How severe is CVE-2017-16718?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2017-16718?

This is classified as CWE-522, which is a common weakness in software security.

CVE-2017-16718 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol for industrial automation in protected environments. This protocol uses user configured routes, that can be edited remotely via ADS. This special command supports encrypted authentication with username/password. The encryption uses a fixed key, that could be extracted by an attacker. Precondition of the exploitation of this weakness is network access at the moment a route is added.

Related Vulnerabilities

CVE-2019-4138

MEDIUM

CVSS:5.9(Medium)

IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An...

CWE-5222019

CVE-2019-4385

MEDIUM

CVSS:5.9(Medium)

IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password in the IBM Spectrum Protect Plus Joblog. This can result in an attacker gaining access to sensitive information as well as vSnap. I...

CWE-5222019

CVE-2020-23036

MEDIUM

CVSS:5.9(Medium)

MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of the `password` authentication parameter of the wifi photo transfer module. ...

CWE-5222020

CVE-2021-23222

MEDIUM

CVSS:5.9(Medium)

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption.

CWE-5222021

CVE-2021-29043

MEDIUM

CVSS:5.9(Medium)

The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 does not obfuscate the S...

CWE-5222021

CVE-2021-34075

MEDIUM

CVSS:5.9(Medium)

In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access.

CWE-5222021