Vulnerabilites related to siemens - wincc
cve-2014-4685
Vulnerability from cvelistv5
Published
2014-07-24 14:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:35.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-24T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4685",
"datePublished": "2014-07-24T14:00:00",
"dateReserved": "2014-06-28T00:00:00",
"dateUpdated": "2024-08-06T11:27:35.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4511
Vulnerability from cvelistv5
Published
2012-02-03 20:00
Modified
2024-09-16 20:07
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4510.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf | x_refsource_CONFIRM | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4510."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-03T20:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4510."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4511",
"datePublished": "2012-02-03T20:00:00Z",
"dateReserved": "2011-11-22T00:00:00Z",
"dateUpdated": "2024-09-16T20:07:51.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4512
Vulnerability from cvelistv5
Published
2012-02-03 20:00
Modified
2024-09-16 18:09
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf | x_refsource_CONFIRM | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-03T20:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4512",
"datePublished": "2012-02-03T20:00:00Z",
"dateReserved": "2011-11-22T00:00:00Z",
"dateUpdated": "2024-09-16T18:09:01.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0677
Vulnerability from cvelistv5
Published
2013-03-21 15:00
Modified
2024-09-16 23:10
Severity ?
EPSS score ?
Summary
The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a crafted project file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf | x_refsource_CONFIRM | |
| http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a crafted project file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-21T15:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-0677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a crafted project file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-0677",
"datePublished": "2013-03-21T15:00:00Z",
"dateReserved": "2012-12-19T00:00:00Z",
"dateUpdated": "2024-09-16T23:10:58.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0678
Vulnerability from cvelistv5
Published
2013-03-21 15:00
Modified
2024-09-17 00:01
Severity ?
EPSS score ?
Summary
Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated users to obtain sensitive information via a SQL query.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf | x_refsource_CONFIRM | |
| http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated users to obtain sensitive information via a SQL query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-21T15:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-0678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated users to obtain sensitive information via a SQL query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-0678",
"datePublished": "2013-03-21T15:00:00Z",
"dateReserved": "2012-12-19T00:00:00Z",
"dateUpdated": "2024-09-17T00:01:41.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0679
Vulnerability from cvelistv5
Published
2013-03-21 15:00
Modified
2024-09-16 16:12
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf | x_refsource_CONFIRM | |
| http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-21T15:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-0679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-0679",
"datePublished": "2013-03-21T15:00:00Z",
"dateReserved": "2012-12-19T00:00:00Z",
"dateUpdated": "2024-09-16T16:12:24.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4509
Vulnerability from cvelistv5
Published
2012-02-03 20:00
Modified
2024-09-17 01:26
Severity ?
EPSS score ?
Summary
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf | x_refsource_CONFIRM | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-03T20:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4509",
"datePublished": "2012-02-03T20:00:00Z",
"dateReserved": "2011-11-22T00:00:00Z",
"dateUpdated": "2024-09-17T01:26:11.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4683
Vulnerability from cvelistv5
Published
2014-07-24 14:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:35.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-24T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4683",
"datePublished": "2014-07-24T14:00:00",
"dateReserved": "2014-06-28T00:00:00",
"dateUpdated": "2024-08-06T11:27:35.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3957
Vulnerability from cvelistv5
Published
2013-06-14 19:00
Modified
2024-09-16 20:06
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-14T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3957",
"datePublished": "2013-06-14T19:00:00Z",
"dateReserved": "2013-06-05T00:00:00Z",
"dateUpdated": "2024-09-16T20:06:43.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2822
Vulnerability from cvelistv5
Published
2015-04-08 16:00
Modified
2024-08-06 05:24
Severity ?
EPSS score ?
Summary
Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/74028 | vdb-entry, x_refsource_BID | |
| http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf | x_refsource_CONFIRM | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:24:38.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74028",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74028"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-10T14:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "74028",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74028"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74028",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74028"
},
{
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2822",
"datePublished": "2015-04-08T16:00:00",
"dateReserved": "2015-04-01T00:00:00",
"dateUpdated": "2024-08-06T05:24:38.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4876
Vulnerability from cvelistv5
Published
2012-02-03 20:00
Modified
2024-08-07 00:16
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/46997 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf | x_refsource_MISC | |
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf | x_refsource_MISC | |
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf | x_refsource_CONFIRM | |
| http://www.exploit-db.com/exploits/18166 | exploit, x_refsource_EXPLOIT-DB | |
| http://aluigi.org/adv/winccflex_1-adv.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71450 | vdb-entry, x_refsource_XF | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf | x_refsource_MISC | |
| http://www.osvdb.org/77381 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:35.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46997",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46997"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name": "18166",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"name": "simatic-hmiload-dir-traversal(71450)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71450"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
},
{
"name": "77381",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/77381"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "46997",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46997"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name": "18166",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"name": "simatic-hmiload-dir-traversal(71450)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71450"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
},
{
"name": "77381",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/77381"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46997",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46997"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name": "18166",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"name": "http://aluigi.org/adv/winccflex_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"name": "simatic-hmiload-dir-traversal(71450)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71450"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
},
{
"name": "77381",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77381"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4876",
"datePublished": "2012-02-03T20:00:00",
"dateReserved": "2011-12-21T00:00:00",
"dateUpdated": "2024-08-07T00:16:35.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2598
Vulnerability from cvelistv5
Published
2012-06-08 18:00
Modified
2024-09-17 02:02
Severity ?
EPSS score ?
Summary
Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf | x_refsource_CONFIRM | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-06-08T18:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-2598",
"datePublished": "2012-06-08T18:00:00Z",
"dateReserved": "2012-05-09T00:00:00Z",
"dateUpdated": "2024-09-17T02:02:35.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4686
Vulnerability from cvelistv5
Published
2014-07-24 14:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during the sniffing of network traffic on TCP port 1030.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:35.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during the sniffing of network traffic on TCP port 1030."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-24T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during the sniffing of network traffic on TCP port 1030."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4686",
"datePublished": "2014-07-24T14:00:00",
"dateReserved": "2014-06-28T00:00:00",
"dateUpdated": "2024-08-06T11:27:35.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3034
Vulnerability from cvelistv5
Published
2012-09-18 14:00
Modified
2024-09-16 20:02
Severity ?
EPSS score ?
Summary
WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified methods in ActiveX controls.
References
| ▼ | URL | Tags |
|---|---|---|
| http://en.securitylab.ru/lab/PT-2012-45 | x_refsource_MISC | |
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf | x_refsource_CONFIRM | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://en.securitylab.ru/lab/PT-2012-45"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified methods in ActiveX controls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-18T14:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://en.securitylab.ru/lab/PT-2012-45"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-3034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified methods in ActiveX controls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://en.securitylab.ru/lab/PT-2012-45",
"refsource": "MISC",
"url": "http://en.securitylab.ru/lab/PT-2012-45"
},
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-3034",
"datePublished": "2012-09-18T14:00:00Z",
"dateReserved": "2012-05-30T00:00:00Z",
"dateUpdated": "2024-09-16T20:02:55.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-30897
Vulnerability from cvelistv5
Published
2023-06-13 08:17
Modified
2025-01-03 01:43
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). Affected applications fail to set proper access rights for their installation folder if a non-default installation path was chosen during installation.
This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Siemens | SIMATIC WinCC |
Version: All versions < V7.5.2.13 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-914026.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-03T01:42:55.005641Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T01:43:13.277Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.5.2.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC WinCC (All versions \u003c V7.5.2.13). Affected applications fail to set proper access rights for their installation folder if a non-default installation path was chosen during installation.\r\n\r\nThis could allow an authenticated local attacker to inject arbitrary code and escalate privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T08:17:11.223Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-914026.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-30897",
"datePublished": "2023-06-13T08:17:11.223Z",
"dateReserved": "2023-04-20T05:09:40.252Z",
"dateUpdated": "2025-01-03T01:43:13.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3958
Vulnerability from cvelistv5
Published
2013-06-14 19:00
Modified
2024-09-16 18:07
Severity ?
EPSS score ?
Summary
The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-14T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3958",
"datePublished": "2013-06-14T19:00:00Z",
"dateReserved": "2013-06-05T00:00:00Z",
"dateUpdated": "2024-09-16T18:07:49.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3031
Vulnerability from cvelistv5
Published
2012-09-18 14:00
Modified
2024-09-16 20:07
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a (1) GET parameter, (2) POST parameter, or (3) Referer HTTP header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://en.securitylab.ru/lab/PT-2012-42 | x_refsource_MISC | |
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf | x_refsource_CONFIRM | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://en.securitylab.ru/lab/PT-2012-42"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a (1) GET parameter, (2) POST parameter, or (3) Referer HTTP header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-18T14:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://en.securitylab.ru/lab/PT-2012-42"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-3031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a (1) GET parameter, (2) POST parameter, or (3) Referer HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://en.securitylab.ru/lab/PT-2012-42",
"refsource": "MISC",
"url": "http://en.securitylab.ru/lab/PT-2012-42"
},
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-3031",
"datePublished": "2012-09-18T14:00:00Z",
"dateReserved": "2012-05-30T00:00:00Z",
"dateUpdated": "2024-09-16T20:07:39.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2596
Vulnerability from cvelistv5
Published
2012-06-08 18:00
Modified
2024-09-17 00:15
Severity ?
EPSS score ?
Summary
The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML injection" attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf | x_refsource_CONFIRM | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:26.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an \"XML injection\" attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-06-08T18:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an \"XML injection\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-2596",
"datePublished": "2012-06-08T18:00:00Z",
"dateReserved": "2012-05-09T00:00:00Z",
"dateUpdated": "2024-09-17T00:15:45.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4513
Vulnerability from cvelistv5
Published
2012-02-03 20:00
Modified
2024-09-16 22:31
Severity ?
EPSS score ?
Summary
Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf | x_refsource_CONFIRM | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-03T20:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4513",
"datePublished": "2012-02-03T20:00:00Z",
"dateReserved": "2011-11-22T00:00:00Z",
"dateUpdated": "2024-09-16T22:31:15.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4912
Vulnerability from cvelistv5
Published
2013-07-31 18:00
Modified
2024-08-06 16:59
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product.
References
| ▼ | URL | Tags |
|---|---|---|
| http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html | x_refsource_MISC | |
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/61535 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/54051 | third-party-advisory, x_refsource_SECUNIA | |
| https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86100 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/54252 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf"
},
{
"name": "61535",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61535"
},
{
"name": "54051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54051"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02"
},
{
"name": "simatic-cve20134912-spoofing(86100)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86100"
},
{
"name": "54252",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54252"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf"
},
{
"name": "61535",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61535"
},
{
"name": "54051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54051"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02"
},
{
"name": "simatic-cve20134912-spoofing(86100)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86100"
},
{
"name": "54252",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54252"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html",
"refsource": "MISC",
"url": "http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html"
},
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf"
},
{
"name": "61535",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61535"
},
{
"name": "54051",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54051"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02"
},
{
"name": "simatic-cve20134912-spoofing(86100)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86100"
},
{
"name": "54252",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54252"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4912",
"datePublished": "2013-07-31T18:00:00",
"dateReserved": "2013-07-25T00:00:00",
"dateUpdated": "2024-08-06T16:59:40.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4508
Vulnerability from cvelistv5
Published
2012-02-03 20:00
Modified
2024-09-16 20:47
Severity ?
EPSS score ?
Summary
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf | x_refsource_CONFIRM | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-03T20:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4508",
"datePublished": "2012-02-03T20:00:00Z",
"dateReserved": "2011-11-22T00:00:00Z",
"dateUpdated": "2024-09-16T20:47:55.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2595
Vulnerability from cvelistv5
Published
2012-06-08 18:00
Modified
2024-09-17 01:41
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors involving special characters in parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf | x_refsource_CONFIRM | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:26.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors involving special characters in parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-06-08T18:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors involving special characters in parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-2595",
"datePublished": "2012-06-08T18:00:00Z",
"dateReserved": "2012-05-09T00:00:00Z",
"dateUpdated": "2024-09-17T01:41:00.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0674
Vulnerability from cvelistv5
Published
2013-03-21 15:00
Modified
2024-09-16 19:47
Severity ?
EPSS score ?
Summary
Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf | x_refsource_CONFIRM | |
| http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-21T15:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-0674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-0674",
"datePublished": "2013-03-21T15:00:00Z",
"dateReserved": "2012-12-19T00:00:00Z",
"dateUpdated": "2024-09-16T19:47:06.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0676
Vulnerability from cvelistv5
Published
2013-03-21 15:00
Modified
2024-09-16 16:32
Severity ?
EPSS score ?
Summary
Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf | x_refsource_CONFIRM | |
| http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-21T15:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-0676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-0676",
"datePublished": "2013-03-21T15:00:00Z",
"dateReserved": "2012-12-19T00:00:00Z",
"dateUpdated": "2024-09-16T16:32:26.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4875
Vulnerability from cvelistv5
Published
2012-02-03 20:00
Modified
2024-08-07 00:16
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf | x_refsource_MISC | |
| http://www.osvdb.org/77380 | vdb-entry, x_refsource_OSVDB | |
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf | x_refsource_MISC | |
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf | x_refsource_CONFIRM | |
| http://www.exploit-db.com/exploits/18166 | exploit, x_refsource_EXPLOIT-DB | |
| http://aluigi.org/adv/winccflex_1-adv.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71449 | vdb-entry, x_refsource_XF | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:35.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"name": "77380",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/77380"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name": "18166",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"name": "simatic-hmiload-bo(71449)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71449"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"name": "77380",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/77380"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name": "18166",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"name": "simatic-hmiload-bo(71449)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71449"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"name": "77380",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77380"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name": "18166",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"name": "http://aluigi.org/adv/winccflex_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"name": "simatic-hmiload-bo(71449)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71449"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4875",
"datePublished": "2012-02-03T20:00:00",
"dateReserved": "2011-12-21T00:00:00",
"dateUpdated": "2024-08-07T00:16:35.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2597
Vulnerability from cvelistv5
Published
2012-06-08 18:00
Modified
2024-09-16 17:53
Severity ?
EPSS score ?
Summary
Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf | x_refsource_CONFIRM | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:26.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-06-08T18:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-2597",
"datePublished": "2012-06-08T18:00:00Z",
"dateReserved": "2012-05-09T00:00:00Z",
"dateUpdated": "2024-09-16T17:53:38.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4878
Vulnerability from cvelistv5
Published
2012-02-03 20:00
Modified
2024-08-07 00:16
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf | x_refsource_MISC | |
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf | x_refsource_MISC | |
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf | x_refsource_CONFIRM | |
| http://www.exploit-db.com/exploits/18166 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71452 | vdb-entry, x_refsource_XF | |
| http://aluigi.org/adv/winccflex_1-adv.txt | x_refsource_MISC | |
| http://www.osvdb.org/77383 | vdb-entry, x_refsource_OSVDB | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:35.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name": "18166",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"name": "simatic-miniweb-directory-traversal(71452)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71452"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"name": "77383",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/77383"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name": "18166",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"name": "simatic-miniweb-directory-traversal(71452)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71452"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"name": "77383",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/77383"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name": "18166",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"name": "simatic-miniweb-directory-traversal(71452)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71452"
},
{
"name": "http://aluigi.org/adv/winccflex_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"name": "77383",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77383"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4878",
"datePublished": "2012-02-03T20:00:00",
"dateReserved": "2011-12-21T00:00:00",
"dateUpdated": "2024-08-07T00:16:35.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4510
Vulnerability from cvelistv5
Published
2012-02-03 20:00
Modified
2024-09-16 18:28
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4511.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf | x_refsource_CONFIRM | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4511."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-03T20:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4511."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4510",
"datePublished": "2012-02-03T20:00:00Z",
"dateReserved": "2011-11-22T00:00:00Z",
"dateUpdated": "2024-09-16T18:28:15.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4911
Vulnerability from cvelistv5
Published
2013-07-31 18:00
Modified
2024-08-06 16:59
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging improper configuration of SIMATIC HMI panels by the WinCC product.
References
| ▼ | URL | Tags |
|---|---|---|
| http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/61536 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86099 | vdb-entry, x_refsource_XF | |
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf | x_refsource_CONFIRM | |
| http://secunia.com/advisories/54051 | third-party-advisory, x_refsource_SECUNIA | |
| https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02 | x_refsource_MISC | |
| http://secunia.com/advisories/54252 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html"
},
{
"name": "61536",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61536"
},
{
"name": "simatic-cve20134911-csrf(86099)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86099"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf"
},
{
"name": "54051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54051"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02"
},
{
"name": "54252",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54252"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging improper configuration of SIMATIC HMI panels by the WinCC product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html"
},
{
"name": "61536",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61536"
},
{
"name": "simatic-cve20134911-csrf(86099)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86099"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf"
},
{
"name": "54051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54051"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02"
},
{
"name": "54252",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54252"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging improper configuration of SIMATIC HMI panels by the WinCC product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html",
"refsource": "MISC",
"url": "http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html"
},
{
"name": "61536",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61536"
},
{
"name": "simatic-cve20134911-csrf(86099)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86099"
},
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf"
},
{
"name": "54051",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54051"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02"
},
{
"name": "54252",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54252"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4911",
"datePublished": "2013-07-31T18:00:00",
"dateReserved": "2013-07-25T00:00:00",
"dateUpdated": "2024-08-06T16:59:41.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3959
Vulnerability from cvelistv5
Published
2013-06-14 19:00
Modified
2024-09-16 20:42
Severity ?
EPSS score ?
Summary
The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account names via crafted URL parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account names via crafted URL parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-14T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account names via crafted URL parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3959",
"datePublished": "2013-06-14T19:00:00Z",
"dateReserved": "2013-06-05T00:00:00Z",
"dateUpdated": "2024-09-16T20:42:00.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3032
Vulnerability from cvelistv5
Published
2012-09-18 14:00
Modified
2024-09-17 03:22
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://en.securitylab.ru/lab/PT-2012-44 | x_refsource_MISC | |
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf | x_refsource_CONFIRM | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://en.securitylab.ru/lab/PT-2012-44"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-18T14:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://en.securitylab.ru/lab/PT-2012-44"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-3032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://en.securitylab.ru/lab/PT-2012-44",
"refsource": "MISC",
"url": "http://en.securitylab.ru/lab/PT-2012-44"
},
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-3032",
"datePublished": "2012-09-18T14:00:00Z",
"dateReserved": "2012-05-30T00:00:00Z",
"dateUpdated": "2024-09-17T03:22:48.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2823
Vulnerability from cvelistv5
Published
2015-04-08 16:00
Modified
2024-08-06 05:24
Severity ?
EPSS score ?
Summary
Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/74040 | vdb-entry, x_refsource_BID | |
| http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf | x_refsource_CONFIRM | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:24:39.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74040",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74040"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-10T14:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "74040",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74040"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74040",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74040"
},
{
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2823",
"datePublished": "2015-04-08T16:00:00",
"dateReserved": "2015-04-01T00:00:00",
"dateUpdated": "2024-08-06T05:24:39.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4879
Vulnerability from cvelistv5
Published
2012-02-03 20:00
Modified
2024-08-07 00:16
Severity ?
EPSS score ?
Summary
miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf | x_refsource_MISC | |
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf | x_refsource_MISC | |
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf | x_refsource_CONFIRM | |
| http://www.exploit-db.com/exploits/18166 | exploit, x_refsource_EXPLOIT-DB | |
| http://aluigi.org/adv/winccflex_1-adv.txt | x_refsource_MISC | |
| http://www.osvdb.org/77384 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71453 | vdb-entry, x_refsource_XF | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:35.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name": "18166",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"name": "77384",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/77384"
},
{
"name": "simatic-miniweb-dos(71453)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71453"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name": "18166",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"name": "77384",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/77384"
},
{
"name": "simatic-miniweb-dos(71453)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71453"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4879",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name": "18166",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"name": "http://aluigi.org/adv/winccflex_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"name": "77384",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77384"
},
{
"name": "simatic-miniweb-dos(71453)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71453"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4879",
"datePublished": "2012-02-03T20:00:00",
"dateReserved": "2011-12-21T00:00:00",
"dateUpdated": "2024-08-07T00:16:35.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3003
Vulnerability from cvelistv5
Published
2012-06-08 18:00
Modified
2024-09-16 19:47
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf | x_refsource_CONFIRM | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-06-08T18:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-3003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-3003",
"datePublished": "2012-06-08T18:00:00Z",
"dateReserved": "2012-05-30T00:00:00Z",
"dateUpdated": "2024-09-16T19:47:32.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4877
Vulnerability from cvelistv5
Published
2012-02-03 20:00
Modified
2024-08-07 00:16
Severity ?
EPSS score ?
Summary
HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to cause a denial of service (application crash) by sending crafted data over TCP.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf | x_refsource_MISC | |
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf | x_refsource_MISC | |
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf | x_refsource_CONFIRM | |
| http://www.exploit-db.com/exploits/18166 | exploit, x_refsource_EXPLOIT-DB | |
| http://aluigi.org/adv/winccflex_1-adv.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71451 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/77382 | vdb-entry, x_refsource_OSVDB | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:35.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name": "18166",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"name": "simatic-hmiload-dos(71451)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71451"
},
{
"name": "77382",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/77382"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to cause a denial of service (application crash) by sending crafted data over TCP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name": "18166",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"name": "simatic-hmiload-dos(71451)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71451"
},
{
"name": "77382",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/77382"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to cause a denial of service (application crash) by sending crafted data over TCP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name": "18166",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"name": "http://aluigi.org/adv/winccflex_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"name": "simatic-hmiload-dos(71451)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71451"
},
{
"name": "77382",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77382"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4877",
"datePublished": "2012-02-03T20:00:00",
"dateReserved": "2011-12-21T00:00:00",
"dateUpdated": "2024-08-07T00:16:35.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4514
Vulnerability from cvelistv5
Published
2012-02-03 20:00
Modified
2024-09-17 03:27
Severity ?
EPSS score ?
Summary
The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf | x_refsource_CONFIRM | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-03T20:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-4514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-4514",
"datePublished": "2012-02-03T20:00:00Z",
"dateReserved": "2011-11-22T00:00:00Z",
"dateUpdated": "2024-09-17T03:27:33.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0675
Vulnerability from cvelistv5
Published
2013-03-21 15:00
Modified
2024-09-16 19:36
Severity ?
EPSS score ?
Summary
Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a denial of service via a crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf | x_refsource_CONFIRM | |
| http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:33:05.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a denial of service via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-21T15:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-0675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a denial of service via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-0675",
"datePublished": "2013-03-21T15:00:00Z",
"dateReserved": "2012-12-19T00:00:00Z",
"dateUpdated": "2024-09-16T19:36:20.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3030
Vulnerability from cvelistv5
Published
2012-09-18 14:00
Modified
2024-09-16 20:27
Severity ?
EPSS score ?
Summary
WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote attackers to read a (1) log file or (2) configuration file via a direct request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf | x_refsource_CONFIRM | |
| http://en.securitylab.ru/lab/PT-2012-43 | x_refsource_MISC | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://en.securitylab.ru/lab/PT-2012-43"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote attackers to read a (1) log file or (2) configuration file via a direct request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-18T14:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://en.securitylab.ru/lab/PT-2012-43"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-3030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote attackers to read a (1) log file or (2) configuration file via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"name": "http://en.securitylab.ru/lab/PT-2012-43",
"refsource": "MISC",
"url": "http://en.securitylab.ru/lab/PT-2012-43"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-3030",
"datePublished": "2012-09-18T14:00:00Z",
"dateReserved": "2012-05-30T00:00:00Z",
"dateUpdated": "2024-09-16T20:27:37.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3028
Vulnerability from cvelistv5
Published
2012-09-18 14:00
Modified
2024-09-16 20:32
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://en.securitylab.ru/lab/PT-2012-42 | x_refsource_MISC | |
| http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf | x_refsource_CONFIRM | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://en.securitylab.ru/lab/PT-2012-42"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-18T14:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://en.securitylab.ru/lab/PT-2012-42"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-3028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://en.securitylab.ru/lab/PT-2012-42",
"refsource": "MISC",
"url": "http://en.securitylab.ru/lab/PT-2012-42"
},
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-3028",
"datePublished": "2012-09-18T14:00:00Z",
"dateReserved": "2012-05-30T00:00:00Z",
"dateUpdated": "2024-09-16T20:32:23.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1358
Vulnerability from cvelistv5
Published
2015-02-18 02:00
Modified
2024-08-06 04:40
Severity ?
EPSS score ?
Summary
The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-543623.pdf | x_refsource_CONFIRM | |
| https://ics-cert.us-cert.gov/advisories/ICSA-16-161-02 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/72625 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1036090 | vdb-entry, x_refsource_SECTRACK | |
| http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-526760.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-543623.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-161-02"
},
{
"name": "72625",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72625"
},
{
"name": "1036090",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036090"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-526760.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-543623.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-161-02"
},
{
"name": "72625",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72625"
},
{
"name": "1036090",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036090"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-526760.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-543623.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-543623.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-161-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-161-02"
},
{
"name": "72625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72625"
},
{
"name": "1036090",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036090"
},
{
"name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-526760.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-526760.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1358",
"datePublished": "2015-02-18T02:00:00",
"dateReserved": "2015-01-26T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12069
Vulnerability from cvelistv5
Published
2017-08-30 19:00
Modified
2024-08-05 18:28
Severity ?
EPSS score ?
Summary
An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions < V7.4 SP1), SIMATIC WinCC Runtime Professional (All versions < V14 SP1), SIMATIC NET PC Software, and SIMATIC IT Production Suite. By sending specially crafted packets to the OPC Discovery Server at port 4840/tcp, an attacker might cause the system to access various resources chosen by the attacker.
References
| ▼ | URL | Tags |
|---|---|---|
| https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-12069.pdf | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039510 | vdb-entry, x_refsource_SECTRACK | |
| https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-535640.pdf | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/100559 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:28:15.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-12069.pdf"
},
{
"name": "1039510",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039510"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-535640.pdf"
},
{
"name": "100559",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100559"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions \u003c V7.4 SP1), SIMATIC WinCC Runtime Professional (All versions \u003c V14 SP1), SIMATIC NET PC Software, and SIMATIC IT Production Suite. By sending specially crafted packets to the OPC Discovery Server at port 4840/tcp, an attacker might cause the system to access various resources chosen by the attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-05T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-12069.pdf"
},
{
"name": "1039510",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039510"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-535640.pdf"
},
{
"name": "100559",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100559"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions \u003c V7.4 SP1), SIMATIC WinCC Runtime Professional (All versions \u003c V14 SP1), SIMATIC NET PC Software, and SIMATIC IT Production Suite. By sending specially crafted packets to the OPC Discovery Server at port 4840/tcp, an attacker might cause the system to access various resources chosen by the attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-12069.pdf",
"refsource": "CONFIRM",
"url": "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-12069.pdf"
},
{
"name": "1039510",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039510"
},
{
"name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-535640.pdf",
"refsource": "CONFIRM",
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-535640.pdf"
},
{
"name": "100559",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100559"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12069",
"datePublished": "2017-08-30T19:00:00",
"dateReserved": "2017-07-31T00:00:00",
"dateUpdated": "2024-08-05T18:28:15.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4684
Vulnerability from cvelistv5
Published
2014-07-24 14:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:35.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-24T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4684",
"datePublished": "2014-07-24T14:00:00",
"dateReserved": "2014-06-28T00:00:00",
"dateUpdated": "2024-08-06T11:27:35.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4682
Vulnerability from cvelistv5
Published
2014-07-24 14:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:35.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-24T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4682",
"datePublished": "2014-07-24T14:00:00",
"dateReserved": "2014-06-28T00:00:00",
"dateUpdated": "2024-08-06T11:27:35.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201612-0420
Vulnerability from variot
A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions. Siemens SIMATIC WinCC and SIMATIC PCS 7 are industrial automation products from Siemens AG, Germany. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC. A security bypass vulnerability exists in versions prior to SIMATIC WinCC 7.2 and in versions prior to SIMATIC PCS 7 8.0 SP1. An attacker could exploit this vulnerability to execute ActiveX components. Attackers can exploit this issue to obtain sensitive information or cause denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201612-0420",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic pcs 7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic pcs 7",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "8.0 sp1"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "wincc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic pcs sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7\u003c8.0"
},
{
"model": "simatic pcs 7",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic wincc sp3 upd",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.08"
},
{
"model": "simatic wincc sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc sp2 upd",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.012"
},
{
"model": "simatic wincc sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc sp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.03"
},
{
"model": "simatic wincc sp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.02"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "78.0"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "78"
},
{
"model": "simatic pcs sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "77.1"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "77.1"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "77"
},
{
"model": "simatic wincc",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic pcs sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "78.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs 7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "f04157cb-edf5-490c-9e17-39c08ea58fa8"
},
{
"db": "CNVD",
"id": "CNVD-2016-12696"
},
{
"db": "BID",
"id": "94825"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006500"
},
{
"db": "NVD",
"id": "CVE-2016-9160"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-334"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9160"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mingzheng Li from Acorn Network Security Lab",
"sources": [
{
"db": "BID",
"id": "94825"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-334"
}
],
"trust": 0.9
},
"cve": "CVE-2016-9160",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-9160",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-12696",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "f04157cb-edf5-490c-9e17-39c08ea58fa8",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-97980",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-9160",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-9160",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-12696",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-334",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "f04157cb-edf5-490c-9e17-39c08ea58fa8",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97980",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f04157cb-edf5-490c-9e17-39c08ea58fa8"
},
{
"db": "CNVD",
"id": "CNVD-2016-12696"
},
{
"db": "VULHUB",
"id": "VHN-97980"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006500"
},
{
"db": "NVD",
"id": "CVE-2016-9160"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-334"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in SIEMENS SIMATIC WinCC (All versions \u003c SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions \u003c SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions. Siemens SIMATIC WinCC and SIMATIC PCS 7 are industrial automation products from Siemens AG, Germany. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC. A security bypass vulnerability exists in versions prior to SIMATIC WinCC 7.2 and in versions prior to SIMATIC PCS 7 8.0 SP1. An attacker could exploit this vulnerability to execute ActiveX components. \nAttackers can exploit this issue to obtain sensitive information or cause denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9160"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006500"
