Vulnerabilities > CVE-2017-12739 - Insecure Default Initialization of Resource vulnerability in Siemens Sm-2556 Firmware
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to execute arbitrary code on the affected device.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 6 | |
| Hardware | 1 |
Common Weakness Enumeration (CWE)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/144982/SA-20171114-0.txt |
| id | PACKETSTORM:144982 |
| last seen | 2017-11-14 |
| published | 2017-11-14 |
| reporter | sec-consult.com |
| source | https://packetstormsecurity.com/files/144982/Siemens-SICAM-RTUs-SM-2556-COM-Modules-XSS-Bypass-Code-Execution.html |
| title | Siemens SICAM RTUs SM-2556 COM Modules XSS / Bypass / Code Execution |