CVE-2017-2684

Published: Feb 22, 2017Modified: May 13, 2026

9.0

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 6.0

Source: NVD

Description

Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication.

Affected (1)

Products: Siemens: Simatic Logon

Siemens

1 product

Simatic Logon

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Siemens Simatic Logon	Up to 1.5

Related CWEs

CWE-592

DEPRECATED: Authentication Bypass Issues

This weakness has been deprecated because it covered redundant concepts already described in CWE-287.

References (4)

http://www.securityfocus.com/bid/96208

Source: productcert@siemens.com

Third Party AdvisoryVDB Entry

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-931064.pdf

Source: productcert@siemens.com

Vendor Advisory

http://www.securityfocus.com/bid/96208

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-931064.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.