},
{
"db": "CNVD",
"id": "CNVD-2016-12696"
},
{
"db": "BID",
"id": "94825"
},
{
"db": "IVD",
"id": "f04157cb-edf5-490c-9e17-39c08ea58fa8"
},
{
"db": "VULHUB",
"id": "VHN-97980"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9160",
"trust": 3.6
},
{
"db": "BID",
"id": "94825",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-348-04",
"trust": 2.2
},
{
"db": "SIEMENS",
"id": "SSA-693129",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1037435",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201612-334",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-12696",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006500",
"trust": 0.8
},
{
"db": "IVD",
"id": "F04157CB-EDF5-490C-9E17-39C08EA58FA8",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-97980",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "f04157cb-edf5-490c-9e17-39c08ea58fa8"
},
{
"db": "CNVD",
"id": "CNVD-2016-12696"
},
{
"db": "VULHUB",
"id": "VHN-97980"
},
{
"db": "BID",
"id": "94825"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006500"
},
{
"db": "NVD",
"id": "CVE-2016-9160"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-334"
}
]
},
"id": "VAR-201612-0420",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f04157cb-edf5-490c-9e17-39c08ea58fa8"
},
{
"db": "CNVD",
"id": "CNVD-2016-12696"
},
{
"db": "VULHUB",
"id": "VHN-97980"
}
],
"trust": 1.5198014883333335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "f04157cb-edf5-490c-9e17-39c08ea58fa8"
},
{
"db": "CNVD",
"id": "CNVD-2016-12696"
}
]
},
"last_update_date": "2023-12-18T12:29:52.975000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-693129",
"trust": 0.8,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-693129.pdf"
},
{
"title": "Patch for security bypass bugs in SIMATIC WinCC and SIMATIC PCS 7 ActiveX controls",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/86164"
},
{
"title": "SIMATIC WinCC and SIMATIC PCS 7 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=66299"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12696"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006500"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-334"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97980"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006500"
},
{
"db": "NVD",
"id": "CVE-2016-9160"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/94825"
},
{
"trust": 2.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-348-04"
},
{
"trust": 2.0,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-693129.pdf"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037435"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9160"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9160"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/kb/240797"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12696"
},
{
"db": "VULHUB",
"id": "VHN-97980"
},
{
"db": "BID",
"id": "94825"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006500"
},
{
"db": "NVD",
"id": "CVE-2016-9160"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-334"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f04157cb-edf5-490c-9e17-39c08ea58fa8"
},
{
"db": "CNVD",
"id": "CNVD-2016-12696"
},
{
"db": "VULHUB",
"id": "VHN-97980"
},
{
"db": "BID",
"id": "94825"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006500"
},
{
"db": "NVD",
"id": "CVE-2016-9160"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-334"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-21T00:00:00",
"db": "IVD",
"id": "f04157cb-edf5-490c-9e17-39c08ea58fa8"
},
{
"date": "2016-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12696"
},
{
"date": "2016-12-17T00:00:00",
"db": "VULHUB",
"id": "VHN-97980"
},
{
"date": "2016-12-09T00:00:00",
"db": "BID",
"id": "94825"
},
{
"date": "2017-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006500"
},
{
"date": "2016-12-17T03:59:00.263000",
"db": "NVD",
"id": "CVE-2016-9160"
},
{
"date": "2016-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-334"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12696"
},
{
"date": "2017-07-27T00:00:00",
"db": "VULHUB",
"id": "VHN-97980"
},
{
"date": "2016-12-20T01:09:00",
"db": "BID",
"id": "94825"
},
{
"date": "2017-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006500"
},
{
"date": "2017-07-27T01:29:06.773000",
"db": "NVD",
"id": "CVE-2016-9160"
},
{
"date": "2016-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-334"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-334"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SIEMENS SIMATIC WinCC and SIEMENS SIMATIC PCS 7 In ActiveX Vulnerability that can crash components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006500"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-334"
}
],
"trust": 0.6
}
}
var-201407-0602
Vulnerability from variot
The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. Siemens SIMATIC WinCC and PCS7 are prone to an information-disclosure vulnerability. Siemens SIMATIC WinCC is the German Siemens ( Siemens ) The company's set of automated data collection and monitoring ( SCADA )system. The system provides process monitoring, data acquisition and other functions. PCS7 used with other products Siemens SIMATIC WinCC 7.3 previous version of WebNavigator There is a security hole in the server
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0602",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 2.4,
"vendor": "wincc",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 2.4,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 1.4,
"vendor": "siemens",
"version": "7.3"
},
{
"model": null,
"scope": "eq",
"trust": 1.2,
"vendor": "wincc",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 1.2,
"vendor": "wincc",
"version": "7.1"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic pcs7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic pcs 7",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc",
"version": "*"
},
{
"model": "pcs7",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "8.1"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "6.2"
}
],
"sources": [
{
"db": "IVD",
"id": "e2da5658-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "00716b3e-ff45-48a1-bc94-7cbfc25e11ed"
},
{
"db": "IVD",
"id": "7d801221-463f-11e9-a98b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04662"
},
{
"db": "BID",
"id": "68876"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003565"
},
{
"db": "NVD",
"id": "CVE-2014-4682"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-602"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:*:sp1:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4682"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergey Gordeychik, Alexander Tlyapov, Dmitry Nagibin, and Gleb Gritsai from Positive Technologies.",
"sources": [
{
"db": "BID",
"id": "68876"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4682",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-4682",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-04662",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2da5658-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "00716b3e-ff45-48a1-bc94-7cbfc25e11ed",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d801221-463f-11e9-a98b-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-72623",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-4682",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-04662",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-602",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2da5658-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "00716b3e-ff45-48a1-bc94-7cbfc25e11ed",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d801221-463f-11e9-a98b-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-72623",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2da5658-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "00716b3e-ff45-48a1-bc94-7cbfc25e11ed"
},
{
"db": "IVD",
"id": "7d801221-463f-11e9-a98b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04662"
},
{
"db": "VULHUB",
"id": "VHN-72623"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003565"
},
{
"db": "NVD",
"id": "CVE-2014-4682"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-602"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. Siemens SIMATIC WinCC and PCS7 are prone to an information-disclosure vulnerability. Siemens SIMATIC WinCC is the German Siemens ( Siemens ) The company\u0027s set of automated data collection and monitoring ( SCADA )system. The system provides process monitoring, data acquisition and other functions. PCS7 used with other products Siemens SIMATIC WinCC 7.3 previous version of WebNavigator There is a security hole in the server",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4682"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003565"
},
{
"db": "CNVD",
"id": "CNVD-2014-04662"
},
{
"db": "BID",
"id": "68876"
},
{
"db": "IVD",
"id": "e2da5658-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "00716b3e-ff45-48a1-bc94-7cbfc25e11ed"
},
{
"db": "IVD",
"id": "7d801221-463f-11e9-a98b-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-72623"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4682",
"trust": 4.1
},
{
"db": "SIEMENS",
"id": "SSA-214365",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201407-602",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2014-04662",
"trust": 1.2
},
{
"db": "ICS CERT",
"id": "ICSA-14-205-02",
"trust": 1.1
},
{
"db": "BID",
"id": "68876",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003565",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "60392",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "60388",
"trust": 0.6
},
{
"db": "IVD",
"id": "E2DA5658-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "00716B3E-FF45-48A1-BC94-7CBFC25E11ED",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D801221-463F-11E9-A98B-000C29342CB1",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "127660",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-72623",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2da5658-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "00716b3e-ff45-48a1-bc94-7cbfc25e11ed"
},
{
"db": "IVD",
"id": "7d801221-463f-11e9-a98b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04662"
},
{
"db": "VULHUB",
"id": "VHN-72623"
},
{
"db": "BID",
"id": "68876"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003565"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "NVD",
"id": "CVE-2014-4682"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-602"
}
]
},
"id": "VAR-201407-0602",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2da5658-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "00716b3e-ff45-48a1-bc94-7cbfc25e11ed"
},
{
"db": "IVD",
"id": "7d801221-463f-11e9-a98b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04662"
},
{
"db": "VULHUB",
"id": "VHN-72623"
}
],
"trust": 1.9928966825
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2da5658-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "00716b3e-ff45-48a1-bc94-7cbfc25e11ed"
},
{
"db": "IVD",
"id": "7d801221-463f-11e9-a98b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04662"
}
]
},
"last_update_date": "2023-12-18T12:30:37.456000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-214365",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
},
{
"title": "Patch for Siemens SIMATIC WinCC and PCS7 WebNavigator Server Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/47904"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04662"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003565"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72623"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003565"
},
{
"db": "NVD",
"id": "CVE-2014-4682"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4682"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-205-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4682"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/68876"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/60388"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/60392"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/scada/simatic-wincc/pages/default.aspx"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4684"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4683"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4686"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4682"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04662"
},
{
"db": "VULHUB",
"id": "VHN-72623"
},
{
"db": "BID",
"id": "68876"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003565"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "NVD",
"id": "CVE-2014-4682"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-602"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2da5658-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "00716b3e-ff45-48a1-bc94-7cbfc25e11ed"
},
{
"db": "IVD",
"id": "7d801221-463f-11e9-a98b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04662"
},
{
"db": "VULHUB",
"id": "VHN-72623"
},
{
"db": "BID",
"id": "68876"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003565"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "NVD",
"id": "CVE-2014-4682"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-602"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-28T00:00:00",
"db": "IVD",
"id": "e2da5658-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-07-28T00:00:00",
"db": "IVD",
"id": "00716b3e-ff45-48a1-bc94-7cbfc25e11ed"
},
{
"date": "2014-07-28T00:00:00",
"db": "IVD",
"id": "7d801221-463f-11e9-a98b-000c29342cb1"
},
{
"date": "2014-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04662"
},
{
"date": "2014-07-24T00:00:00",
"db": "VULHUB",
"id": "VHN-72623"
},
{
"date": "2014-07-24T00:00:00",
"db": "BID",
"id": "68876"
},
{
"date": "2014-07-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003565"
},
{
"date": "2014-07-29T22:37:22",
"db": "PACKETSTORM",
"id": "127660"
},
{
"date": "2014-07-24T14:55:08.020000",
"db": "NVD",
"id": "CVE-2014-4682"
},
{
"date": "2014-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-602"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04662"
},
{
"date": "2014-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-72623"
},
{
"date": "2015-03-19T08:39:00",
"db": "BID",
"id": "68876"
},
{
"date": "2014-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003565"
},
{
"date": "2014-07-25T14:27:43.193000",
"db": "NVD",
"id": "CVE-2014-4682"
},
{
"date": "2014-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-602"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-602"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC and PCS7 WebNavigator Server Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04662"
},
{
"db": "BID",
"id": "68876"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Information leakage",
"sources": [
{
"db": "IVD",
"id": "e2da5658-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "00716b3e-ff45-48a1-bc94-7cbfc25e11ed"
},
{
"db": "IVD",
"id": "7d801221-463f-11e9-a98b-000c29342cb1"
}
],
"trust": 0.6
}
}
var-201202-0166
Vulnerability from variot
miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request. Siemens SIMATIC is an automation software in a single engineering environment. A security vulnerability exists in the Siemens SIMATIC WinCC HMI web server. The HMI web server does not properly validate the HTTP request. The first byte in the URL is manipulated. Siemens SIMATIC WinCC is prone to an HTTP-header-injection issue, a directory-traversal issue, and an arbitrary memory-read access issue because the application fails to properly sanitize user-supplied input. A remote attacker can exploit these issues to gain elevated privileges, obtain sensitive information, or cause denial-of-service conditions. The vulnerability stems from the failure of miniweb.exe in the HMI web server to correctly handle URLs starting with the 0xfa character
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0166",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "mp"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "tp"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "op"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2007"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2005"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2004"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc runtime advanced",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "comfort_panels"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "mobile_panels"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2008"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2005"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2007"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2004"
},
{
"model": "wincc flexible runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "sp2 update 1"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "v11\\\\"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "comfort panels"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "mobile panels"
},
{
"model": "simatic wincc flexible rumtime",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc flexible",
"version": "2008"
},
{
"model": "simatic wincc flexible runtime",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi panels",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "wincc flexible runtime",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "v11"
},
{
"model": "simatic wincc flexible runtime",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2004"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2005"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2007"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
},
{
"model": "comfort panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mobile panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "op",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "tp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc runtime advanced",
"version": "v11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible runtime",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "28903b3e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0469"
},
{
"db": "BID",
"id": "51836"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001321"
},
{
"db": "NVD",
"id": "CVE-2011-4879"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-094"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:sp2:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "v11",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:v11:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4879"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ICS-CERT",
"sources": [
{
"db": "BID",
"id": "51836"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-094"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4879",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 7.8,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 8.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-4879",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "28903b3e-2354-11e6-abef-000c29c66e3d",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-52824",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4879",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-094",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "28903b3e-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-52824",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "28903b3e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52824"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001321"
},
{
"db": "NVD",
"id": "CVE-2011-4879"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-094"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request. Siemens SIMATIC is an automation software in a single engineering environment. A security vulnerability exists in the Siemens SIMATIC WinCC HMI web server. The HMI web server does not properly validate the HTTP request. The first byte in the URL is manipulated. Siemens SIMATIC WinCC is prone to an HTTP-header-injection issue, a directory-traversal issue, and an arbitrary memory-read access issue because the application fails to properly sanitize user-supplied input. \nA remote attacker can exploit these issues to gain elevated privileges, obtain sensitive information, or cause denial-of-service conditions. The vulnerability stems from the failure of miniweb.exe in the HMI web server to correctly handle URLs starting with the 0xfa character",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4879"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001321"
},
{
"db": "CNVD",
"id": "CNVD-2012-0469"
},
{
"db": "BID",
"id": "51836"
},
{
"db": "IVD",
"id": "28903b3e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52824"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-52824",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52824"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4879",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01",
"trust": 3.4
},
{
"db": "SIEMENS",
"id": "SSA-345442",
"trust": 1.7
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-332-02A",
"trust": 1.1
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-332-02",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "77384",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "18166",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201202-094",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0469",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001321",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "18633",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01A",
"trust": 0.3
},
{
"db": "BID",
"id": "51836",
"trust": 0.3
},
{
"db": "IVD",
"id": "28903B3E-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52824",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "28903b3e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0469"
},
{
"db": "VULHUB",
"id": "VHN-52824"
},
{
"db": "BID",
"id": "51836"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001321"
},
{
"db": "NVD",
"id": "CVE-2011-4879"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-094"
}
]
},
"id": "VAR-201202-0166",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "28903b3e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0469"
},
{
"db": "VULHUB",
"id": "VHN-52824"
}
],
"trust": 1.494686884
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "28903b3e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0469"
}
]
},
"last_update_date": "2023-12-18T12:22:07.993000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-345442",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"title": "\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens SIMATIC WinCC HMI Vulnerability (CNVD-2012-0469)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/9075"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0469"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001321"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52824"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001321"
},
{
"db": "NVD",
"id": "CVE-2011-4879"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01.pdf"
},
{
