CVE Vulnerabilities

CVE-2017-9944

Authentication Bypass Using an Alternate Path or Channel

Published: Dec 27, 2017 | Modified: Apr 20, 2025
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network.

Weakness

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

Affected Software

Name Vendor Start Version End Version
7kt_pac1200_data_manager_firmware Siemens * 2.03 (excluding)

Potential Mitigations

References