Strix
26.1K

CVE-2017-2688

UnknownEPSS 1.11%

Last modified

CVE-2017-2688 is a vulnerability of currently unknown severity. The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a malicious website, aka CSRF.. EPSS estimates a 1.11% chance of exploitation in the next 30 days.

Description

The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a malicious website, aka CSRF.

Metrics

EPSS Probability
1.11%

61.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
SiemensRuggedcom Rox I<= 2.9.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-2688?
The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a malicious website, aka CSRF.
How severe is CVE-2017-2688?
Severity scoring for CVE-2017-2688 is pending analysis. The EPSS model estimates a 1.11% probability of exploitation in the next 30 days.
How do I fix CVE-2017-2688?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-2688?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST