ID

VAR-201712-1117


CVE

CVE-2017-9944


TITLE

Siemens 7KT PAC1200 Data Manager Authentication Bypass Vulnerability

Trust: 0.8

sources: IVD: 797b5ea7-5a52-4064-a2e7-5ea1f86c754e // CNVD: CNVD-2017-29094

DESCRIPTION

A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network. Siemens 7KT PAC1200 data manager (7KT1260) Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. 7KTPAC1200datamanager (7KT1260) fromtheSENTRONportfolio is a fully integrated smart meter with a web interface. This may aid in further attacks

Trust: 2.7

sources: NVD: CVE-2017-9944 // JVNDB: JVNDB-2017-011884 // CNVD: CNVD-2017-29094 // BID: 101184 // IVD: 797b5ea7-5a52-4064-a2e7-5ea1f86c754e // VULMON: CVE-2017-9944

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 797b5ea7-5a52-4064-a2e7-5ea1f86c754e // CNVD: CNVD-2017-29094

AFFECTED PRODUCTS

vendor:siemensmodel:7kt pac1200 data managerscope:ltversion:2.03

Trust: 1.8

vendor:siemensmodel:7kt pac1200 data manager from the sentron portfolioscope:ltversion:2.03

Trust: 0.6

vendor:siemensmodel:7kt pac1200 data managerscope:eqversion:2.0

Trust: 0.3

vendor:siemensmodel:7kt pac1200 data managerscope:neversion:2.03

Trust: 0.3

vendor:7kt pac1200 data managermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 797b5ea7-5a52-4064-a2e7-5ea1f86c754e // CNVD: CNVD-2017-29094 // BID: 101184 // JVNDB: JVNDB-2017-011884 // NVD: CVE-2017-9944

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-9944
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-9944
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-29094
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201710-1037
value: CRITICAL

Trust: 0.6

IVD: 797b5ea7-5a52-4064-a2e7-5ea1f86c754e
value: CRITICAL

Trust: 0.2

VULMON: CVE-2017-9944
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-9944
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-29094
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 797b5ea7-5a52-4064-a2e7-5ea1f86c754e
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2017-9944
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 797b5ea7-5a52-4064-a2e7-5ea1f86c754e // CNVD: CNVD-2017-29094 // VULMON: CVE-2017-9944 // JVNDB: JVNDB-2017-011884 // CNNVD: CNNVD-201710-1037 // NVD: CVE-2017-9944

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.0

problemtype:CWE-288

Trust: 1.0

problemtype:CWE-284

Trust: 0.8

sources: JVNDB: JVNDB-2017-011884 // NVD: CVE-2017-9944

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-1037

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201710-1037

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-011884

PATCH

title:SSA-971654url:https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-971654.pdf

Trust: 0.8

title:Siemens7KTPAC1200DataManager authentication bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/103257

Trust: 0.6

title:Siemens 7KT PAC1200 Data Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75909

Trust: 0.6

sources: CNVD: CNVD-2017-29094 // JVNDB: JVNDB-2017-011884 // CNNVD: CNNVD-201710-1037

EXTERNAL IDS

db:NVDid:CVE-2017-9944

Trust: 3.6

db:SIEMENSid:SSA-971654

Trust: 2.3

db:BIDid:101184

Trust: 2.0

db:ICS CERTid:ICSA-17-278-02

Trust: 1.1

db:CNVDid:CNVD-2017-29094

Trust: 0.8

db:CNNVDid:CNNVD-201710-1037

Trust: 0.8

db:JVNDBid:JVNDB-2017-011884

Trust: 0.8

db:IVDid:797B5EA7-5A52-4064-A2E7-5EA1F86C754E

Trust: 0.2

db:VULMONid:CVE-2017-9944

Trust: 0.1

sources: IVD: 797b5ea7-5a52-4064-a2e7-5ea1f86c754e // CNVD: CNVD-2017-29094 // VULMON: CVE-2017-9944 // BID: 101184 // JVNDB: JVNDB-2017-011884 // CNNVD: CNNVD-201710-1037 // NVD: CVE-2017-9944

REFERENCES

url:https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-971654.pdf

Trust: 2.3

url:http://www.securityfocus.com/bid/101184

Trust: 1.7

url:https://ics-cert.us-cert.gov/advisories/icsa-17-278-02

Trust: 1.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9944

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-9944

Trust: 0.8

url:http://www.siemens.com/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/269.html

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=55532

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2017-29094 // VULMON: CVE-2017-9944 // BID: 101184 // JVNDB: JVNDB-2017-011884 // CNNVD: CNNVD-201710-1037 // NVD: CVE-2017-9944

CREDITS

Maxim Rupp

Trust: 0.9

sources: BID: 101184 // CNNVD: CNNVD-201710-1037

SOURCES

db:IVDid:797b5ea7-5a52-4064-a2e7-5ea1f86c754e
db:CNVDid:CNVD-2017-29094
db:VULMONid:CVE-2017-9944
db:BIDid:101184
db:JVNDBid:JVNDB-2017-011884
db:CNNVDid:CNNVD-201710-1037
db:NVDid:CVE-2017-9944

LAST UPDATE DATE

2025-04-20T23:19:42.299000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-29094date:2017-10-09T00:00:00
db:VULMONid:CVE-2017-9944date:2019-10-09T00:00:00
db:BIDid:101184date:2017-10-05T00:00:00
db:JVNDBid:JVNDB-2017-011884date:2018-02-01T00:00:00
db:CNNVDid:CNNVD-201710-1037date:2019-10-17T00:00:00
db:NVDid:CVE-2017-9944date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:IVDid:797b5ea7-5a52-4064-a2e7-5ea1f86c754edate:2017-10-09T00:00:00
db:CNVDid:CNVD-2017-29094date:2017-10-09T00:00:00
db:VULMONid:CVE-2017-9944date:2017-12-27T00:00:00
db:BIDid:101184date:2017-10-05T00:00:00
db:JVNDBid:JVNDB-2017-011884date:2018-02-01T00:00:00
db:CNNVDid:CNNVD-201710-1037date:2017-10-27T00:00:00
db:NVDid:CVE-2017-9944date:2017-12-27T17:08:25