4 matches found
CVE-2017-12739
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server port 80/tcp of the affected devices could allow unauthenticated remote attackers to execute arbitrary code on the affected devic...
CVE-2017-12738
CVE-2017-12738 concerns Cross-Site Scripting in the integrated web server of Siemens SICAM RTUs SM-2556 COM Modules (firmware ENOS00, ERAC00, ETA2, ETLS00, MODi00, DNPi00). The issue arises from XSS in the web interface, potentially gatecrashed by a malicious link, with user interaction required....
CVE-2017-12739
Siemens SICAM RTUs SM-2556 COM Modules with firmware ENOS00, ERAC00, ETA2, ETLS00, MODi00, DNPi00 expose a web server on port 80 that could allow unauthenticated remote attackers to execute arbitrary code (CVE-2017-12739). The issue is tied to code injection via the integrated web server; remedia...
Siemens SICAM RTU Devices Denial-of-Service Vulnerability
OVERVIEW Stephan Beirer, Markus Mahrla, Toralf Gimpel, and Sebastian Krause, from GAI NetConsult GmbH, and Adam Crain of Automatak LLC have identified a denial-of-service vulnerability in Siemens SICAM products. Siemens has produced a firmware update to mitigate this vulnerability. This...