CVE-2017-9944 - OpenCVE

A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	7kt Pac1200 Data Manager 7kt Pac1200 Data Manager Firmware

Configuration 1 [-]

AND

cpe:2.3:o:siemens:7kt_pac1200_data_manager_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:7kt_pac1200_data_manager:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/101184
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-971654.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2017-12-26T04:00:00

Updated: 2024-08-05T17:25:00.615Z

Reserved: 2017-06-26T00:00:00

Link: CVE-2017-9944

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-12-27T17:08:25.000

Modified: 2019-10-09T23:30:53.800

Link: CVE-2017-9944

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Siemens 7KT PAC1200 data manager (7KT1260) All versions < V2.03", "vendor": "n/a", "versions": [{"status": "affected", "version": "Siemens 7KT PAC1200 data manager (7KT1260) All versions < V2.03"}]}], "datePublic": "2017-12-25T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-288", "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-12-26T10:57:01", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-971654.pdf"}, {"name": "101184", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101184"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2017-9944", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Siemens 7KT PAC1200 data manager (7KT1260) All versions < V2.03", "version": {"version_data": [{"version_value": "Siemens 7KT PAC1200 data manager (7KT1260) All versions < V2.03"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"}]}]}, "references": {"reference_data": [{"name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-971654.pdf", "refsource": "CONFIRM", "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-971654.pdf"}, {"name": "101184", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101184"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:25:00.615Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-971654.pdf"}, {"name": "101184", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101184"}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2017-9944", "datePublished": "2017-12-26T04:00:00", "dateReserved": "2017-06-26T00:00:00", "dateUpdated": "2024-08-05T17:25:00.615Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:7kt_pac1200_data_manager_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C248B6B6-0C07-40ED-882B-CC07F3FC03C1", "versionEndExcluding": "2.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:7kt_pac1200_data_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "069F6E95-B8DD-4727-B89E-613A8BBF21B9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en el gestor de datos (7KT1260) 7KT PAC1200 de Siemens, en todas las versiones anteriores a la V2.03. El servidor web integrado (puerto 80/tcp) de los dispositivos afectados podr\u00eda permitir que un atacante remoto no autenticado realice operaciones administrativas a trav\u00e9s de la red."}], "id": "CVE-2017-9944", "lastModified": "2019-10-09T23:30:53.800", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-27T17:08:25.000", "references": [{"source": "productcert@siemens.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101184"}, {"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-971654.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-288"}], "source": "productcert@siemens.com", "type": "Secondary"}]}