CVE-2017-12740

Published: Dec 26, 2017Modified: May 13, 2026

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack.

Affected (1)

Products: Siemens: Logo! Soft Comfort

1 product

Logo! Soft Comfort

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Siemens Logo! Soft Comfort	Before 8.2

Related CWEs

Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

References (2)

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-888929.pdf

Source: productcert@siemens.com

Vendor Advisory

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-888929.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.