CVE-2017-6868 Information

Description

An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process (CP) of the RNA series module if network access to Port 102/TCP is available and the configuration file for the CP is stored on the RNA’s CPU.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/99234 http://www.securitytracker.com/id/1038788 https://ics-cert.us-cert.gov/advisories/ICSA-17-173-01 https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-126840.pdf

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.1