CVE-2017-12736

Name: CVE-2017-12736
Creator: NVD / NIST
Published: 2017-12-26T04:29:13.643+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 1.00%

Last modified Jun 17, 2026

CVE-2017-12736 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions. This could allow an attacker located in the adjacent network of the targeted device to perform unauthorized administrative actions.. EPSS estimates a 1.00% chance of exploitation in the next 30 days.

Description

After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions. This could allow an attacker located in the adjacent network of the targeted device to perform unauthorized administrative actions.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.00%

58.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Siemens	Scalance Xb-200 Firmware	>= 3.0
Siemens	Scalance Xc-200 Firmware	>= 3.0
Siemens	Scalance Xp-200 Firmware	>= 3.0
Siemens	Scalance Xr300-Wg Firmware	>= 3.0
Siemens	Scalance Xr-500 Firmware	>= 6.1
Siemens	Scalance Xm-400 Firmware	>= 6.1
Siemens	Ruggedcom Ros	< 5.0.1
Siemens	Ruggedcom Ros	< 4.3.4

References

http://www.securityfocus.com/bid/101041Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1039463Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1039464Third Party Advisory, VDB Entry
https://cert-portal.siemens.com/productcert/html/ssa-856721.html
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdfIssue Tracking, Mitigation, Vendor Advisory
http://www.securityfocus.com/bid/101041Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1039463Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1039464Third Party Advisory, VDB Entry
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdfIssue Tracking, Mitigation, Vendor Advisory

Timeline

Published: Dec 26, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-12736?

How severe is CVE-2017-12736?

CVE-2017-12736 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 1.00% probability of exploitation in the next 30 days.

How do I fix CVE-2017-12736?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-12736?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST