CVE-2017-12734 - OpenCVE

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V1.81.2). An attacker with network access to the integrated web server on port 80/tcp could obtain the session ID of an active user session. A user must be logged in to the web interface. Siemens recommends to use the integrated webserver on port 80/tcp only in trusted networks.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Logo\!8 Bm Fs-05 Logo\!8 Bm Fs-05 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:siemens:logo\!8_bm_fs-05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:logo\!8_bm_fs-05:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/100560
https://cert-portal.siemens.com/productcert/pdf/ssa-087240.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2017-08-30T19:00:00

Updated: 2024-08-05T18:43:56.700Z

Reserved: 2017-08-09T00:00:00

Link: CVE-2017-12734

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-08-30T19:29:00.273

Modified: 2022-01-04T18:09:36.570

Link: CVE-2017-12734

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "LOGO! 8 BM (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V1.81.2"}]}], "datePublic": "2017-08-30T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V1.81.2). An attacker with network access to the integrated web server on port 80/tcp could obtain the session ID of an active user session. A user must be logged in to the web interface. Siemens recommends to use the integrated webserver on port 80/tcp only in trusted networks."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-895", "description": "CWE-895: SFP Primary Cluster: Information Leak", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-12-14T21:05:17", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"name": "100560", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100560"}, {"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-087240.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2017-12734", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "LOGO! 8 BM (incl. SIPLUS variants)", "version": {"version_data": [{"version_value": "All versions < V1.81.2"}]}}]}, "vendor_name": "Siemens"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V1.81.2). An attacker with network access to the integrated web server on port 80/tcp could obtain the session ID of an active user session. A user must be logged in to the web interface. Siemens recommends to use the integrated webserver on port 80/tcp only in trusted networks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-895: SFP Primary Cluster: Information Leak"}]}]}, "references": {"reference_data": [{"name": "100560", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100560"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-087240.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-087240.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:43:56.700Z"}, "title": "CVE Program Container", "references": [{"name": "100560", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100560"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-087240.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2017-12734", "datePublished": "2017-08-30T19:00:00", "dateReserved": "2017-08-09T00:00:00", "dateUpdated": "2024-08-05T18:43:56.700Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:logo\\!8_bm_fs-05_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6128EB35-6031-4F61-8B25-596E6FE664A1", "versionEndIncluding": "1.81.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:logo\\!8_bm_fs-05:-:*:*:*:*:*:*:*", "matchCriteriaId": "641F5F08-8D9F-425C-9735-DC174431EEA3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V1.81.2). An attacker with network access to the integrated web server on port 80/tcp could obtain the session ID of an active user session. A user must be logged in to the web interface. Siemens recommends to use the integrated webserver on port 80/tcp only in trusted networks."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en LOGO! 8 BM (incl. Variantes SIPLUS) (todas las versiones anteriores a V1.81.2). Un atacante con acceso de red al servidor web integrado en el puerto 80/tcp podr\u00eda obtener la ID de sesi\u00f3n de una sesi\u00f3n de usuario activa. Un usuario debe iniciar sesi\u00f3n en la interfaz web. Siemens recomienda utilizar el servidor web integrado en el puerto 80/tcp solo en redes de confianza."}], "id": "CVE-2017-12734", "lastModified": "2022-01-04T18:09:36.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-30T19:29:00.273", "references": [{"source": "productcert@siemens.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100560"}, {"source": "productcert@siemens.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-087240.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-895"}], "source": "productcert@siemens.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Secondary"}]}