Detections
Analytics
Siemens SCALANCE X-200, XR300-WG 3.0 and 3.1 RCDP Triggered Unauthorized Administrative Actions
high Nessus Network Monitor Plugin ID 720205
Synopsis
Siemens SCALANCE X-200, XR300-WG allow remote attackers to execute unauthorized administrative actions via Ruggedcom Discovery Protocol.Description
A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions < ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions < ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (All versions between V6.1 (including) and V6.1.1 (excluding)). After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to writeto the device under certain conditions, potentially allowing users located in the adjacentnetwork of the targeted device to perform unauthorized administrative actions.Solution
Perform vendor recommended mitigations and apply available vendor upgrades.See Also
https://cert-portal.siemens.com/productcert/pdf/ssa-856721.pdf
Plugin Details
Severity: High
ID: 720205
Family: SCADA
Published: 5/8/2019
Updated: 9/30/2019
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 5.8
Temporal Score: 4.3
Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Patch Publication Date: 9/28/2017
Vulnerability Publication Date: 9/28/2017
Reference Information
CVE: CVE-2017-12736
BID: 101041