Vulnerability CVE-2017-6869
Published: 2017-08-07   Modified: 2017-08-08

Description:
A vulnerability was discovered in Siemens ViewPort for Web Office Portal before revision number 1453 that could allow an unauthenticated remote user to upload arbitrary code and execute it with the permissions of the operating-system user running the web server by sending specially crafted network packets to port 443/TCP or port 80/TCP.

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Siemens -> Viewport for web office portal 

 References:
http://www.securityfocus.com/bid/99343
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-545214.pdf
Copyright 2024, cxsecurity.com

 

Back to Top