CVE-2017-12740

Опубликовано: 26 дек. 2017

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack.

Ссылки

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-888929.pdf
Vendor Advisory
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-888929.pdf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:siemens:logo\!_soft_comfort:*:*:*:*:*:*:*:*

Версия до 8.2 (исключая)

EPSS

Процентиль: 34%

0.00138

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-494

CWE-345

Связанные уязвимости

GHSA-g8wq-427w-wgqm