"trust": 1.7,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"trust": 1.1,
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"trust": 1.1,
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-332-02.pdf"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-332-02a.pdf"
},
{
"trust": 1.1,
"url": "http://www.osvdb.org/77384"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71453"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4879"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4879"
},
{
"trust": 0.6,
"url": "http://aluigi.altervista.org/adv/winccflex_1-adv.txt"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/18633"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/scada/pages/default.aspx"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01a.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0469"
},
{
"db": "VULHUB",
"id": "VHN-52824"
},
{
"db": "BID",
"id": "51836"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001321"
},
{
"db": "NVD",
"id": "CVE-2011-4879"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-094"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "28903b3e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0469"
},
{
"db": "VULHUB",
"id": "VHN-52824"
},
{
"db": "BID",
"id": "51836"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001321"
},
{
"db": "NVD",
"id": "CVE-2011-4879"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-094"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-07T00:00:00",
"db": "IVD",
"id": "28903b3e-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0469"
},
{
"date": "2012-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-52824"
},
{
"date": "2012-02-02T00:00:00",
"db": "BID",
"id": "51836"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001321"
},
{
"date": "2012-02-03T20:55:02.077000",
"db": "NVD",
"id": "CVE-2011-4879"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-094"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0469"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-52824"
},
{
"date": "2012-04-18T21:20:00",
"db": "BID",
"id": "51836"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001321"
},
{
"date": "2017-08-29T01:30:37.413000",
"db": "NVD",
"id": "CVE-2011-4879"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-094"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-094"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens Product HMI Web Vulnerability to read data from arbitrary memory locations on the server",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001321"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "28903b3e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-094"
}
],
"trust": 0.8
}
}
var-201303-0261
Vulnerability from variot
Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. Siemens SIMATIC PCS is a process control system. Siemens SIMATIC WinCC 7.2, Siemens SIMATIC PCS 7 8.0 SP1 versions have information disclosure, directory traversal, buffer overflow security vulnerabilities, which can be exploited by attackers to obtain sensitive information, any system files, and execute arbitrary applications in the context of applications using ActiveX controls. Code. Multiple information-disclosure vulnerabilities 2. A directory-traversal vulnerability 3. Failed exploit attempts will result in a denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201303-0261",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 1.4,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic pcs7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "simatic pcs 7",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "8.0 sp1"
},
{
"model": "simatic pcs sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7\u003c8.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "090c28be-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001991"
},
{
"db": "NVD",
"id": "CVE-2013-0679"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-447"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0679"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vendor, Gleb Gritsai and Sergey Gordeychik from Positive Technologies",
"sources": [
{
"db": "BID",
"id": "58545"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
}
],
"trust": 0.9
},
"cve": "CVE-2013-0679",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-0679",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-02175",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "090c28be-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-60681",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-0679",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-02175",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201303-447",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "090c28be-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-60681",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "090c28be-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60681"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001991"
},
{
"db": "NVD",
"id": "CVE-2013-0679"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-447"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. Siemens SIMATIC PCS is a process control system. Siemens SIMATIC WinCC 7.2, Siemens SIMATIC PCS 7 8.0 SP1 versions have information disclosure, directory traversal, buffer overflow security vulnerabilities, which can be exploited by attackers to obtain sensitive information, any system files, and execute arbitrary applications in the context of applications using ActiveX controls. Code. Multiple information-disclosure vulnerabilities\n2. A directory-traversal vulnerability\n3. Failed exploit attempts will result in a denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0679"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001991"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "BID",
"id": "58545"
},
{
"db": "IVD",
"id": "090c28be-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-60681"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0679",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-13-079-02",
"trust": 2.8
},
{
"db": "SIEMENS",
"id": "SSA-714398",
"trust": 2.0
},
{
"db": "BID",
"id": "58545",
"trust": 1.5
},
{
"db": "CNNVD",
"id": "CNNVD-201303-447",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001991",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-02175",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363",
"trust": 0.6
},
{
"db": "IVD",
"id": "090C28BE-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-60681",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "120899",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "090c28be-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60681"
},
{
"db": "BID",
"id": "58545"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001991"
},
{
"db": "PACKETSTORM",
"id": "120899"
},
{
"db": "NVD",
"id": "CVE-2013-0679"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-447"
}
]
},
"id": "VAR-201303-0261",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "090c28be-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60681"
}
],
"trust": 1.49052891
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "090c28be-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
}
]
},
"last_update_date": "2023-12-18T12:30:58.960000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/entry/cc/en/"
},
{
"title": "SSA-714398: Vulnerabilities in WinCC 7.0 SP3 Update 1",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/answers/jp/ja/"
},
{
"title": "Siemens SIMATIC WinCC and PCS 7 have patches for multiple vulnerabilities such as information leakage, directory traversal, buffer overflows, etc.",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/33002"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001991"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60681"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001991"
},
{
"db": "NVD",
"id": "CVE-2013-0679"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"trust": 2.0,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-079-02.pdf"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/58545"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0679"
},
{
"trust": 0.8,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-079-02-a.pdf"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0679"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/scada/simatic-wincc/pages/default.aspx"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0677"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0678"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0676"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0679"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0675"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60681"
},
{
"db": "BID",
"id": "58545"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001991"
},
{
"db": "PACKETSTORM",
"id": "120899"
},
{
"db": "NVD",
"id": "CVE-2013-0679"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-447"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "090c28be-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60681"
},
{
"db": "BID",
"id": "58545"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001991"
},
{
"db": "PACKETSTORM",
"id": "120899"
},
{
"db": "NVD",
"id": "CVE-2013-0679"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-447"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-22T00:00:00",
"db": "IVD",
"id": "090c28be-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"date": "2013-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-60681"
},
{
"date": "2013-03-15T00:00:00",
"db": "BID",
"id": "58545"
},
{
"date": "2013-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001991"
},
{
"date": "2013-03-21T15:07:17",
"db": "PACKETSTORM",
"id": "120899"
},
{
"date": "2013-03-21T15:55:01.613000",
"db": "NVD",
"id": "CVE-2013-0679"
},
{
"date": "2013-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"date": "2013-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-447"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"date": "2013-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-60681"
},
{
"date": "2013-04-02T15:37:00",
"db": "BID",
"id": "58545"
},
{
"date": "2013-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001991"
},
{
"date": "2013-03-22T14:25:30.613000",
"db": "NVD",
"id": "CVE-2013-0679"
},
{
"date": "2013-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"date": "2013-03-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-447"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "120899"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-447"
}
],
"trust": 1.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC And PCS 7 Multiple Security Vulnerabilities",
"sources": [
{
"db": "BID",
"id": "58545"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "090c28be-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-447"
}
],
"trust": 0.8
}
}
var-201407-0604
Vulnerability from variot
The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A remote privilege elevation vulnerability exists in Siemens' product database servers, which can be exploited by remote attackers to escalate privileges and perform unauthorized actions. SIMATIC WinCC and PCS7 are prone to a remote privilege-escalation vulnerability. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions. A security vulnerability exists in the database server of versions prior to Siemens SIMATIC WinCC 7.3 used by PCS7 and other products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0604",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 2.4,
"vendor": "wincc",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 2.4,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 1.4,
"vendor": "siemens",
"version": "7.3"
},
{
"model": null,
"scope": "eq",
"trust": 1.2,
"vendor": "wincc",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 1.2,
"vendor": "wincc",
"version": "7.1"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic pcs7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic pcs 7",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc",
"version": "*"
},
{
"model": "pcs7",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "8.1"
},
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "6.2"
}
],
"sources": [
{
"db": "IVD",
"id": "7d7feb11-463f-11e9-a766-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d4cc60-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2ce952e5-3809-407f-81cb-08454c69b74b"
},
{
"db": "CNVD",
"id": "CNVD-2014-04663"
},
{
"db": "BID",
"id": "68880"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003567"
},
{
"db": "NVD",
"id": "CVE-2014-4684"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-604"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:*:sp1:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4684"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "68880"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4684",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-4684",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2014-04663",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "7d7feb11-463f-11e9-a766-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "e2d4cc60-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "2ce952e5-3809-407f-81cb-08454c69b74b",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-72625",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-4684",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-04663",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-604",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d7feb11-463f-11e9-a766-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2d4cc60-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "2ce952e5-3809-407f-81cb-08454c69b74b",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-72625",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d7feb11-463f-11e9-a766-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d4cc60-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2ce952e5-3809-407f-81cb-08454c69b74b"
},
{
"db": "CNVD",
"id": "CNVD-2014-04663"
},
{
"db": "VULHUB",
"id": "VHN-72625"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003567"
},
{
"db": "NVD",
"id": "CVE-2014-4684"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-604"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A remote privilege elevation vulnerability exists in Siemens\u0027 product database servers, which can be exploited by remote attackers to escalate privileges and perform unauthorized actions. SIMATIC WinCC and PCS7 are prone to a remote privilege-escalation vulnerability. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions. A security vulnerability exists in the database server of versions prior to Siemens SIMATIC WinCC 7.3 used by PCS7 and other products",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4684"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003567"
},
{
"db": "CNVD",
"id": "CNVD-2014-04663"
},
{
"db": "BID",
"id": "68880"
},
{
"db": "IVD",
"id": "7d7feb11-463f-11e9-a766-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d4cc60-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2ce952e5-3809-407f-81cb-08454c69b74b"
},
{
"db": "VULHUB",
"id": "VHN-72625"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4684",
"trust": 4.1
},
{
"db": "SIEMENS",
"id": "SSA-214365",
"trust": 2.3
},
{
"db": "CNNVD",
"id": "CNNVD-201407-604",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2014-04663",
"trust": 1.2
},
{
"db": "BID",
"id": "68880",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSA-14-205-02",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003567",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "60392",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "60388",
"trust": 0.6
},
{
"db": "IVD",
"id": "7D7FEB11-463F-11E9-A766-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "E2D4CC60-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "2CE952E5-3809-407F-81CB-08454C69B74B",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-72625",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127660",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d7feb11-463f-11e9-a766-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d4cc60-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2ce952e5-3809-407f-81cb-08454c69b74b"
},
{
"db": "CNVD",
"id": "CNVD-2014-04663"
},
{
"db": "VULHUB",
"id": "VHN-72625"
},
{
"db": "BID",
"id": "68880"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003567"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "NVD",
"id": "CVE-2014-4684"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-604"
}
]
},
"id": "VAR-201407-0604",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d7feb11-463f-11e9-a766-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d4cc60-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2ce952e5-3809-407f-81cb-08454c69b74b"
},
{
"db": "CNVD",
"id": "CNVD-2014-04663"
},
{
"db": "VULHUB",
"id": "VHN-72625"
}
],
"trust": 1.9928966825
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d7feb11-463f-11e9-a766-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d4cc60-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2ce952e5-3809-407f-81cb-08454c69b74b"
},
{
"db": "CNVD",
"id": "CNVD-2014-04663"
}
]
},
"last_update_date": "2023-12-18T12:30:37.664000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-214365",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
},
{
"title": "Siemens product database server remote privilege escalation vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/47900"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04663"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003567"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72625"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003567"
},
{
"db": "NVD",
"id": "CVE-2014-4684"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4684"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4684"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-205-02"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/60388"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/60392"
},
{
"trust": 0.3,
"url": "http://aunz.siemens.com/newscentre/productreleases/pages/iac_pr_simaticwinccv62.aspx"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4684"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4683"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4686"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4682"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04663"
},
{
"db": "VULHUB",
"id": "VHN-72625"
},
{
"db": "BID",
"id": "68880"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003567"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "NVD",
"id": "CVE-2014-4684"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-604"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d7feb11-463f-11e9-a766-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d4cc60-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2ce952e5-3809-407f-81cb-08454c69b74b"
},
{
"db": "CNVD",
"id": "CNVD-2014-04663"
},
{
"db": "VULHUB",
"id": "VHN-72625"
},
{
"db": "BID",
"id": "68880"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003567"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "NVD",
"id": "CVE-2014-4684"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-604"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-28T00:00:00",
"db": "IVD",
"id": "7d7feb11-463f-11e9-a766-000c29342cb1"
},
{
"date": "2014-07-28T00:00:00",
"db": "IVD",
"id": "e2d4cc60-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-07-28T00:00:00",
"db": "IVD",
"id": "2ce952e5-3809-407f-81cb-08454c69b74b"
},
{
"date": "2014-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04663"
},
{
"date": "2014-07-24T00:00:00",
"db": "VULHUB",
"id": "VHN-72625"
},
{
"date": "2014-07-23T00:00:00",
"db": "BID",
"id": "68880"
},
{
"date": "2014-07-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003567"
},
{
"date": "2014-07-29T22:37:22",
"db": "PACKETSTORM",
"id": "127660"
},
{
"date": "2014-07-24T14:55:08.097000",
"db": "NVD",
"id": "CVE-2014-4684"
},
{
"date": "2014-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-604"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04663"
},
{
"date": "2014-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-72625"
},
{
"date": "2014-10-08T06:59:00",
"db": "BID",
"id": "68880"
},
{
"date": "2014-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003567"
},
{
"date": "2014-07-25T14:42:45.647000",
"db": "NVD",
"id": "CVE-2014-4684"
},
{
"date": "2014-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-604"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-604"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC PCS 7 Used in products such as SIMATIC WinCC of Vulnerability that can be obtained privilege in the database server",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003567"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Permission permission and access control",
"sources": [
{
"db": "IVD",
"id": "7d7feb11-463f-11e9-a766-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d4cc60-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2ce952e5-3809-407f-81cb-08454c69b74b"
}
],
"trust": 0.6
}
}
var-201206-0072
Vulnerability from variot
The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML injection" attack. WinCC flexible is a human-machine interface for use in some machine or process applications. Siemens SIMATIC WinCC Flexible does not filter out specially crafted characters when parsing URL parameters. There is a security vulnerability in the implementation, and an attacker can use the vulnerability to read or write system settings. Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible. The vulnerability is related to 'XML injection' attacks.
The vulnerability is caused due to an input sanitisation error within the DiagAgent web server and can be exploited to cause a buffer overflow and crash the DiagAgent.
Successful exploitation requires the DiagAgent web server to be enabled (disabled by default). ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA49341
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49341/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
RELEASE DATE: 2012-06-07
DISCUSS ADVISORY: http://secunia.com/advisories/49341/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49341/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A weakness and some vulnerabilities have been reported in Siemens SIMATIC WinCC, which can be exploited by malicious users to disclose potentially sensitive information and system information and manipulate certain data and by malicious people to conduct spoofing and cross-site scripting attacks. This can be exploited to manipulate XPath queries by injecting arbitrary XPath code and e.g.
2) Certain input passed via a filename to two unspecified web applications is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences.
3) Certain input passed to two unspecified web applications is not properly sanitised before being returned to the user.
4) Certain input is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.
The weakness and the vulnerabilities are reported in version 7.0 SP3.
SOLUTION: Apply "Update 2" (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: 1-3) The vendor credits Gleb Gritsai, Alexander Zaitsev, Sergey Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, and Andrey Medov, Positive Technologies. 4) Reported by the vendor.
ORIGINAL ADVISORY: Siemens: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf
ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0072",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc sp3",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "update 2"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.0"
}
],
"sources": [
{
"db": "IVD",
"id": "c4c81518-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3212"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002659"
},
{
"db": "NVD",
"id": "CVE-2012-2596"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-085"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp3:update_1:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2596"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gleb Gritsai, Alexander Zaitsev, Sergey Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, Andrey Medov and Siemens",
"sources": [
{
"db": "BID",
"id": "53837"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-085"
}
],
"trust": 0.9
},
"cve": "CVE-2012-2596",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-2596",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "c4c81518-2353-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-55877",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-2596",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201206-085",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c4c81518-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-55877",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c4c81518-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-55877"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002659"
},
{
"db": "NVD",
"id": "CVE-2012-2596"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-085"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an \"XML injection\" attack. WinCC flexible is a human-machine interface for use in some machine or process applications. Siemens SIMATIC WinCC Flexible does not filter out specially crafted characters when parsing URL parameters. There is a security vulnerability in the implementation, and an attacker can use the vulnerability to read or write system settings. Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible. The vulnerability is related to \u0027XML injection\u0027 attacks. \n\nThe vulnerability is caused due to an input sanitisation error within\nthe DiagAgent web server and can be exploited to cause a buffer\noverflow and crash the DiagAgent. \n\nSuccessful exploitation requires the DiagAgent web server to be\nenabled (disabled by default). ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens SIMATIC WinCC Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA49341\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49341/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341\n\nRELEASE DATE:\n2012-06-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49341/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49341/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA weakness and some vulnerabilities have been reported in Siemens\nSIMATIC WinCC, which can be exploited by malicious users to disclose\npotentially sensitive information and system information and\nmanipulate certain data and by malicious people to conduct spoofing\nand cross-site scripting attacks. This can be exploited to manipulate XPath\nqueries by injecting arbitrary XPath code and e.g. \n\n2) Certain input passed via a filename to two unspecified web\napplications is not properly verified before being used to display\nfiles. This can be exploited to disclose the contents of arbitrary\nfiles via directory traversal sequences. \n\n3) Certain input passed to two unspecified web applications is not\nproperly sanitised before being returned to the user. \n\n4) Certain input is not properly verified before being used to\nredirect users. This can be exploited to redirect a user to an\narbitrary website e.g. when a user clicks a specially crafted link to\nthe affected script hosted on a trusted domain. \n\nThe weakness and the vulnerabilities are reported in version 7.0 SP3. \n\nSOLUTION:\nApply \"Update 2\" (please see the vendor\u0027s advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\n1-3) The vendor credits Gleb Gritsai, Alexander Zaitsev, Sergey\nScherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis\nBaranov, and Andrey Medov, Positive Technologies. \n4) Reported by the vendor. \n\nORIGINAL ADVISORY:\nSiemens:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf\n\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2596"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002659"
},
{
"db": "CNVD",
"id": "CNVD-2012-3212"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "IVD",
"id": "c4c81518-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-55877"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-2596",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-158-01",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-223158",
"trust": 1.9
},
{
"db": "CNNVD",
"id": "CNNVD-201206-085",
"trust": 0.9
},
{
"db": "BID",
"id": "53837",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "49341",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-3212",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002659",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "19751",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "49359",
"trust": 0.3
},
{
"db": "IVD",
"id": "C4C81518-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-55877",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113374",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113371",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c4c81518-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3212"
},
{
"db": "VULHUB",
"id": "VHN-55877"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002659"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "NVD",
"id": "CVE-2012-2596"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-085"
}
]
},
"id": "VAR-201206-0072",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c4c81518-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3212"
},
{
"db": "VULHUB",
"id": "VHN-55877"
}
],
"trust": 1.5935203766666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c4c81518-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3212"
}
]
},
"last_update_date": "2023-12-18T12:38:49.236000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-223158: Multiple Vulnerabilities in WinCC 7.0 SP3",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens WinCC Vulnerability (CNVD-2012-3212)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/18132"
},
{
"title": "Update 2 for WinCC V7.0 SP3 und WinCC V7.0 SP3 ASIA",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=43310"
},
{
"title": "Update 2 for WinCC V7.0 SP3 und WinCC V7.0 SP3 ASIA",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=43309"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002659"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-085"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55877"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002659"
},
{
"db": "NVD",
"id": "CVE-2012-2596"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-158-01.pdf"
},
{
"trust": 1.9,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2596"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2596"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/49341"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/53837"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19751"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/pages/default.aspx"
},
{
"trust": 0.2,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49359/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49359/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49359"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49341/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49341/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3212"
},
{
"db": "VULHUB",
"id": "VHN-55877"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002659"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "NVD",
"id": "CVE-2012-2596"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-085"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c4c81518-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3212"
},
{
"db": "VULHUB",
"id": "VHN-55877"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002659"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "NVD",
"id": "CVE-2012-2596"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-085"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-19T00:00:00",
"db": "IVD",
"id": "c4c81518-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3212"
},
{
"date": "2012-06-08T00:00:00",
"db": "VULHUB",
"id": "VHN-55877"
},
{
"date": "2012-06-06T00:00:00",
"db": "BID",
"id": "53837"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002659"
},
{
"date": "2012-06-08T07:05:53",
"db": "PACKETSTORM",
"id": "113374"
},
{
"date": "2012-06-08T07:05:43",
"db": "PACKETSTORM",
"id": "113371"
},
{
"date": "2012-06-08T18:55:02.220000",
"db": "NVD",
"id": "CVE-2012-2596"
},
{
"date": "2012-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-085"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3212"
},
{
"date": "2012-06-12T00:00:00",
"db": "VULHUB",
"id": "VHN-55877"
},
{
"date": "2012-06-06T00:00:00",
"db": "BID",
"id": "53837"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002659"
},
{
"date": "2012-06-12T04:00:00",
"db": "NVD",
"id": "CVE-2012-2596"
},
{
"date": "2012-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-085"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201206-085"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens WinCC of Web Application XPath Vulnerability to read settings in function",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002659"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code injection",
"sources": [
{
"db": "IVD",
"id": "c4c81518-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-085"
}
],
"trust": 0.8
}
}
var-201303-0257
Vulnerability from variot
Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a denial of service via a crafted packet. A buffer overflow vulnerability exists in CCEServer in versions of Siemens WinCC prior to 7.2 used in SIMATIC PCS7. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. Siemens SIMATIC PCS is a process control system. Siemens SIMATIC WinCC 7.2, Siemens SIMATIC PCS 7 8.0 SP1 versions have information disclosure, directory traversal, buffer overflow security vulnerabilities, which can be exploited by attackers to obtain sensitive information, any system files, and execute arbitrary applications in the context of applications using ActiveX controls. Code. Multiple information-disclosure vulnerabilities 2. A directory-traversal vulnerability 3. Failed exploit attempts will result in a denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201303-0257",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 1.4,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic pcs7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "simatic pcs 7",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "8.0 sp1"
},
{
"model": "wincc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic pcs sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7\u003c8.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "08df6392-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02147"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001988"
},
{
"db": "NVD",
"id": "CVE-2013-0675"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-443"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0675"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vendor, Gleb Gritsai and Sergey Gordeychik from Positive Technologies",
"sources": [
{
"db": "BID",
"id": "58545"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
}
],
"trust": 0.9
},
"cve": "CVE-2013-0675",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-0675",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CNVD-2013-02147",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-02175",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "08df6392-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-60677",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-0675",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-02147",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-02175",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201303-443",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "08df6392-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-60677",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "08df6392-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02147"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60677"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001988"
},
{
"db": "NVD",
"id": "CVE-2013-0675"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-443"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a denial of service via a crafted packet. A buffer overflow vulnerability exists in CCEServer in versions of Siemens WinCC prior to 7.2 used in SIMATIC PCS7. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. Siemens SIMATIC PCS is a process control system. Siemens SIMATIC WinCC 7.2, Siemens SIMATIC PCS 7 8.0 SP1 versions have information disclosure, directory traversal, buffer overflow security vulnerabilities, which can be exploited by attackers to obtain sensitive information, any system files, and execute arbitrary applications in the context of applications using ActiveX controls. Code. Multiple information-disclosure vulnerabilities\n2. A directory-traversal vulnerability\n3. Failed exploit attempts will result in a denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0675"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001988"
},
{
"db": "CNVD",
"id": "CNVD-2013-02147"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "BID",
"id": "58545"
},
{
"db": "IVD",
"id": "08df6392-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-60677"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0675",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-13-079-02",
"trust": 2.8
},
{
"db": "SIEMENS",
"id": "SSA-714398",
"trust": 2.0
},
{
"db": "BID",
"id": "58545",
"trust": 1.5
},
{
"db": "CNNVD",
"id": "CNNVD-201303-443",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-02147",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001988",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-02175",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363",
"trust": 0.6
},
{
"db": "IVD",
"id": "08DF6392-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-60677",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "120899",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "08df6392-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02147"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60677"
},
{
"db": "BID",
"id": "58545"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001988"
},
{
"db": "PACKETSTORM",
"id": "120899"
},
{
"db": "NVD",
"id": "CVE-2013-0675"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-443"
}
]
},
"id": "VAR-201303-0257",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "08df6392-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02147"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60677"
}
],
"trust": 2.09052891
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.4
}
],
"sources": [
{
"db": "IVD",
"id": "08df6392-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02147"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
}
]
},
"last_update_date": "2023-12-18T12:30:58.902000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/entry/cc/en/"
},
{
"title": "SSA-714398: Vulnerabilities in WinCC 7.0 SP3 Update 1",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/answers/jp/ja/"
},
{
"title": "Patch for Siemens WinCC CCEServer Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/33000"
},
{
"title": "Siemens SIMATIC WinCC and PCS 7 have patches for multiple vulnerabilities such as information leakage, directory traversal, buffer overflows, etc.",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/33002"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02147"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001988"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60677"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001988"
},
{
"db": "NVD",
"id": "CVE-2013-0675"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"trust": 2.0,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-079-02.pdf"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0675"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/58545"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0675"
},
{
"trust": 0.8,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-079-02-a.pdf"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/scada/simatic-wincc/pages/default.aspx"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0677"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0678"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0676"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0679"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0675"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02147"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60677"
},
{
"db": "BID",
"id": "58545"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001988"
},
{
"db": "PACKETSTORM",
"id": "120899"
},
{
"db": "NVD",
"id": "CVE-2013-0675"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-443"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "08df6392-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02147"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60677"
},
{
"db": "BID",
"id": "58545"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001988"
},
{
"db": "PACKETSTORM",
"id": "120899"
},
{
"db": "NVD",
"id": "CVE-2013-0675"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-443"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-26T00:00:00",
"db": "IVD",
"id": "08df6392-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02147"
},
{
"date": "2013-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"date": "2013-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-60677"
},
{
"date": "2013-03-15T00:00:00",
"db": "BID",
"id": "58545"
},
{
"date": "2013-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001988"
},
{
"date": "2013-03-21T15:07:17",
"db": "PACKETSTORM",
"id": "120899"
},
{
"date": "2013-03-21T15:55:01.553000",
"db": "NVD",
"id": "CVE-2013-0675"
},
{
"date": "2013-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"date": "2013-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-443"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02147"
},
{
"date": "2013-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"date": "2013-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-60677"
},
{
"date": "2013-04-02T15:37:00",
"db": "BID",
"id": "58545"
},
{
"date": "2013-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001988"
},
{
"date": "2013-03-22T13:52:30.073000",
"db": "NVD",
"id": "CVE-2013-0675"
},
{
"date": "2013-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"date": "2013-03-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-443"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "120899"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens WinCC CCEServer Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "08df6392-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02147"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-443"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "08df6392-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-443"
}
],
"trust": 0.8
}
}
var-201209-0226
Vulnerability from variot
WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified methods in ActiveX controls. Siemens SIMATIC is an automation software in a single engineering environment. Siemens SIMATIC WinCC is prone to information-disclosure, SQL-injection, directory-traversal, and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. The attacker may exploit the information-disclosure issue and directory-traversal issues to gain access to sensitive information that may lead to further attacks. The attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Siemens SIMATIC WinCC 7.0 SP3 and prior versions are vulnerable. WinCC flexible is a human-machine interface used in some machine or process applications.
The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to perform certain unspecified actions when a logged-in administrative user visits a specially crafted web page. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA50568
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50568/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
RELEASE DATE: 2012-09-11
DISCUSS ADVISORY: http://secunia.com/advisories/50568/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/50568/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Siemens SIMATIC WinCC, which can be exploited by malicious people to conduct cross-site scripting attacks, conduct SQL injection attacks, and disclose certain sensitive information.
1) Certain unspecified input passed to the WebNavigator component is not properly sanitised before being returned to the user.
2) Certain input passed to the WebNavigator component is not properly verified before being used to read files. This can be exploited to read arbitrary files via directory traversal sequences.
3) Certain input passed via SOAP messages to the WebNavigator component is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
SOLUTION: Apply Update 3.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: The vendor credits Denis Baranov, Sergey Bobrov, Artem Chaykin, Vladimir Kochetkov, Pavel Toporkov, and Timur Yunusov, Positive Technologies.
ORIGINAL ADVISORY: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201209-0226",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "6.0"
},
{
"model": "simatic pcs 7",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "lte",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.x"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "77.x"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "5e11d08e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5087"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004450"
},
{
"db": "NVD",
"id": "CVE-2012-3034"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-296"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:sp3:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3034"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Denis Baranov Sergey Bobrov, Artem Chaykin, Vladimir Kochetkov, Pavel Toporkov,Timur Yunusov from Positive Technologies",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-296"
}
],
"trust": 0.6
},
"cve": "CVE-2012-3034",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-3034",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "5e11d08e-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-56315",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-3034",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201209-296",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5e11d08e-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-56315",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2012-3034",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5e11d08e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-56315"
},
{
"db": "VULMON",
"id": "CVE-2012-3034"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004450"
},
{
"db": "NVD",
"id": "CVE-2012-3034"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-296"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified methods in ActiveX controls. Siemens SIMATIC is an automation software in a single engineering environment. Siemens SIMATIC WinCC is prone to information-disclosure, SQL-injection, directory-traversal, and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. \nThe attacker may exploit the information-disclosure issue and directory-traversal issues to gain access to sensitive information that may lead to further attacks. \nThe attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nAn attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nSiemens SIMATIC WinCC 7.0 SP3 and prior versions are vulnerable. WinCC flexible is a human-machine interface used in some machine or process applications. \n\nThe application allows users to perform certain actions via HTTP\nrequests without performing proper validity checks to verify the\nrequests. This can be exploited to perform certain unspecified\nactions when a logged-in administrative user visits a specially\ncrafted web page. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens SIMATIC WinCC Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA50568\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50568/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568\n\nRELEASE DATE:\n2012-09-11\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50568/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50568/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Siemens SIMATIC WinCC,\nwhich can be exploited by malicious people to conduct cross-site\nscripting attacks, conduct SQL injection attacks, and disclose\ncertain sensitive information. \n\n1) Certain unspecified input passed to the WebNavigator component is\nnot properly sanitised before being returned to the user. \n\n2) Certain input passed to the WebNavigator component is not properly\nverified before being used to read files. This can be exploited to\nread arbitrary files via directory traversal sequences. \n\n3) Certain input passed via SOAP messages to the WebNavigator\ncomponent is not properly sanitised before being used in SQL queries. \nThis can be exploited to manipulate SQL queries by injecting arbitrary\nSQL code. \n\nSOLUTION:\nApply Update 3. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Denis Baranov, Sergey Bobrov, Artem Chaykin,\nVladimir Kochetkov, Pavel Toporkov, and Timur Yunusov, Positive\nTechnologies. \n\nORIGINAL ADVISORY:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3034"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004450"
},
{
"db": "CNVD",
"id": "CNVD-2012-5087"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "IVD",
"id": "5e11d08e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-56315"
},
{
"db": "VULMON",
"id": "CVE-2012-3034"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3034",
"trust": 3.7
},
{
"db": "SIEMENS",
"id": "SSA-864051",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-256-01",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201209-296",
"trust": 0.9
},
{
"db": "BID",
"id": "55492",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-5087",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004450",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "50568",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "20651",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "20931",
"trust": 0.6
},
{
"db": "IVD",
"id": "5E11D08E-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "50581",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-56315",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2012-3034",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116445",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116447",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5e11d08e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5087"
},
{
"db": "VULHUB",
"id": "VHN-56315"
},
{
"db": "VULMON",
"id": "CVE-2012-3034"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004450"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "NVD",
"id": "CVE-2012-3034"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-296"
}
]
},
"id": "VAR-201209-0226",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5e11d08e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5087"
},
{
"db": "VULHUB",
"id": "VHN-56315"
}
],
"trust": 1.49052891
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "5e11d08e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5087"
}
]
},
"last_update_date": "2023-12-18T12:58:16.293000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/"
},
{
"title": "SSA-864051: Multiple Vulnerabilities in WinCC 7.0 SP3",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens SIMATIC WinCC ActiveX Control Account Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/22134"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5087"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004450"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56315"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004450"
},
{
"db": "NVD",
"id": "CVE-2012-3034"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-256-01.pdf"
},
{
"trust": 2.0,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"trust": 1.8,
"url": "http://en.securitylab.ru/lab/pt-2012-45"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3034"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3034"
},
{
"trust": 0.6,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdfhttp"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/50568"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/55492"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20931"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20651"
},
{
"trust": 0.3,
"url": "http://aunz.siemens.com/newscentre/productreleases/pages/iac_pr_simaticwinccv62.aspx"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=26911"
},
{
"trust": 0.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-12-256-01"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50581"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50581/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50581/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50568/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50568/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5087"
},
{
"db": "VULHUB",
"id": "VHN-56315"
},
{
"db": "VULMON",
"id": "CVE-2012-3034"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004450"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "NVD",
"id": "CVE-2012-3034"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-296"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5e11d08e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5087"
},
{
"db": "VULHUB",
"id": "VHN-56315"
},
{
"db": "VULMON",
"id": "CVE-2012-3034"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004450"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "NVD",
"id": "CVE-2012-3034"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-296"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-13T00:00:00",
"db": "IVD",
"id": "5e11d08e-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5087"
},
{
"date": "2012-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-56315"
},
{
"date": "2012-09-18T00:00:00",
"db": "VULMON",
"id": "CVE-2012-3034"
},
{
"date": "2012-09-11T00:00:00",
"db": "BID",
"id": "55492"
},
{
"date": "2012-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004450"
},
{
"date": "2012-09-11T07:30:00",
"db": "PACKETSTORM",
"id": "116445"
},
{
"date": "2012-09-11T07:30:06",
"db": "PACKETSTORM",
"id": "116447"
},
{
"date": "2012-09-18T14:55:01.583000",
"db": "NVD",
"id": "CVE-2012-3034"
},
{
"date": "2012-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-296"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5087"
},
{
"date": "2012-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-56315"
},
{
"date": "2012-09-19T00:00:00",
"db": "VULMON",
"id": "CVE-2012-3034"
},
{
"date": "2012-09-12T22:50:00",
"db": "BID",
"id": "55492"
},
{
"date": "2012-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004450"
},
{
"date": "2012-09-19T14:11:05.407000",
"db": "NVD",
"id": "CVE-2012-3034"
},
{
"date": "2012-09-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-296"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-296"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC ActiveX Control Account Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "5e11d08e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5087"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-296"
}
],
"trust": 0.6
}
}
var-201202-0043
Vulnerability from variot
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie. plural Siemens Product HMI Web The server Cookie There is a vulnerability that prevents authentication because it generates a predictable authentication token.Skillfully crafted by a third party Cookie Authentication may be bypassed. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. Multiple Siemens SIMATIC products have security vulnerabilities, and the insecure generation of authentication tokens (session COOKIE guesses) allows an attacker to bypass authentication checks and increase privileges without a username and password. An attacker can exploit these issues to bypass intended security restrictions and gain access to the affected application. Successfully exploiting these issues may lead to further attacks. The Siemens SIMATIC HMI product family is used as the human-machine interface between the corresponding PLC and the operator
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0043",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "mp"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "op"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "tp"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2007"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2005"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2004"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc runtime advanced",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "comfort_panels"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "mobile_panels"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2008"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2005"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2007"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2004"
},
{
"model": "wincc flexible runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible sp1",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible sp2",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible sp1",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "2005"
},
{
"model": "simatic wincc flexible runtime",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc sp2",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic wincc sp1",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "comfort panels"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "mobile panels"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "v11 sp2 update 1"
},
{
"model": "simatic wincc flexible",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "2008 sp3"
},
{
"model": "simatic wincc flexible rumtime",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "v11"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc flexible",
"version": "2008"
},
{
"model": "wincc flexible runtime",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "v11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2004"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2005"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2007"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
},
{
"model": "comfort panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mobile panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "op",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "tp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc runtime advanced",
"version": "v11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible runtime",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "28828750-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5448"
},
{
"db": "BID",
"id": "51177"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001310"
},
{
"db": "NVD",
"id": "CVE-2011-4508"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-422"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:sp2:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "v11",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:v11:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4508"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios and Terry McCorkle",
"sources": [
{
"db": "BID",
"id": "51177"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-422"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4508",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-4508",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "28828750-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-52453",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4508",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201112-422",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "28828750-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-52453",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "28828750-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52453"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001310"
},
{
"db": "NVD",
"id": "CVE-2011-4508"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-422"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie. plural Siemens Product HMI Web The server Cookie There is a vulnerability that prevents authentication because it generates a predictable authentication token.Skillfully crafted by a third party Cookie Authentication may be bypassed. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. Multiple Siemens SIMATIC products have security vulnerabilities, and the insecure generation of authentication tokens (session COOKIE guesses) allows an attacker to bypass authentication checks and increase privileges without a username and password. \nAn attacker can exploit these issues to bypass intended security restrictions and gain access to the affected application. Successfully exploiting these issues may lead to further attacks. The Siemens SIMATIC HMI product family is used as the human-machine interface between the corresponding PLC and the operator",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4508"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001310"
},
{
"db": "CNVD",
"id": "CNVD-2011-5448"
},
{
"db": "BID",
"id": "51177"
},
{
"db": "IVD",
"id": "28828750-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52453"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4508",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-345442",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201112-422",
"trust": 0.9
},
{
"db": "BID",
"id": "51177",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2011-5448",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001310",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "18390",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-11-356-01",
"trust": 0.3
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01A",
"trust": 0.3
},
{
"db": "IVD",
"id": "28828750-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52453",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "28828750-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5448"
},
{
"db": "VULHUB",
"id": "VHN-52453"
},
{
"db": "BID",
"id": "51177"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001310"
},
{
"db": "NVD",
"id": "CVE-2011-4508"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-422"
}
]
},
"id": "VAR-201202-0043",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "28828750-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5448"
},
{
"db": "VULHUB",
"id": "VHN-52453"
}
],
"trust": 1.5622348525
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "28828750-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5448"
}
]
},
"last_update_date": "2023-12-18T12:22:07.823000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-345442",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"title": "\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for multiple Siemens SIMATIC Product Verification Bypass Vulnerabilities (CNVD-2011-5448)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/72707"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5448"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001310"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52453"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001310"
},
{
"db": "NVD",
"id": "CVE-2011-4508"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01.pdf"
},
{
"trust": 1.7,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4508"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4508"
},
{
"trust": 0.6,
"url": "http://xs-sniper.com/blog/2011/12/20/the-siemens-simatic-remote-authentication-bypass-that-doesnt-exist/http"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/51177"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/18390"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/pages/default.aspx"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/user-interface/pages/default.aspx"
},
{
"trust": 0.3,
"url": "http://xs-sniper.com/blog/2011/12/20/the-siemens-simatic-remote-authentication-bypass-that-doesnt-exist/"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01a.pdf"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-356-01.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5448"
},
{
"db": "VULHUB",
"id": "VHN-52453"
},
{
"db": "BID",
"id": "51177"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001310"
},
{
"db": "NVD",
"id": "CVE-2011-4508"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-422"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "28828750-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5448"
},
{
"db": "VULHUB",
"id": "VHN-52453"
},
{
"db": "BID",
"id": "51177"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001310"
},
{
"db": "NVD",
"id": "CVE-2011-4508"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-422"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-26T00:00:00",
"db": "IVD",
"id": "28828750-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5448"
},
{
"date": "2012-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-52453"
},
{
"date": "2011-12-22T00:00:00",
"db": "BID",
"id": "51177"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001310"
},
{
"date": "2012-02-03T20:55:01.250000",
"db": "NVD",
"id": "CVE-2011-4508"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-422"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5448"
},
{
"date": "2012-02-07T00:00:00",
"db": "VULHUB",
"id": "VHN-52453"
},
{
"date": "2012-04-18T21:20:00",
"db": "BID",
"id": "51177"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001310"
},
{
"date": "2012-02-07T05:00:00",
"db": "NVD",
"id": "CVE-2011-4508"
},
{
"date": "2012-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-422"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-422"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens Product HMI Web Vulnerability that prevents authentication on the server",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001310"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-422"
}
],
"trust": 0.6
}
}
var-201202-0049
Vulnerability from variot
The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session. plural Siemens Product TELNET Since the daemon does not authenticate, there is a vulnerability that allows easy access.By a third party TCP Access can easily be gained through a session. Siemens SIMATIC is an automation software in a single engineering environment. SIMATIC panels include the Telnet daemon by default, but the daemon does not implement any validation features. A vulnerability exists in several versions of Siemens SIMATIC WinCC due to the failure of the TELNET daemon to perform authentication. A remote attacker could use this vulnerability to gain access through a TCP session
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0049",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "mp"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "op"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "tp"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "2008"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "2007"
},
{
"model": "wincc runtime advanced",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "comfort_panels"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "mobile_panels"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.4,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.4,
"vendor": "siemens",
"version": "2007"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.4,
"vendor": "siemens",
"version": "2005"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.4,
"vendor": "siemens",
"version": "2004"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.4,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2005"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2004"
},
{
"model": "wincc flexible runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "comfort panels"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "mobile panels"
},
{
"model": "simatic wincc flexible rumtime",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic wincc flexible runtime",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi panels",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "wincc flexible runtime",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2004"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2005"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2007"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2008"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "v11"
},
{
"model": "comfort panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mobile panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "op",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "tp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc runtime advanced",
"version": "v11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible runtime",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "28d0ca64-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0464"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001316"
},
{
"db": "NVD",
"id": "CVE-2011-4514"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-089"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4514"
}
]
},
"cve": "CVE-2011-4514",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-4514",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "28d0ca64-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-52459",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4514",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-089",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "28d0ca64-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-52459",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "28d0ca64-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52459"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001316"
},
{
"db": "NVD",
"id": "CVE-2011-4514"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-089"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session. plural Siemens Product TELNET Since the daemon does not authenticate, there is a vulnerability that allows easy access.By a third party TCP Access can easily be gained through a session. Siemens SIMATIC is an automation software in a single engineering environment. SIMATIC panels include the Telnet daemon by default, but the daemon does not implement any validation features. A vulnerability exists in several versions of Siemens SIMATIC WinCC due to the failure of the TELNET daemon to perform authentication. A remote attacker could use this vulnerability to gain access through a TCP session",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4514"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001316"
},
{
"db": "CNVD",
"id": "CNVD-2012-0464"
},
{
"db": "IVD",
"id": "28d0ca64-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52459"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4514",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01",
"trust": 3.1
},
{
"db": "SIEMENS",
"id": "SSA-345442",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201202-089",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0464",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001316",
"trust": 0.8
},
{
"db": "IVD",
"id": "28D0CA64-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52459",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "28d0ca64-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0464"
},
{
"db": "VULHUB",
"id": "VHN-52459"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001316"
},
{
"db": "NVD",
"id": "CVE-2011-4514"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-089"
}
]
},
"id": "VAR-201202-0049",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "28d0ca64-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0464"
},
{
"db": "VULHUB",
"id": "VHN-52459"
}
],
"trust": 1.494686884
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "28d0ca64-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0464"
}
]
},
"last_update_date": "2023-12-18T12:22:07.510000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-345442",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"title": "\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens SIMATIC WinCC HMI Telnet Vulnerability (CNVD-2012-0464)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/9062"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0464"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001316"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52459"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001316"
},
{
"db": "NVD",
"id": "CVE-2011-4514"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01.pdf"
},
{
"trust": 1.7,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4514"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4514"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0464"
},
{
"db": "VULHUB",
"id": "VHN-52459"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001316"
},
{
"db": "NVD",
"id": "CVE-2011-4514"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-089"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "28d0ca64-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0464"
},
{
"db": "VULHUB",
"id": "VHN-52459"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001316"
},
{
"db": "NVD",
"id": "CVE-2011-4514"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-089"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-07T00:00:00",
"db": "IVD",
"id": "28d0ca64-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0464"
},
{
"date": "2012-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-52459"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001316"
},
{
"date": "2012-02-03T20:55:01.577000",
"db": "NVD",
"id": "CVE-2011-4514"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-089"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0464"
},
{
"date": "2012-02-06T00:00:00",
"db": "VULHUB",
"id": "VHN-52459"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001316"
},
{
"date": "2012-02-06T05:00:00",
"db": "NVD",
"id": "CVE-2011-4514"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-089"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-089"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens Product TELNET Access vulnerability in daemon",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001316"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-089"
}
],
"trust": 0.6
}
}
var-201209-0223
Vulnerability from variot
WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote attackers to read a (1) log file or (2) configuration file via a direct request. Siemens SIMATIC is an automation software in a single engineering environment. The Siemens SIMATIC WinCC WebNavigator component incorrectly handles input, allowing an attacker to read system files using a directory traversal sequence. Siemens SIMATIC WinCC is prone to information-disclosure, SQL-injection, directory-traversal, and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. The attacker may exploit the information-disclosure issue and directory-traversal issues to gain access to sensitive information that may lead to further attacks. The attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Siemens SIMATIC WinCC 7.0 SP3 and prior versions are vulnerable. WinCC flexible is a human-machine interface used in some machine or process applications.
The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to perform certain unspecified actions when a logged-in administrative user visits a specially crafted web page. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA50568
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50568/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
RELEASE DATE: 2012-09-11
DISCUSS ADVISORY: http://secunia.com/advisories/50568/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/50568/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Siemens SIMATIC WinCC, which can be exploited by malicious people to conduct cross-site scripting attacks, conduct SQL injection attacks, and disclose certain sensitive information.
1) Certain unspecified input passed to the WebNavigator component is not properly sanitised before being returned to the user.
3) Certain input passed via SOAP messages to the WebNavigator component is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
4) An error within the ActiveX control can be exploited to disclose the username and password of an authenticated user.
SOLUTION: Apply Update 3.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: The vendor credits Denis Baranov, Sergey Bobrov, Artem Chaykin, Vladimir Kochetkov, Pavel Toporkov, and Timur Yunusov, Positive Technologies.
ORIGINAL ADVISORY: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201209-0223",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "6.0"
},
{
"model": "simatic pcs 7",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "lte",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.x"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "77.x"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "5dd6af86-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5083"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004447"
},
{
"db": "NVD",
"id": "CVE-2012-3030"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-293"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:sp3:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3030"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Denis Baranov Sergey Bobrov, Artem Chaykin, Vladimir Kochetkov, Pavel Toporkov,Timur Yunusov from Positive Technologies",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-293"
}
],
"trust": 0.6
},
"cve": "CVE-2012-3030",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-3030",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "5dd6af86-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-56311",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-3030",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201209-293",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5dd6af86-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-56311",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5dd6af86-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-56311"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004447"
},
{
"db": "NVD",
"id": "CVE-2012-3030"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-293"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote attackers to read a (1) log file or (2) configuration file via a direct request. Siemens SIMATIC is an automation software in a single engineering environment. The Siemens SIMATIC WinCC WebNavigator component incorrectly handles input, allowing an attacker to read system files using a directory traversal sequence. Siemens SIMATIC WinCC is prone to information-disclosure, SQL-injection, directory-traversal, and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. \nThe attacker may exploit the information-disclosure issue and directory-traversal issues to gain access to sensitive information that may lead to further attacks. \nThe attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nAn attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nSiemens SIMATIC WinCC 7.0 SP3 and prior versions are vulnerable. WinCC flexible is a human-machine interface used in some machine or process applications. \n\nThe application allows users to perform certain actions via HTTP\nrequests without performing proper validity checks to verify the\nrequests. This can be exploited to perform certain unspecified\nactions when a logged-in administrative user visits a specially\ncrafted web page. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens SIMATIC WinCC Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA50568\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50568/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568\n\nRELEASE DATE:\n2012-09-11\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50568/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50568/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Siemens SIMATIC WinCC,\nwhich can be exploited by malicious people to conduct cross-site\nscripting attacks, conduct SQL injection attacks, and disclose\ncertain sensitive information. \n\n1) Certain unspecified input passed to the WebNavigator component is\nnot properly sanitised before being returned to the user. \n\n3) Certain input passed via SOAP messages to the WebNavigator\ncomponent is not properly sanitised before being used in SQL queries. \nThis can be exploited to manipulate SQL queries by injecting arbitrary\nSQL code. \n\n4) An error within the ActiveX control can be exploited to disclose\nthe username and password of an authenticated user. \n\nSOLUTION:\nApply Update 3. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Denis Baranov, Sergey Bobrov, Artem Chaykin,\nVladimir Kochetkov, Pavel Toporkov, and Timur Yunusov, Positive\nTechnologies. \n\nORIGINAL ADVISORY:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3030"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004447"
},
{
"db": "CNVD",
"id": "CNVD-2012-5083"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "IVD",
"id": "5dd6af86-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-56311"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3030",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-864051",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-256-01",
"trust": 2.5
},
{
"db": "CNNVD",
"id": "CNNVD-201209-293",
"trust": 0.9
},
{
"db": "BID",
"id": "55492",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-5083",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004447",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "50568",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "20651",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "20932",
"trust": 0.6
},
{
"db": "IVD",
"id": "5DD6AF86-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "50581",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-56311",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116445",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116447",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5dd6af86-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5083"
},
{
"db": "VULHUB",
"id": "VHN-56311"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004447"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "NVD",
"id": "CVE-2012-3030"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-293"
}
]
},
"id": "VAR-201209-0223",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5dd6af86-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5083"
},
{
"db": "VULHUB",
"id": "VHN-56311"
}
],
"trust": 1.49052891
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "5dd6af86-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5083"
}
]
},
"last_update_date": "2023-12-18T12:58:16.139000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/"
},
{
"title": "SSA-864051: Multiple Vulnerabilities in WinCC 7.0 SP3",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens SIMATIC WinCC arbitrary file read vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/22131"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5083"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004447"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56311"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004447"
},
{
"db": "NVD",
"id": "CVE-2012-3030"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-256-01.pdf"
},
{
"trust": 1.9,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"trust": 1.7,
"url": "http://en.securitylab.ru/lab/pt-2012-43"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3030"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3030"
},
{
"trust": 0.6,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdfhttp"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/50568"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/55492"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20932"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20651"
},
{
"trust": 0.3,
"url": "http://aunz.siemens.com/newscentre/productreleases/pages/iac_pr_simaticwinccv62.aspx"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50581"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50581/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50581/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50568/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50568/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5083"
},
{
"db": "VULHUB",
"id": "VHN-56311"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004447"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "NVD",
"id": "CVE-2012-3030"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-293"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5dd6af86-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5083"
},
{
"db": "VULHUB",
"id": "VHN-56311"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004447"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "NVD",
"id": "CVE-2012-3030"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-293"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-13T00:00:00",
"db": "IVD",
"id": "5dd6af86-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5083"
},
{
"date": "2012-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-56311"
},
{
"date": "2012-09-11T00:00:00",
"db": "BID",
"id": "55492"
},
{
"date": "2012-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004447"
},
{
"date": "2012-09-11T07:30:00",
"db": "PACKETSTORM",
"id": "116445"
},
{
"date": "2012-09-11T07:30:06",
"db": "PACKETSTORM",
"id": "116447"
},
{
"date": "2012-09-18T14:55:01.443000",
"db": "NVD",
"id": "CVE-2012-3030"
},
{
"date": "2012-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-293"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5083"
},
{
"date": "2012-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-56311"
},
{
"date": "2012-09-12T22:50:00",
"db": "BID",
"id": "55492"
},
{
"date": "2012-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004447"
},
{
"date": "2012-12-20T05:00:00",
"db": "NVD",
"id": "CVE-2012-3030"
},
{
"date": "2012-09-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-293"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-293"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC Arbitrary File Read Vulnerability",
"sources": [
{
"db": "IVD",
"id": "5dd6af86-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5083"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-293"
}
],
"trust": 0.6
}
}
var-201808-0743
Vulnerability from variot
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially crafted files which may prevent TIA Portal startup (Denial-of-Service) or lead to local code execution. No special privileges are required, but the victim needs to attempt to start TIA Portal after the manipulation. SIMATIC STEP 7 and WinCC (TIA Portal ) Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens SIMATIC STEP 7 (TIA Portal) is a set of programming software for SIMATIC controllers. The software provides PLC programming, design option packages and advanced drive technology. WinCC (TIA Portal) is an automated data acquisition and monitoring (SCADA) system. The system provides functions such as process monitoring and data acquisition. The Portal starts, causing a denial of service or execution of code. Siemens SIMATIC STEP 7 and SIMATIC WinCC are prone to multiple insecure file-permissions vulnerabilities. A local attacker can exploit these issues by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0743",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "15.0"
},
{
"model": "simatic step 7 \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "13.0"
},
{
"model": "simatic step 7 \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "15.0"
},
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "13.0"
},
{
"model": "simatic step 7 \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "11.0"
},
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "simatic step 7 \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "10.0"
},
{
"model": "simatic step 7 \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "simatic step 7 \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "12.0"
},
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "10.0"
},
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "11.0"
},
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "12.0"
},
{
"model": "simatic step 7",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "710"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "711"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "712"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "713"
},
{
"model": "simatic step sp1 update",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "714.*\u003c146"
},
{
"model": "simatic step update",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "715.*\u003c152"
},
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "10"
},
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "11"
},
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "12"
},
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "13"
},
{
"model": "wincc sp1 update",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "14.*\u003c146"
},
{
"model": "wincc update",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "15.*\u003c152"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "simatic step 7 tia portal",
"version": "13.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v120"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v110"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v15"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v13"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v10"
},
{
"model": "simatic step tia portal",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v14"
},
{
"model": "simatic step tia portal",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v13"
},
{
"model": "simatic step tia portal",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v12"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v15"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v11"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7 tia portal",
"version": "10.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7 tia portal",
"version": "11.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7 tia portal",
"version": "12.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7 tia portal",
"version": "14.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7 tia portal",
"version": "15.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": "10.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": "11.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": "12.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": "13.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": "14.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": "15.0"
}
],
"sources": [
{
"db": "IVD",
"id": "e2fc57cf-39ab-11e9-b215-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19601"
},
{
"db": "BID",
"id": "105115"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009209"
},
{
"db": "NVD",
"id": "CVE-2018-11453"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-241"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):13.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-11453"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Younes Dragoni from Nozomi Networks.",
"sources": [
{
"db": "BID",
"id": "105115"
}
],
"trust": 0.3
},
"cve": "CVE-2018-11453",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-11453",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-19601",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "e2fc57cf-39ab-11e9-b215-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-121314",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-11453",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-11453",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-19601",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-241",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2fc57cf-39ab-11e9-b215-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-121314",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2fc57cf-39ab-11e9-b215-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19601"
},
{
"db": "VULHUB",
"id": "VHN-121314"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009209"
},
{
"db": "NVD",
"id": "CVE-2018-11453"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-241"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions \u003c V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions \u003c V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially crafted files which may prevent TIA Portal startup (Denial-of-Service) or lead to local code execution. No special privileges are required, but the victim needs to attempt to start TIA Portal after the manipulation. SIMATIC STEP 7 and WinCC (TIA Portal ) Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens SIMATIC STEP 7 (TIA Portal) is a set of programming software for SIMATIC controllers. The software provides PLC programming, design option packages and advanced drive technology. WinCC (TIA Portal) is an automated data acquisition and monitoring (SCADA) system. The system provides functions such as process monitoring and data acquisition. The Portal starts, causing a denial of service or execution of code. Siemens SIMATIC STEP 7 and SIMATIC WinCC are prone to multiple insecure file-permissions vulnerabilities. \nA local attacker can exploit these issues by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-11453"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009209"
},
{
"db": "CNVD",
"id": "CNVD-2018-19601"
},
{
"db": "BID",
"id": "105115"
},
{
"db": "IVD",
"id": "e2fc57cf-39ab-11e9-b215-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-121314"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-11453",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-979106",
"trust": 2.3
},
{
"db": "BID",
"id": "105115",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-18-226-01",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201808-241",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-19601",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009209",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2FC57CF-39AB-11E9-B215-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-121314",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2fc57cf-39ab-11e9-b215-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19601"
},
{
"db": "VULHUB",
"id": "VHN-121314"
},
{
"db": "BID",
"id": "105115"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009209"
},
{
"db": "NVD",
"id": "CVE-2018-11453"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-241"
}
]
},
"id": "VAR-201808-0743",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2fc57cf-39ab-11e9-b215-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19601"
},
{
"db": "VULHUB",
"id": "VHN-121314"
}
],
"trust": 1.6596514042857142
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2fc57cf-39ab-11e9-b215-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19601"
}
]
},
"last_update_date": "2023-12-18T12:43:53.749000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-979106",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf"
},
{
"title": "Patch for Siemens SIMATIC STEP 7 and WinCC Denial of Service Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/140877"
},
{
"title": "Siemens SIMATIC STEP 7 and WinCC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83960"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19601"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009209"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-241"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121314"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009209"
},
{
"db": "NVD",
"id": "CVE-2018-11453"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105115"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-226-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11453"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11453"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19601"
},
{
"db": "VULHUB",
"id": "VHN-121314"
},
{
"db": "BID",
"id": "105115"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009209"
},
{
"db": "NVD",
"id": "CVE-2018-11453"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-241"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2fc57cf-39ab-11e9-b215-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19601"
},
{
"db": "VULHUB",
"id": "VHN-121314"
},
{
"db": "BID",
"id": "105115"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009209"
},
{
"db": "NVD",
"id": "CVE-2018-11453"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-241"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-21T00:00:00",
"db": "IVD",
"id": "e2fc57cf-39ab-11e9-b215-000c29342cb1"
},
{
"date": "2018-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19601"
},
{
"date": "2018-08-07T00:00:00",
"db": "VULHUB",
"id": "VHN-121314"
},
{
"date": "2018-08-14T00:00:00",
"db": "BID",
"id": "105115"
},
{
"date": "2018-11-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009209"
},
{
"date": "2018-08-07T15:29:00.247000",
"db": "NVD",
"id": "CVE-2018-11453"
},
{
"date": "2018-08-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-241"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19601"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-121314"
},
{
"date": "2018-08-14T00:00:00",
"db": "BID",
"id": "105115"
},
{
"date": "2019-01-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009209"
},
{
"date": "2019-10-09T23:33:32.137000",
"db": "NVD",
"id": "CVE-2018-11453"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-241"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "105115"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-241"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SIMATIC STEP 7 and WinCC Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009209"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-241"
}
],
"trust": 0.6
}
}
var-201306-0314
Vulnerability from variot
SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. Siemens SIMATIC PCS is a process control system. By operating the database, remote attackers can exploit this vulnerability to enhance their permissions. Depending on the system configuration, it is possible to obtain full system access rights and execute. Any SQL command
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201306-0314",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic pcs7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "simatic pcs 7",
"scope": "lte",
"trust": 0.8,
"vendor": "siemens",
"version": "8.0 sp1"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.2 update 1"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.x"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "78.x"
},
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e6a420b0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-07609"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002982"
},
{
"db": "NVD",
"id": "CVE-2013-3957"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-247"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:*:sp1:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3957"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexander Tlyapov from Positive Technologies",
"sources": [
{
"db": "BID",
"id": "60558"
}
],
"trust": 0.3
},
"cve": "CVE-2013-3957",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-3957",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-07609",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e6a420b0-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-63959",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-3957",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-07609",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201306-247",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e6a420b0-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-63959",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e6a420b0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-07609"
},
{
"db": "VULHUB",
"id": "VHN-63959"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002982"
},
{
"db": "NVD",
"id": "CVE-2013-3957"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-247"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. Siemens SIMATIC PCS is a process control system. By operating the database, remote attackers can exploit this vulnerability to enhance their permissions. Depending on the system configuration, it is possible to obtain full system access rights and execute. Any SQL command",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3957"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002982"
},
{
"db": "CNVD",
"id": "CNVD-2013-07609"
},
{
"db": "BID",
"id": "60558"
},
{
"db": "IVD",
"id": "e6a420b0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-63959"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3957",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-345843",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "53805",
"trust": 1.2
},
{
"db": "BID",
"id": "60558",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2013-07609",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201306-247",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002982",
"trust": 0.8
},
{
"db": "IVD",
"id": "E6A420B0-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-63959",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e6a420b0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-07609"
},
{
"db": "VULHUB",
"id": "VHN-63959"
},
{
"db": "BID",
"id": "60558"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002982"
},
{
"db": "NVD",
"id": "CVE-2013-3957"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-247"
}
]
},
"id": "VAR-201306-0314",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e6a420b0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-07609"
},
{
"db": "VULHUB",
"id": "VHN-63959"
}
],
"trust": 1.49052891
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e6a420b0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-07609"
}
]
},
"last_update_date": "2023-12-18T13:09:31.214000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-345843: Vulnerabilites in WinCC 7.2",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf"
},
{
"title": "Patch for Siemens SIMATIC WinCC/PCS 7 SQL Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/34669"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07609"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002982"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63959"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002982"
},
{
"db": "NVD",
"id": "CVE-2013-3957"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3957"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3957"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/53805/"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/53805"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07609"
},
{
"db": "VULHUB",
"id": "VHN-63959"
},
{
"db": "BID",
"id": "60558"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002982"
},
{
"db": "NVD",
"id": "CVE-2013-3957"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-247"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e6a420b0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-07609"
},
{
"db": "VULHUB",
"id": "VHN-63959"
},
{
"db": "BID",
"id": "60558"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002982"
},
{
"db": "NVD",
"id": "CVE-2013-3957"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-247"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-19T00:00:00",
"db": "IVD",
"id": "e6a420b0-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-07609"
},
{
"date": "2013-06-14T00:00:00",
"db": "VULHUB",
"id": "VHN-63959"
},
{
"date": "2013-06-14T00:00:00",
"db": "BID",
"id": "60558"
},
{
"date": "2013-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002982"
},
{
"date": "2013-06-14T19:55:01.233000",
"db": "NVD",
"id": "CVE-2013-3957"
},
{
"date": "2013-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-247"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-07609"
},
{
"date": "2013-06-17T00:00:00",
"db": "VULHUB",
"id": "VHN-63959"
},
{
"date": "2015-03-19T08:17:00",
"db": "BID",
"id": "60558"
},
{
"date": "2013-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002982"
},
{
"date": "2013-06-17T04:00:00",
"db": "NVD",
"id": "CVE-2013-3957"
},
{
"date": "2013-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-247"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-247"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SIMATIC PCS 7 Used in Siemens WinCC of Web Navigator In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002982"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "e6a420b0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-247"
}
],
"trust": 0.8
}
}
var-201209-0225
Vulnerability from variot
SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message. Siemens SIMATIC is an automation software in a single engineering environment. Siemens SIMATIC WinCC is prone to information-disclosure, SQL-injection, directory-traversal, and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. The attacker may exploit the information-disclosure issue and directory-traversal issues to gain access to sensitive information that may lead to further attacks. The attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Siemens SIMATIC WinCC 7.0 SP3 and prior versions are vulnerable. WinCC flexible is a human-machine interface used in some machine or process applications.
The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to perform certain unspecified actions when a logged-in administrative user visits a specially crafted web page. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA50568
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50568/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
RELEASE DATE: 2012-09-11
DISCUSS ADVISORY: http://secunia.com/advisories/50568/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/50568/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Siemens SIMATIC WinCC, which can be exploited by malicious people to conduct cross-site scripting attacks, conduct SQL injection attacks, and disclose certain sensitive information.
1) Certain unspecified input passed to the WebNavigator component is not properly sanitised before being returned to the user.
2) Certain input passed to the WebNavigator component is not properly verified before being used to read files. This can be exploited to read arbitrary files via directory traversal sequences. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
4) An error within the ActiveX control can be exploited to disclose the username and password of an authenticated user.
SOLUTION: Apply Update 3.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: The vendor credits Denis Baranov, Sergey Bobrov, Artem Chaykin, Vladimir Kochetkov, Pavel Toporkov, and Timur Yunusov, Positive Technologies.
