CVE-2017-12736

Published: Dec 26, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD (Secondary)

Description

After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions. This could allow an attacker located in the adjacent network of the targeted device to perform unauthorized administrative actions.

Affected (8)

Products: Siemens: Scalance Xb 200 Firmware, Scalance Xc 200 Firmware, Scalance Xp 200 Firmware, Scalance Xr300 Wg Firmware, Scalance Xr 500 Firmware, Scalance Xm 400 Firmware, Ruggedcom Ros

Siemens

7 products

Scalance Xb 200 Firmware

Scalance Xc 200 Firmware

Scalance Xp 200 Firmware

Scalance Xr300 Wg Firmware

Scalance Xr 500 Firmware

Scalance Xm 400 Firmware

Ruggedcom Ros

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance Xb 200 Firmware	From 3.0

Running on/with	Platform Versions
Siemens Scalance Xb 200	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance Xc 200 Firmware	From 3.0

Running on/with	Platform Versions
Siemens Scalance Xc 200	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance Xp 200 Firmware	From 3.0

Running on/with	Platform Versions
Siemens Scalance Xp 200	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance Xr300 Wg Firmware	From 3.0

Running on/with	Platform Versions
Siemens Scalance Xr300 Wg	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance Xr 500 Firmware	From 6.1

Running on/with	Platform Versions
Siemens Scalance Xr 500	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Scalance Xm 400 Firmware	From 6.1

Running on/with	Platform Versions
Siemens Scalance Xm 400	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Ruggedcom Ros	Before 5.0.1

Running on/with	Platform Versions
Siemens Ruggedcom Rsl910	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Ruggedcom Ros	Before 4.3.4

Running on/with	Platform Versions
Siemens Ruggedcom	All versions

Related CWEs

CWE-1188

Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

CWE-665

Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.