Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-6868

An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process (CP) of the RNA series module, if network access to Port 102/TCP is available and the configuration file for the CP is stored on the RNA's CPU.

Published

2017-07-07T17:29:00.340

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-287
Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	siemens	simatic_cp_44x-1_redundant_network_access_modules	≤ 1.4.0	Yes

References

http://www.securityfocus.com/bid/99234 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1038788 Third Party Advisory, VDB Entry ([email protected])
https://ics-cert.us-cert.gov/advisories/ICSA-17-173-01 Third Party Advisory, US Government Resource ([email protected])
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-126840.pdf ([email protected])
http://www.securityfocus.com/bid/99234 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1038788 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://ics-cert.us-cert.gov/advisories/ICSA-17-173-01 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-126840.pdf (af854a3a-2127-422b-91ae-364da2661108)