PatchSiren cyber security CVE debrief
CVE-2017-2684 Siemens CVE debrief
CVE-2017-2684 affects Siemens SIMATIC Logon prior to V1.5 SP3 Update 2. According to the vendor and NVD records, an attacker who already knows a valid user name and has physical or network access to the affected system could bypass application-level authentication. NVD rates the issue Critical with CVSS 3.0 vector AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H.
- Vendor
- Siemens
- Product
- CVE-2017-2684
- CVSS
- CRITICAL 9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-22
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-22
- Advisory updated
- 2026-05-13
Who should care
Industrial control system operators, Siemens SIMATIC Logon administrators, OT security teams, and any organization using affected SIMATIC Logon versions should review exposure. Systems where attackers may have local access, network reachability, or shared-user knowledge are especially relevant.
Technical summary
The weakness is an authentication bypass in Siemens SIMATIC Logon, with the vulnerable range described by Siemens as prior to V1.5 SP3 Update 2. The attacker needs knowledge of a valid user name and physical or network access to the target system. The NVD record shows a high-severity impact profile with changed scope and high confidentiality, integrity, and availability impact.
Defensive priority
High. The issue is remotely reachable in some deployments, has no user-interaction requirement, and can enable bypass of an application-level authentication boundary. Even though attack complexity is listed as high, the potential impact on an industrial environment justifies prompt review and remediation.
Recommended defensive actions
- Verify whether any deployed Siemens SIMATIC Logon installations are at or below the affected version range described by the vendor.
- Apply Siemens' fixed release: V1.5 SP3 Update 2 or later, if available in your environment.
- Restrict physical and network access to hosts running SIMATIC Logon, especially where the application is exposed beyond trusted administrative networks.
- Review account and username exposure controls so valid usernames are not unnecessarily discoverable.
- Monitor authentication and access logs for unexpected logon behavior or successful access that does not match normal user patterns.
- Use the Siemens security advisory and NVD record as the primary references for affected versions and remediation guidance.
Evidence notes
This debrief is based only on the supplied NVD record and the referenced Siemens advisory metadata. The CVE was published on 2017-02-22 and modified on 2026-05-13; those dates are used only as record timing context. The source describes the issue as an application-level authentication bypass in SIMATIC Logon prior to V1.5 SP3 Update 2, requiring knowledge of a valid user name and physical or network access. NVD lists CVSS 3.0 AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H and includes the Siemens vendor advisory reference.
Official resources
-
CVE-2017-2684 CVE record
CVE.org
-
CVE-2017-2684 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
Publicly disclosed on 2017-02-22. No KEV entry was supplied, and no ransomware campaign association was supplied in the corpus.