: https://twitter.com/sec_consult\n\n\nEOF SEC Consult Vulnerability Lab / @2017\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12737"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010178"
},
{
"db": "CNVD",
"id": "CNVD-2017-33869"
},
{
"db": "BID",
"id": "101884"
},
{
"db": "IVD",
"id": "0a156d51-9c78-4879-ae59-6f5c635e9965"
},
{
"db": "VULHUB",
"id": "VHN-103289"
},
{
"db": "PACKETSTORM",
"id": "144982"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12737",
"trust": 3.7
},
{
"db": "SIEMENS",
"id": "SSA-164516",
"trust": 2.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-320-02",
"trust": 1.7
},
{
"db": "BID",
"id": "101884",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201711-558",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-33869",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010178",
"trust": 0.8
},
{
"db": "IVD",
"id": "0A156D51-9C78-4879-AE59-6F5C635E9965",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "144982",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-103289",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "0a156d51-9c78-4879-ae59-6f5c635e9965"
},
{
"db": "CNVD",
"id": "CNVD-2017-33869"
},
{
"db": "VULHUB",
"id": "VHN-103289"
},
{
"db": "BID",
"id": "101884"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010178"
},
{
"db": "PACKETSTORM",
"id": "144982"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-558"
},
{
"db": "NVD",
"id": "CVE-2017-12737"
}
]
},
"id": "VAR-201711-0759",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0a156d51-9c78-4879-ae59-6f5c635e9965"
},
{
"db": "CNVD",
"id": "CNVD-2017-33869"
},
{
"db": "VULHUB",
"id": "VHN-103289"
}
],
"trust": 1.775
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "0a156d51-9c78-4879-ae59-6f5c635e9965"
},
{
"db": "CNVD",
"id": "CNVD-2017-33869"
}
]
},
"last_update_date": "2025-04-20T23:25:54.496000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-164516",
"trust": 0.8,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdf"
},
{
"title": "SICAMRTUSM-2556COM module information disclosure vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/106364"
},
{
"title": "Siemens SICAM RTUs SM-2556 COM Modules Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76397"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33869"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010178"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-558"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-103289"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010178"
},
{
"db": "NVD",
"id": "CVE-2017-12737"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdf"
},
{
"trust": 1.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-320-02"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/101884"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12737"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12737"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12738"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html"
},
{
"trust": 0.1,
"url": "http://\u003chostname\u003e/goform/webforms_ping?ip_address=1.1.1.com%3cscript%3ealert(%27xss%20proof-of-concept%27)%3c/script%3e1\u0026length_data=32\u0026count_pings=4\u0026timeout=1"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com/en/career/index.html"
},
{
"trust": 0.1,
"url": "http://\u003chostname\u003e/goform/webforms_readmem?start_addr=0\u0026length=100"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12739"
},
{
"trust": 0.1,
"url": "https://web.archive.org/web/20080314153252/http:/data.goahead.com:80/software/webserver/2.1.8/release.htm#bug-with-urls-like-asp"
},
{
"trust": 0.1,
"url": "https://www.sec-consult.com/en/contact/index.html"
},
{
"trust": 0.1,
"url": "https://twitter.com/sec_consult"
},
{
"trust": 0.1,
"url": "https://www.siemens.com/global/en/home/company/about.html"
},
{
"trust": 0.1,
"url": "http://aluigi.altervista.org/adv/goahead-adv3.txt"
},
{
"trust": 0.1,
"url": "http://\u003chostname\u003e/pwliste.asp"
},
{
"trust": 0.1,
"url": "http://\u003chostname\u003e/start.asp"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33869"
},
{
"db": "VULHUB",
"id": "VHN-103289"
},
{
"db": "BID",
"id": "101884"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010178"
},
{
"db": "PACKETSTORM",
"id": "144982"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-558"
},
{
"db": "NVD",
"id": "CVE-2017-12737"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0a156d51-9c78-4879-ae59-6f5c635e9965"
},
{
"db": "CNVD",
"id": "CNVD-2017-33869"
},
{
"db": "VULHUB",
"id": "VHN-103289"
},
{
"db": "BID",
"id": "101884"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010178"
},
{
"db": "PACKETSTORM",
"id": "144982"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-558"
},
{
"db": "NVD",
"id": "CVE-2017-12737"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-15T00:00:00",
"db": "IVD",
"id": "0a156d51-9c78-4879-ae59-6f5c635e9965"
},
{
"date": "2017-11-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33869"
},
{
"date": "2017-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-103289"
},
{
"date": "2017-11-14T00:00:00",
"db": "BID",
"id": "101884"
},
{
"date": "2017-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010178"
},
{
"date": "2017-11-14T15:17:47",
"db": "PACKETSTORM",
"id": "144982"
},
{
"date": "2017-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-558"
},
{
"date": "2017-11-15T08:29:00.220000",
"db": "NVD",
"id": "CVE-2017-12737"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33869"
},
{
"date": "2017-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-103289"
},
{
"date": "2017-12-19T22:37:00",
"db": "BID",
"id": "101884"
},
{
"date": "2017-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010178"
},
{
"date": "2017-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-558"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-12737"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-558"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SICAM RTU SM-2556 COM Module Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "0a156d51-9c78-4879-ae59-6f5c635e9965"
},
{
"db": "CNVD",
"id": "CNVD-2017-33869"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-558"
}
],
"trust": 0.6
}
}
CNVD-2017-33869
Vulnerability from cnvd - Published: 2017-11-15
VLAI Severity ?
Title
SICAM RTU SM-2556 COM模块信息泄露漏洞
Description
SM-2556通信模块是具有快速以太网接口的LAN / WAN通信的协议元件,可以连接到SICAM 1703和SICAM RTU变电站控制器。
SICAM RTU SM-2556 COM模块存在信息泄露漏洞,允许未经身份验证的远程攻击者通过网络获取敏感设备信息。
Severity
中
Patch Name
SICAM RTU SM-2556 COM模块信息泄露漏洞的补丁
Patch Description
SM-2556通信模块是具有快速以太网接口的LAN / WAN通信的协议元件,可以连接到SICAM 1703和SICAM RTU变电站控制器。
SICAM RTU SM-2556 COM模块存在信息泄露漏洞,允许未经身份验证的远程攻击者通过网络获取敏感设备信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
对于正在使用已停产的ETA2,MODi00或DNPi00固件的用户,西门子建议用户升级到ETA4,在SM-2556模块上分别使用MBSiA0或DNPiA1固件: http://w3.siemens.com/smartgrid/global/en/products-systems-solutions/substation-automation/substation-automation/Pages/sicam-ak-3.aspx
Reference
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-17-320-02
Impacted products
| Name | Siemens SICAM RTUs SM-2556 COM Modules |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-12737"
}
},
"description": "SM-2556\u901a\u4fe1\u6a21\u5757\u662f\u5177\u6709\u5feb\u901f\u4ee5\u592a\u7f51\u63a5\u53e3\u7684LAN / WAN\u901a\u4fe1\u7684\u534f\u8bae\u5143\u4ef6\uff0c\u53ef\u4ee5\u8fde\u63a5\u5230SICAM 1703\u548cSICAM RTU\u53d8\u7535\u7ad9\u63a7\u5236\u5668\u3002\r\n\r\nSICAM RTU SM-2556 COM\u6a21\u5757\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u7f51\u7edc\u83b7\u53d6\u654f\u611f\u8bbe\u5907\u4fe1\u606f\u3002",
"discovererName": "the SEC Consult Vulnerability Lab",
"formalWay": "\u5bf9\u4e8e\u6b63\u5728\u4f7f\u7528\u5df2\u505c\u4ea7\u7684ETA2\uff0cMODi00\u6216DNPi00\u56fa\u4ef6\u7684\u7528\u6237\uff0c\u897f\u95e8\u5b50\u5efa\u8bae\u7528\u6237\u5347\u7ea7\u5230ETA4\uff0c\u5728SM-2556\u6a21\u5757\u4e0a\u5206\u522b\u4f7f\u7528MBSiA0\u6216DNPiA1\u56fa\u4ef6\uff1a\r\nhttp://w3.siemens.com/smartgrid/global/en/products-systems-solutions/substation-automation/substation-automation/Pages/sicam-ak-3.aspx",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-33869",
"openTime": "2017-11-15",
"patchDescription": "SM-2556\u901a\u4fe1\u6a21\u5757\u662f\u5177\u6709\u5feb\u901f\u4ee5\u592a\u7f51\u63a5\u53e3\u7684LAN / WAN\u901a\u4fe1\u7684\u534f\u8bae\u5143\u4ef6\uff0c\u53ef\u4ee5\u8fde\u63a5\u5230SICAM 1703\u548cSICAM RTU\u53d8\u7535\u7ad9\u63a7\u5236\u5668\u3002\r\n\r\nSICAM RTU SM-2556 COM\u6a21\u5757\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u7f51\u7edc\u83b7\u53d6\u654f\u611f\u8bbe\u5907\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "SICAM RTU SM-2556 COM\u6a21\u5757\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Siemens SICAM RTUs SM-2556 COM Modules"
},
"referenceLink": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdf\r\nhttps://ics-cert.us-cert.gov/advisories/ICSA-17-320-02",
"serverity": "\u4e2d",
"submitTime": "2017-11-15",
"title": "SICAM RTU SM-2556 COM\u6a21\u5757\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
ICSA-17-320-02
Vulnerability from csaf_cisa - Published: 2017-11-16 00:00 - Updated: 2017-11-16 00:00Summary
Siemens SICAM
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available.
Critical infrastructure sectors: Energy
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
Recommended Practices: ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available in the ICS-CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.
Recommended Practices: Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.
5.3 (Medium)
Vendor Fix
As the web server is for diagnostics only and not required for normal operation, Siemens recommends disabling the web server after commissioning.
Vendor Fix
For users who are currently using the discontinued ETA2 (IEC 60870-5-104), MODi00 (Modbus/TCP slave) or DNPi00 (DNP3/TCP slave) firmware, Siemens recommends users upgrade to ETA4 (IEC 60870-5-104), MBSiA0 (Modbus/TCP slave) or DNPiA1 (DNP3/ TCP slave) firmware, respectively, on the SM-2558 COM Module, which is the successor to the SM-2556 Module. The upgrades are available at:
Vendor Fix
http://w3.siemens.com/smartgrid/global/en/products-systems-solutions/substation-automation/substation-automation/Pages/sicam-ak-3.aspx
http://w3.siemens.com/smartgrid/global/en/product…
Vendor Fix
Siemens recommends users protect network access with appropriate mechanisms. Siemens also advises that users configure the operational environment according to Siemens ' Operational Guidelines for Industrial Security:
Vendor Fix
https://www.siemens.com/cert/operational-guidelines-industrial-security
https://www.siemens.com/cert/operational-guidelin…
Vendor Fix
For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-164516 at the following location:
Vendor Fix
http://www.siemens.com/cert/advisories
http://www.siemens.com/cert/advisories
6.1 (Medium)
Vendor Fix
As the web server is for diagnostics only and not required for normal operation, Siemens recommends disabling the web server after commissioning.
Vendor Fix
For users who are currently using the discontinued ETA2 (IEC 60870-5-104), MODi00 (Modbus/TCP slave) or DNPi00 (DNP3/TCP slave) firmware, Siemens recommends users upgrade to ETA4 (IEC 60870-5-104), MBSiA0 (Modbus/TCP slave) or DNPiA1 (DNP3/ TCP slave) firmware, respectively, on the SM-2558 COM Module, which is the successor to the SM-2556 Module. The upgrades are available at:
Vendor Fix
http://w3.siemens.com/smartgrid/global/en/products-systems-solutions/substation-automation/substation-automation/Pages/sicam-ak-3.aspx
http://w3.siemens.com/smartgrid/global/en/product…
Vendor Fix
Siemens recommends users protect network access with appropriate mechanisms. Siemens also advises that users configure the operational environment according to Siemens ' Operational Guidelines for Industrial Security:
Vendor Fix
https://www.siemens.com/cert/operational-guidelines-industrial-security
https://www.siemens.com/cert/operational-guidelin…
Vendor Fix
For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-164516 at the following location:
Vendor Fix
http://www.siemens.com/cert/advisories
http://www.siemens.com/cert/advisories
9.8 (Critical)
Vendor Fix
As the web server is for diagnostics only and not required for normal operation, Siemens recommends disabling the web server after commissioning.
Vendor Fix
For users who are currently using the discontinued ETA2 (IEC 60870-5-104), MODi00 (Modbus/TCP slave) or DNPi00 (DNP3/TCP slave) firmware, Siemens recommends users upgrade to ETA4 (IEC 60870-5-104), MBSiA0 (Modbus/TCP slave) or DNPiA1 (DNP3/ TCP slave) firmware, respectively, on the SM-2558 COM Module, which is the successor to the SM-2556 Module. The upgrades are available at:
Vendor Fix
http://w3.siemens.com/smartgrid/global/en/products-systems-solutions/substation-automation/substation-automation/Pages/sicam-ak-3.aspx
http://w3.siemens.com/smartgrid/global/en/product…
Vendor Fix
Siemens recommends users protect network access with appropriate mechanisms. Siemens also advises that users configure the operational environment according to Siemens ' Operational Guidelines for Industrial Security:
Vendor Fix
https://www.siemens.com/cert/operational-guidelines-industrial-security
https://www.siemens.com/cert/operational-guidelin…
Vendor Fix
For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-164516 at the following location:
Vendor Fix
http://www.siemens.com/cert/advisories
http://www.siemens.com/cert/advisories
References
Acknowledgments
SEC Consult Vulnerability Lab
{
"document": {
"acknowledgments": [
{
"organization": "SEC Consult Vulnerability Lab",
"summary": "reporting these vulnerabilities directly to Siemens"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Energy",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available in the ICS-CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-17-320-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-320-02.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-17-320-02 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-320-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
}
],
"title": "Siemens SICAM",
"tracking": {
"current_release_date": "2017-11-16T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-17-320-02",
"initial_release_date": "2017-11-16T00:00:00.000000Z",
"revision_history": [
{
"date": "2017-11-16T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-17-320-02 Siemens SICAM"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "vers:all/*",
"product": {
"name": "SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00 ERAC00 ETA2 ETLS00 MODi00 DNPi00: All versions",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00 ERAC00 ETA2 ETLS00 MODi00 DNPi00"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-12737",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "summary",
"text": "The integrated web server (Port 80/TCP) of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the network.CVE-2017-12737 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12737"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "As the web server is for diagnostics only and not required for normal operation, Siemens recommends disabling the web server after commissioning.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "For users who are currently using the discontinued ETA2 (IEC 60870-5-104), MODi00 (Modbus/TCP slave) or DNPi00 (DNP3/TCP slave) firmware, Siemens recommends users upgrade to ETA4 (IEC 60870-5-104), MBSiA0 (Modbus/TCP slave) or DNPiA1 (DNP3/ TCP slave) firmware, respectively, on the SM-2558 COM Module, which is the successor to the SM-2556 Module. The upgrades are available at:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "http://w3.siemens.com/smartgrid/global/en/products-systems-solutions/substation-automation/substation-automation/Pages/sicam-ak-3.aspx",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://w3.siemens.com/smartgrid/global/en/products-systems-solutions/substation-automation/substation-automation/Pages/sicam-ak-3.aspx"
},
{
"category": "vendor_fix",
"details": "Siemens recommends users protect network access with appropriate mechanisms. Siemens also advises that users configure the operational environment according to Siemens \u0027 Operational Guidelines for Industrial Security:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "https://www.siemens.com/cert/operational-guidelines-industrial-security",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "vendor_fix",
"details": "For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-164516 at the following location:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "http://www.siemens.com/cert/advisories",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://www.siemens.com/cert/advisories"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2017-12738",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The integrated web server (Port 80/TCP) of the affected devices could allow cross-site scripting (XSS) attacks if unsuspecting users are tricked into clicking on a malicious link.CVE-2017-12738 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12738"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "As the web server is for diagnostics only and not required for normal operation, Siemens recommends disabling the web server after commissioning.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "For users who are currently using the discontinued ETA2 (IEC 60870-5-104), MODi00 (Modbus/TCP slave) or DNPi00 (DNP3/TCP slave) firmware, Siemens recommends users upgrade to ETA4 (IEC 60870-5-104), MBSiA0 (Modbus/TCP slave) or DNPiA1 (DNP3/ TCP slave) firmware, respectively, on the SM-2558 COM Module, which is the successor to the SM-2556 Module. The upgrades are available at:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "http://w3.siemens.com/smartgrid/global/en/products-systems-solutions/substation-automation/substation-automation/Pages/sicam-ak-3.aspx",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://w3.siemens.com/smartgrid/global/en/products-systems-solutions/substation-automation/substation-automation/Pages/sicam-ak-3.aspx"
},
{
"category": "vendor_fix",
"details": "Siemens recommends users protect network access with appropriate mechanisms. Siemens also advises that users configure the operational environment according to Siemens \u0027 Operational Guidelines for Industrial Security:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "https://www.siemens.com/cert/operational-guidelines-industrial-security",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "vendor_fix",
"details": "For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-164516 at the following location:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "http://www.siemens.com/cert/advisories",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://www.siemens.com/cert/advisories"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2017-12739",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The integrated web server (Port 80/TCP) of the affected devices could allow unauthenticated remote attackers to execute arbitrary code on the affected device.CVE-2017-12739 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12739"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "As the web server is for diagnostics only and not required for normal operation, Siemens recommends disabling the web server after commissioning.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "For users who are currently using the discontinued ETA2 (IEC 60870-5-104), MODi00 (Modbus/TCP slave) or DNPi00 (DNP3/TCP slave) firmware, Siemens recommends users upgrade to ETA4 (IEC 60870-5-104), MBSiA0 (Modbus/TCP slave) or DNPiA1 (DNP3/ TCP slave) firmware, respectively, on the SM-2558 COM Module, which is the successor to the SM-2556 Module. The upgrades are available at:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "http://w3.siemens.com/smartgrid/global/en/products-systems-solutions/substation-automation/substation-automation/Pages/sicam-ak-3.aspx",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://w3.siemens.com/smartgrid/global/en/products-systems-solutions/substation-automation/substation-automation/Pages/sicam-ak-3.aspx"
},
{
"category": "vendor_fix",
"details": "Siemens recommends users protect network access with appropriate mechanisms. Siemens also advises that users configure the operational environment according to Siemens \u0027 Operational Guidelines for Industrial Security:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "https://www.siemens.com/cert/operational-guidelines-industrial-security",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
},
{
"category": "vendor_fix",
"details": "For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-164516 at the following location:",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "http://www.siemens.com/cert/advisories",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://www.siemens.com/cert/advisories"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…