Cyber Resilience

CVE-2017-0147

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 17 March 2017

Published
17 March 2017
Modified
22 April 2026
KEV Added
24 May 2022
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.9280 99.8th percentile
Risk Priority 91 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2017-0147 is a high-severity an unspecified weakness vulnerability in Siemens Acuson P300 Firmware. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability is an information disclosure flaw in the SMBv1 server component of Microsoft Windows, affecting Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold/1511/1607, and Windows Server 2016. It enables remote attackers to read sensitive data directly from process memory by sending specially crafted packets, as reflected in its CVSS 7.5 rating emphasizing network-accessible confidentiality impact without authentication requirements.

Unauthenticated remote attackers can exploit the flaw over the network by transmitting crafted SMBv1 packets, allowing them to extract arbitrary sensitive information from the target system's memory without any user interaction or elevated privileges. This can expose credentials, encryption keys, or other process data that may facilitate further attacks.

References to the issue, including SecurityFocus, SecurityTracker, Siemens SSA-701903, and PacketStorm analyses of DOUBLEPULSAR payload execution and SMB remote code execution, point to associated advisories and neutralization techniques for related SMB threats, though specific patch or mitigation details are not enumerated in the provided sources.

EU & UK References

Vulnerability details

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016…

more

allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability."

CWE(s)
KEV Date Added
24 May 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
all versions
microsoft
windows 10 1511
all versions
microsoft
windows 10 1607
all versions
microsoft
windows 7
all versions
microsoft
windows 8.1
all versions
microsoft
windows rt 8.1
all versions
microsoft
windows server 2008
all versions, r2
microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
all versions
microsoft
windows vista
all versions
+8 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Disabling SMBv1 (an unnecessary protocol) directly eliminates the attack surface exploited by crafted packets to read process memory.

prevent

Applying the vendor patch for CVE-2017-0147 removes the memory-disclosure flaw in the SMBv1 server implementation.

prevent

Boundary-protection devices can block or restrict unauthenticated SMBv1 traffic from reaching the vulnerable Windows hosts.

References