Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-6869

A vulnerability was discovered in Siemens ViewPort for Web Office Portal before revision number 1453 that could allow an unauthenticated remote user to upload arbitrary code and execute it with the permissions of the operating-system user running the web server by sending specially crafted network packets to port 443/TCP or port 80/TCP.

Published

2017-08-08T00:29:00.180

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-287
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	siemens	viewport_for_web_office_portal	-	Yes

References

http://www.securityfocus.com/bid/99343 Third Party Advisory, VDB Entry ([email protected])
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-545214.pdf Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/99343 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-545214.pdf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)