15 matches found
Siemens SM-2556 Communications Adapter Detection
Binary data 762008.prm...
Siemens SM-2556 Communications Adapter Detection
Binary data 762010.prm...
Siemens SICAM RTUs SM-2556 COM Modules Authentication Bypass
Binary data 720105.prm...
Siemens SICAM RTUs SM-2556 COM Modules XSS
Binary data 720106.prm...
Siemens SM-2556 Communications Adapter Detection
Binary data 762011.prm...
CVE-2017-12739
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server port 80/tcp of the affected devices could allow unauthenticated remote attackers to execute arbitrary code on the affected devic...
CVE-2017-12738
CVE-2017-12738 concerns Cross-Site Scripting in the integrated web server of Siemens SICAM RTUs SM-2556 COM Modules (firmware ENOS00, ERAC00, ETA2, ETLS00, MODi00, DNPi00). The issue arises from XSS in the web interface, potentially gatecrashed by a malicious link, with user interaction required....
CVE-2017-12737
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server port 80/tcp of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the...
CVE-2017-12739
Siemens SICAM RTUs SM-2556 COM Modules with firmware ENOS00, ERAC00, ETA2, ETLS00, MODi00, DNPi00 expose a web server on port 80 that could allow unauthenticated remote attackers to execute arbitrary code (CVE-2017-12739). The issue is tied to code injection via the integrated web server; remedia...
CVE-2017-12737
The CVE-2017-12737 entry applies to Siemens SICAM RTUs SM-2556 COM Modules (firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, DNPi00). The vulnerability arises from a missing authentication for a critical function: the integrated web server (port 80) could allow unauthenticated remote acces...
Siemens SICAM RTUs SM-2556 COM Modules XSS / Bypass / Code Execution Vulnerabilities
Siemens SICAM RTUs SM-2556 COM modules firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00 suffer from authentication bypass, code execution, and cross site scripting vulnerabilities. ======================================================================= title: Authentication...
SICAM RTU SM-2556 COM Module Information Disclosure Vulnerability
The SM-2556 communication module is a protocol element for LAN / WAN communication with a Fast Ethernet interface to the SICAM 1703 and SICAM RTU substation controllers. An information disclosure vulnerability exists in the SICAM RTU SM-2556 COM module, which allows an unauthenticated, remote...
SICAM RTU SM-2556 COM Module Arbitrary Code Execution Vulnerability
The SM-2556 communication module is a protocol element for LAN / WAN communication with a Fast Ethernet interface to the SICAM 1703 and SICAM RTU substation controllers. An arbitrary code execution vulnerability exists in the SICAM RTU SM-2556 COM module, which could allow an unauthenticated,...
Siemens SICAM RTUs SM-2556 COM Modules XSS / Bypass / Code Execution
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authentication bypass, cross-site scripting & code execution product: Siemens SICAM RTUs SM-2556 COM Modules firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00 and...
Siemens SICAM RTU Devices Denial-of-Service Vulnerability
OVERVIEW Stephan Beirer, Markus Mahrla, Toralf Gimpel, and Sebastian Krause, from GAI NetConsult GmbH, and Adam Crain of Automatak LLC have identified a denial-of-service vulnerability in Siemens SICAM products. Siemens has produced a firmware update to mitigate this vulnerability. This...