CVE-2017-12738
Last modified
CVE-2017-12738 is a vulnerability of currently unknown severity. An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into clicking on a malicious link.. EPSS estimates a 0.87% chance of exploitation in the next 30 days.
Description
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into clicking on a malicious link.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Sm-2556 Firmware | dnpi00 |
| Siemens | Sm-2556 Firmware | enos00 |
| Siemens | Sm-2556 Firmware | erac00 |
| Siemens | Sm-2556 Firmware | eta2 |
| Siemens | Sm-2556 Firmware | etls00 |
| Siemens | Sm-2556 Firmware | modi00 |
References
- http://www.securityfocus.com/bid/101884Third Party Advisory, VDB Entry
- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdfMitigation, Vendor Advisory
- http://www.securityfocus.com/bid/101884Third Party Advisory, VDB Entry
- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-164516.pdfMitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-12738?
How severe is CVE-2017-12738?
How do I fix CVE-2017-12738?
Are you affected by CVE-2017-12738?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST