CVE-2017-2684 : Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with kn

Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication.

Published 2017-02-22 02:59:00

Updated 2019-10-09 23:27:07

Source Siemens AG

View at NVD, CVE.org

Products affected by CVE-2017-2684

Siemens » Simatic Logon » Update Sp3 Update 1
Versions up to, including, (<=) 1.5
cpe:2.3:a:siemens:simatic_logon:*:sp3_update_1:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-2684

EPSS FAQ

0.15%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 33 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-2684

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.0	CRITICAL	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H	2.2	6.0	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-2684

CWE-592

Assigned by: productcert@siemens.com (Secondary)

References for CVE-2017-2684

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-931064.pdf

Vendor Advisory
http://www.securityfocus.com/bid/96208

Siemens SIMATIC Logon CVE-2017-2684 Authentication Bypass Vulnerability
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2017-2684

Products affected by CVE-2017-2684

Exploit prediction scoring system (EPSS) score for CVE-2017-2684

CVSS scores for CVE-2017-2684

CWE ids for CVE-2017-2684

References for CVE-2017-2684