CVE-2017-2683

Published: Feb 27, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions.

Vendor	Product	Versions
n/a	RUGGEDCOM NMS All versions < V2.1 (Windows and Linux)	affected `RUGGEDCOM NMS All versions < V2.1 (Windows and Linux)`

Weaknesses (CWE)

CWE-79

References

http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-363881.pdf

x_refsource_CONFIRM

96455

vdb-entry

x_refsource_BID

https://ics-cert.us-cert.gov/advisories/ICSA-17-059-01

x_refsource_MISC

1037958

vdb-entry

x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-2683

Description

Affected Products

Weaknesses (CWE)

References