Cyber Resilience

CVE-2017-0148

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 17 March 2017

Published
17 March 2017
Modified
22 April 2026
KEV Added
06 April 2022
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9407 99.9th percentile
Risk Priority 93 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2017-0148 is a high-severity Improper Input Validation (CWE-20) vulnerability in Siemens Acuson P300 Firmware. Its CVSS base score is 8.1 (High).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).

Deeper analysis

The vulnerability is an input validation flaw (CWE-20) in the SMBv1 server implementation on Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold/1511/1607, and Windows Server 2016. It permits remote code execution when the server processes specially crafted packets and is distinct from the related issues tracked as CVE-2017-0143 through CVE-2017-0146. The flaw received a CVSS v3.1 base score of 8.1 reflecting network attack vector, high complexity, and full impact on confidentiality, integrity, and availability.

Remote unauthenticated attackers can exploit the weakness over the network by sending malicious SMBv1 packets, achieving arbitrary code execution on the target system without requiring user interaction or credentials. Successful exploitation grants the attacker the ability to run code in the context of the SMB server process, potentially leading to full system compromise.

Public references primarily discuss DOUBLEPULSAR payload handling and related SMB remote code execution artifacts rather than official vendor mitigation steps. No explicit patch or configuration guidance is detailed in the provided sources.

EU & UK References

Vulnerability details

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016…

more

allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146.

CWE(s)
KEV Date Added
06 April 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
server message block
1.0
siemens
acuson p300 firmware
13.02, 13.03, 13.20, 13.21
siemens
acuson p500 firmware
va10, vb10
siemens
acuson sc2000 firmware
5.0a · 4.0 — 4.0e
siemens
acuson x700 firmware
1.0, 1.1
siemens
syngo sc2000 firmware
5.0a · 4.0 — 4.0e
siemens
tissue preparation system firmware
all versions
siemens
versant kpcr molecular system firmware
all versions
siemens
versant kpcr sample prep firmware
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces validation of SMBv1 packet contents before processing, blocking the crafted input that triggers the RCE flaw.

prevent

Requires disabling SMBv1 (or any non-essential service) so the vulnerable server component is never exposed to network packets.

prevent

Boundary devices can block or restrict inbound SMB traffic, preventing unauthenticated remote attackers from reaching the flawed SMBv1 implementation.

References