CVE-2017-12734 - A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V1.81.2).

CVE-2017-12734

Summary

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V1.81.2). An attacker with network access to the integrated web server on port 80/tcp could obtain the session ID of an active user session. A user must be logged in to the web interface. Siemens recommends to use the integrated webserver on port 80/tcp only in trusted networks.

References

Vulnerable Configurations

cpe:2.3:o:siemens:logo\!8_bm_fs-05_firmware:1.81.1:*:*:*:*:*:*:*
cpe:2.3:o:siemens:logo\!8_bm_fs-05_firmware:1.81.1:*:*:*:*:*:*:*
cpe:2.3:h:siemens:logo\!8_bm_fs-05:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:logo\!8_bm_fs-05:-:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 04-01-2022 - 18:09)
Impact:
Exploitability:

CWE

CWE-895

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	100560
misc	https://cert-portal.siemens.com/productcert/pdf/ssa-087240.pdf

Last major update

04-01-2022 - 18:09

Published

30-08-2017 - 19:29

Last modified

04-01-2022 - 18:09