CVE-2017-2684 Information

Description

Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name and physical or network access to the affected system to bypass the application-level authentication.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/96208 https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-931064.pdf

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.0