VAR-201712-0701

Vulnerability from variot - Updated: 2025-08-12 23:31

After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions.

This could allow an attacker located in the adjacent network of the targeted device to perform unauthorized administrative actions. plural Siemens The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens RuggedCom ROS is a ROX-based device for connecting devices in harsh environments, such as substations, traffic management chassis, etc. The SCALANCE XB-200 is an industrial Ethernet switch. Siemens Ruggedcom ROS and SCALANCE are not authorized to exploit the vulnerability. Multiple Siemens Products are prone to a remote security bypass vulnerability. Following products and versions are vulnerable: RUGGEDCOM ROS prior to 5.0.1 for RSL910 devices. RUGGEDCOM ROS prior to 4.3.4 for all other devices. SCALANCE XB-200/XC-200/XP-200/XR300-WG 3.0 and later. SCALANCE XR-500/XM-400 6.1 and later

Show details on source website
To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201712-0701",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ruggedcom ros",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "4.3.4"
      },
      {
        "model": "scalance xm-400",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.1"
      },
      {
        "model": "scalance xp-200",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "scalance xc-200",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "ruggedcom ros",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "5.0.1"
      },
      {
        "model": "scalance xr-500",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "6.1"
      },
      {
        "model": "scalance xb-200",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "scalance xr300-wg",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "ruggedcom ros",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance xb-200",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance xc-200",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance xm400",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance xp-200",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance xr-300-wg",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "scalance xr500",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "ruggedcom ros for rsl910",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "5.0.1"
      },
      {
        "model": "scalance xb-200",
        "scope": "gt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "scalance xc-200",
        "scope": "gt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "scalance xp-200",
        "scope": "gt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "scalance xr300-wg",
        "scope": "gt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "scalance xr-500",
        "scope": "gt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "6.1"
      },
      {
        "model": "scalance xm-400",
        "scope": "gt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "6.1"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "ruggedcom ros",
        "version": "*"
      },
      {
        "model": "scalance xr300-wg",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "scalance xr-500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "6.1"
      },
      {
        "model": "scalance xp-200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "scalance xm-400",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "6.1"
      },
      {
        "model": "scalance xc-200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "scalance xb-200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "ruggedcom ros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.2.1"
      },
      {
        "model": "ruggedcom ros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "5.0.0"
      },
      {
        "model": "ruggedcom ros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.3.3"
      },
      {
        "model": "ruggedcom ros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.2.0"
      },
      {
        "model": "ruggedcom ros",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.1.0"
      },
      {
        "model": "rsl910",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "ruggedcom ros",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "5.0.1"
      },
      {
        "model": "ruggedcom ros",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.3.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance xb 200",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance xc 200",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance xp 200",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance xr300 wg",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance xr 500",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "scalance xm 400",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-28656"
      },
      {
        "db": "BID",
        "id": "101041"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011797"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12736"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:siemens:ruggedcom_ros",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_xb-200_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_xc-200_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_xm400_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_xp-200_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_xr300-wg_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:siemens:scalance_xr500_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011797"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens",
    "sources": [
      {
        "db": "BID",
        "id": "101041"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1396"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-12736",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "CVE-2017-12736",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-28656",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2017-12736",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "productcert@siemens.com",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2017-12736",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-12736",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2017-12736",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-12736",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-28656",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201709-1396",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b",
            "trust": 0.2,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-28656"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011797"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1396"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12736"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12736"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions. \r\n\r\nThis could allow an attacker located in the adjacent network of the targeted device to perform unauthorized administrative actions. plural Siemens The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens RuggedCom ROS is a ROX-based device for connecting devices in harsh environments, such as substations, traffic management chassis, etc. The SCALANCE XB-200 is an industrial Ethernet switch. Siemens Ruggedcom ROS and SCALANCE are not authorized to exploit the vulnerability. Multiple Siemens Products are prone to a remote security bypass vulnerability. \nFollowing products and versions are vulnerable:\nRUGGEDCOM ROS prior to 5.0.1 for RSL910 devices. \nRUGGEDCOM ROS prior to 4.3.4 for all other devices. \nSCALANCE XB-200/XC-200/XP-200/XR300-WG 3.0 and later. \nSCALANCE XR-500/XM-400 6.1 and later",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-12736"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011797"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-28656"
      },
      {
        "db": "BID",
        "id": "101041"
      },
      {
        "db": "IVD",
        "id": "8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-12736",
        "trust": 3.5
      },
      {
        "db": "SIEMENS",
        "id": "SSA-856721",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "101041",
        "trust": 1.9
      },
      {
        "db": "SECTRACK",
        "id": "1039464",
        "trust": 1.6
      },
      {
        "db": "SECTRACK",
        "id": "1039463",
        "trust": 1.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-28656",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1396",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-271-01B",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011797",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-271-01",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "8E5E8CB8-D4EE-4AD5-9084-3BF21BBBDB6B",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-28656"
      },
      {
        "db": "BID",
        "id": "101041"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011797"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1396"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12736"
      }
    ]
  },
  "id": "VAR-201712-0701",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-28656"
      }
    ],
    "trust": 1.4230392388888888
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-28656"
      }
    ]
  },
  "last_update_date": "2025-08-12T23:31:46.531000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-856721",
        "trust": 0.8,
        "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf"
      },
      {
        "title": "Siemens Ruggedcom ROS and SCALANCE Unauthorized Patch for Operational Vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/103044"
      },
      {
        "title": "Multiple Siemens Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75254"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-28656"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011797"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1396"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-1188",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-665",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011797"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12736"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/101041"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id/1039463"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id/1039464"
      },
      {
        "trust": 1.0,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-856721.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12736"
      },
      {
        "trust": 0.8,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-271-01b"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12736"
      },
      {
        "trust": 0.6,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-271-01"
      },
      {
        "trust": 0.3,
        "url": "http://www.siemens.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-28656"
      },
      {
        "db": "BID",
        "id": "101041"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011797"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1396"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12736"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-28656"
      },
      {
        "db": "BID",
        "id": "101041"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011797"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1396"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12736"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-29T00:00:00",
        "db": "IVD",
        "id": "8e5e8cb8-d4ee-4ad5-9084-3bf21bbbdb6b"
      },
      {
        "date": "2017-09-29T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-28656"
      },
      {
        "date": "2017-09-28T00:00:00",
        "db": "BID",
        "id": "101041"
      },
      {
        "date": "2018-01-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-011797"
      },
      {
        "date": "2017-09-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201709-1396"
      },
      {
        "date": "2017-12-26T04:29:13.643000",
        "db": "NVD",
        "id": "CVE-2017-12736"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-29T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-28656"
      },
      {
        "date": "2017-09-28T00:00:00",
        "db": "BID",
        "id": "101041"
      },
      {
        "date": "2018-03-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-011797"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201709-1396"
      },
      {
        "date": "2025-08-12T12:15:26.210000",
        "db": "NVD",
        "id": "CVE-2017-12736"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1396"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Siemens Vulnerabilities related to authorization, authority, and access control in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-011797"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-1396"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.