ORIGINAL ADVISORY: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201209-0225",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "6.0"
},
{
"model": "simatic pcs 7",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "lte",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.x"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "77.x"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "5e1894b4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5086"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004449"
},
{
"db": "NVD",
"id": "CVE-2012-3032"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-295"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:sp3:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3032"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Denis Baranov Sergey Bobrov, Artem Chaykin, Vladimir Kochetkov, Pavel Toporkov,Timur Yunusov from Positive Technologies",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-295"
}
],
"trust": 0.6
},
"cve": "CVE-2012-3032",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-3032",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "5e1894b4-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-56313",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-3032",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201209-295",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "5e1894b4-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-56313",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5e1894b4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-56313"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004449"
},
{
"db": "NVD",
"id": "CVE-2012-3032"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-295"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message. Siemens SIMATIC is an automation software in a single engineering environment. Siemens SIMATIC WinCC is prone to information-disclosure, SQL-injection, directory-traversal, and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. \nThe attacker may exploit the information-disclosure issue and directory-traversal issues to gain access to sensitive information that may lead to further attacks. \nThe attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nAn attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nSiemens SIMATIC WinCC 7.0 SP3 and prior versions are vulnerable. WinCC flexible is a human-machine interface used in some machine or process applications. \n\nThe application allows users to perform certain actions via HTTP\nrequests without performing proper validity checks to verify the\nrequests. This can be exploited to perform certain unspecified\nactions when a logged-in administrative user visits a specially\ncrafted web page. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens SIMATIC WinCC Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA50568\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50568/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568\n\nRELEASE DATE:\n2012-09-11\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50568/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50568/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Siemens SIMATIC WinCC,\nwhich can be exploited by malicious people to conduct cross-site\nscripting attacks, conduct SQL injection attacks, and disclose\ncertain sensitive information. \n\n1) Certain unspecified input passed to the WebNavigator component is\nnot properly sanitised before being returned to the user. \n\n2) Certain input passed to the WebNavigator component is not properly\nverified before being used to read files. This can be exploited to\nread arbitrary files via directory traversal sequences. \nThis can be exploited to manipulate SQL queries by injecting arbitrary\nSQL code. \n\n4) An error within the ActiveX control can be exploited to disclose\nthe username and password of an authenticated user. \n\nSOLUTION:\nApply Update 3. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Denis Baranov, Sergey Bobrov, Artem Chaykin,\nVladimir Kochetkov, Pavel Toporkov, and Timur Yunusov, Positive\nTechnologies. \n\nORIGINAL ADVISORY:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3032"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004449"
},
{
"db": "CNVD",
"id": "CNVD-2012-5086"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "IVD",
"id": "5e1894b4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-56313"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3032",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-864051",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-256-01",
"trust": 2.5
},
{
"db": "CNNVD",
"id": "CNNVD-201209-295",
"trust": 0.9
},
{
"db": "BID",
"id": "55492",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-5086",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004449",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "50568",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "20935",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "20651",
"trust": 0.6
},
{
"db": "IVD",
"id": "5E1894B4-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "50581",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-56313",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116445",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116447",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5e1894b4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5086"
},
{
"db": "VULHUB",
"id": "VHN-56313"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004449"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "NVD",
"id": "CVE-2012-3032"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-295"
}
]
},
"id": "VAR-201209-0225",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5e1894b4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5086"
},
{
"db": "VULHUB",
"id": "VHN-56313"
}
],
"trust": 1.49052891
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "5e1894b4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5086"
}
]
},
"last_update_date": "2023-12-18T12:58:16.245000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/"
},
{
"title": "SSA-864051: Multiple Vulnerabilities in WinCC 7.0 SP3",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens SIMATIC WinCC SOAP SQL Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/22133"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5086"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004449"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56313"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004449"
},
{
"db": "NVD",
"id": "CVE-2012-3032"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-256-01.pdf"
},
{
"trust": 1.9,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"trust": 1.7,
"url": "http://en.securitylab.ru/lab/pt-2012-44"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3032"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3032"
},
{
"trust": 0.6,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdfhttp"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/50568"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/55492"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20935"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20651"
},
{
"trust": 0.3,
"url": "http://aunz.siemens.com/newscentre/productreleases/pages/iac_pr_simaticwinccv62.aspx"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50581"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50581/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50581/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50568/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50568/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5086"
},
{
"db": "VULHUB",
"id": "VHN-56313"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004449"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "NVD",
"id": "CVE-2012-3032"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-295"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5e1894b4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5086"
},
{
"db": "VULHUB",
"id": "VHN-56313"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004449"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "NVD",
"id": "CVE-2012-3032"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-295"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-13T00:00:00",
"db": "IVD",
"id": "5e1894b4-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5086"
},
{
"date": "2012-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-56313"
},
{
"date": "2012-09-11T00:00:00",
"db": "BID",
"id": "55492"
},
{
"date": "2012-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004449"
},
{
"date": "2012-09-11T07:30:00",
"db": "PACKETSTORM",
"id": "116445"
},
{
"date": "2012-09-11T07:30:06",
"db": "PACKETSTORM",
"id": "116447"
},
{
"date": "2012-09-18T14:55:01.537000",
"db": "NVD",
"id": "CVE-2012-3032"
},
{
"date": "2012-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-295"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5086"
},
{
"date": "2012-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-56313"
},
{
"date": "2012-09-12T22:50:00",
"db": "BID",
"id": "55492"
},
{
"date": "2012-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004449"
},
{
"date": "2012-09-19T14:03:28.030000",
"db": "NVD",
"id": "CVE-2012-3032"
},
{
"date": "2012-09-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-295"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-295"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens WinCC of WebNavigator In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004449"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "5e1894b4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-295"
}
],
"trust": 0.8
}
}
var-201202-0044
Vulnerability from variot
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. The default management password exists for multiple Siemens SIMATIC products. The default account password for the WEB interface is \"Administrator: 100\", and the password \"100\" can also be used for the VNC service. If the user changes the password containing special characters, the system will put the password. Reset to \"100\". The following products are affected by this vulnerability: SIMATIC WinCC Flexible 2004 through 2008 SP2SIMATIC WinCC V11, V11 SP1, and V11 SP2 SIMATIC HMI TP, OP, MP, Mobile, and Comfort Series Panels Successful exploits allow an attacker to log in with user or administrator privileges Affect the system. An attacker can exploit these issues to bypass intended security restrictions and gain access to the affected application. Successfully exploiting these issues may lead to further attacks. The Siemens SIMATIC HMI product family is used as the human-machine interface between the corresponding PLC and the operator
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0044",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "mp"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "op"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "tp"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2007"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2005"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2004"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "2008"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "2007"
},
{
"model": "wincc runtime advanced",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "comfort_panels"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "mobile_panels"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2005"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2004"
},
{
"model": "wincc flexible runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic wincc flexible sp1",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible sp2",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible sp1",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "2005"
},
{
"model": "simatic wincc flexible runtime",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc sp2",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic wincc sp1",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "comfort panels"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "mobile panels"
},
{
"model": "simatic wincc flexible rumtime",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc flexible runtime",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2004"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2005"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2007"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2008"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "v11"
},
{
"model": "comfort panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mobile panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "op",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "tp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc runtime advanced",
"version": "v11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible runtime",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "2875d28a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5449"
},
{
"db": "BID",
"id": "51177"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001311"
},
{
"db": "NVD",
"id": "CVE-2011-4509"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-423"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4509"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios and Terry McCorkle",
"sources": [
{
"db": "BID",
"id": "51177"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-423"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4509",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-4509",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "2875d28a-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-52454",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4509",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201112-423",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "2875d28a-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-52454",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "2875d28a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52454"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001311"
},
{
"db": "NVD",
"id": "CVE-2011-4509"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-423"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. The default management password exists for multiple Siemens SIMATIC products. The default account password for the WEB interface is \\\"Administrator: 100\\\", and the password \\\"100\\\" can also be used for the VNC service. If the user changes the password containing special characters, the system will put the password. Reset to \\\"100\\\". The following products are affected by this vulnerability: SIMATIC WinCC Flexible 2004 through 2008 SP2SIMATIC WinCC V11, V11 SP1, and V11 SP2 SIMATIC HMI TP, OP, MP, Mobile, and Comfort Series Panels Successful exploits allow an attacker to log in with user or administrator privileges Affect the system. \nAn attacker can exploit these issues to bypass intended security restrictions and gain access to the affected application. Successfully exploiting these issues may lead to further attacks. The Siemens SIMATIC HMI product family is used as the human-machine interface between the corresponding PLC and the operator",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4509"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001311"
},
{
"db": "CNVD",
"id": "CNVD-2011-5449"
},
{
"db": "BID",
"id": "51177"
},
{
"db": "IVD",
"id": "2875d28a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52454"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4509",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-345442",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201112-423",
"trust": 0.9
},
{
"db": "BID",
"id": "51177",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2011-5449",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001311",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "18390",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-11-356-01",
"trust": 0.3
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01A",
"trust": 0.3
},
{
"db": "IVD",
"id": "2875D28A-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52454",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "2875d28a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5449"
},
{
"db": "VULHUB",
"id": "VHN-52454"
},
{
"db": "BID",
"id": "51177"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001311"
},
{
"db": "NVD",
"id": "CVE-2011-4509"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-423"
}
]
},
"id": "VAR-201202-0044",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "2875d28a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5449"
},
{
"db": "VULHUB",
"id": "VHN-52454"
}
],
"trust": 1.5622348525
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "2875d28a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5449"
}
]
},
"last_update_date": "2023-12-18T12:22:07.472000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-345442",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"title": "\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for multiple Siemens SIMATIC Product Verification Bypass Vulnerabilities (CNVD-2011-5449)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/72709"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5449"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001311"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52454"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001311"
},
{
"db": "NVD",
"id": "CVE-2011-4509"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01.pdf"
},
{
"trust": 1.7,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4509"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4509"
},
{
"trust": 0.6,
"url": "http://xs-sniper.com/blog/2011/12/20/the-siemens-simatic-remote-authentication-bypass-that-doesnt-exist/http"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/51177"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/18390"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/pages/default.aspx"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/user-interface/pages/default.aspx"
},
{
"trust": 0.3,
"url": "http://xs-sniper.com/blog/2011/12/20/the-siemens-simatic-remote-authentication-bypass-that-doesnt-exist/"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01a.pdf"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-356-01.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5449"
},
{
"db": "VULHUB",
"id": "VHN-52454"
},
{
"db": "BID",
"id": "51177"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001311"
},
{
"db": "NVD",
"id": "CVE-2011-4509"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-423"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "2875d28a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5449"
},
{
"db": "VULHUB",
"id": "VHN-52454"
},
{
"db": "BID",
"id": "51177"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001311"
},
{
"db": "NVD",
"id": "CVE-2011-4509"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-423"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-26T00:00:00",
"db": "IVD",
"id": "2875d28a-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5449"
},
{
"date": "2012-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-52454"
},
{
"date": "2011-12-22T00:00:00",
"db": "BID",
"id": "51177"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001311"
},
{
"date": "2012-02-03T20:55:01.297000",
"db": "NVD",
"id": "CVE-2011-4509"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-423"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5449"
},
{
"date": "2012-02-06T00:00:00",
"db": "VULHUB",
"id": "VHN-52454"
},
{
"date": "2012-04-18T21:20:00",
"db": "BID",
"id": "51177"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001311"
},
{
"date": "2012-02-06T05:00:00",
"db": "NVD",
"id": "CVE-2011-4509"
},
{
"date": "2011-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-423"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-423"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens Product HMI Web Vulnerability to gain access rights on the server",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001311"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-423"
}
],
"trust": 0.6
}
}
var-201202-0164
Vulnerability from variot
HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to cause a denial of service (application crash) by sending crafted data over TCP. Miniweb has a security vulnerability that allows an attacker to submit a specially crafted HTTP POST request to allow the server to access any illegal memory area while checking the extension of the requested file. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. HmiLoad provides functions that read data and unicode strings with stack-based buffer overflows, allowing an attacker to exploit a vulnerability to execute arbitrary code. Siemens SIMATIC is an automation software in a single engineering environment. A security vulnerability exists in the Siemens SIMATIC WinCC HMI web server. When the transfer mode is enabled, the runtime loader listens on the 2308/TCP or 50523/TCP port. Since the incoming data is not fully verified, there are multiple denial of service attacks that can crash the program. A directory traversal vulnerability exists in the HmiLoad server that allows reading, writing, and deleting arbitrary files outside of the specified directory. Attackers can exploit these issues to execute arbitrary code in the context of the affected application, read/write or delete arbitrary files outside of the server root directory, or cause denial-of-service conditions; other attacks may also be possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0164",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic wincc flexible runtime",
"scope": null,
"trust": 3.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc flexible sp2",
"scope": "eq",
"trust": 3.3,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "mp"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "op"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "tp"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2007"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2005"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2004"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "2005"
},
{
"model": "wincc runtime advanced",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "comfort_panels"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "2004"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "mobile_panels"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.4,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2008"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2007"
},
{
"model": "wincc flexible runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "comfort panels"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "mobile panels"
},
{
"model": "simatic wincc flexible rumtime",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic wincc runtime advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi panels",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "wincc flexible runtime",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc flexible runtime",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc flexible sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2005"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2004"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2005"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2007"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2008"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "v11"
},
{
"model": "comfort panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mobile panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "op",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "tp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc runtime advanced",
"version": "v11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible runtime",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "28b0bc2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2012-0467"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"db": "BID",
"id": "50828"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001319"
},
{
"db": "NVD",
"id": "CVE-2011-4877"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-092"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4877"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "50828"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-480"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4877",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-4877",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "28b0bc2e-2354-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-52822",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4877",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-092",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "28b0bc2e-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-52822",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "28b0bc2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52822"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001319"
},
{
"db": "NVD",
"id": "CVE-2011-4877"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-092"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to cause a denial of service (application crash) by sending crafted data over TCP. Miniweb has a security vulnerability that allows an attacker to submit a specially crafted HTTP POST request to allow the server to access any illegal memory area while checking the extension of the requested file. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. HmiLoad provides functions that read data and unicode strings with stack-based buffer overflows, allowing an attacker to exploit a vulnerability to execute arbitrary code. Siemens SIMATIC is an automation software in a single engineering environment. A security vulnerability exists in the Siemens SIMATIC WinCC HMI web server. When the transfer mode is enabled, the runtime loader listens on the 2308/TCP or 50523/TCP port. Since the incoming data is not fully verified, there are multiple denial of service attacks that can crash the program. A directory traversal vulnerability exists in the HmiLoad server that allows reading, writing, and deleting arbitrary files outside of the specified directory. \nAttackers can exploit these issues to execute arbitrary code in the context of the affected application, read/write or delete arbitrary files outside of the server root directory, or cause denial-of-service conditions; other attacks may also be possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4877"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001319"
},
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2012-0467"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"db": "BID",
"id": "50828"
},
{
"db": "IVD",
"id": "28b0bc2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52822"
}
],
"trust": 5.4
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-52822",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52822"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "50828",
"trust": 3.9
},
{
"db": "NVD",
"id": "CVE-2011-4877",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01",
"trust": 3.4
},
{
"db": "SIEMENS",
"id": "SSA-345442",
"trust": 1.7
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-332-02A",
"trust": 1.1
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-332-02",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "18166",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "77382",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201202-092",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0467",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001319",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-5108",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-5110",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-5103",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-5107",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-5105",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201111-480",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01A",
"trust": 0.3
},
{
"db": "IVD",
"id": "28B0BC2E-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52822",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "28b0bc2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2012-0467"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"db": "VULHUB",
"id": "VHN-52822"
},
{
"db": "BID",
"id": "50828"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001319"
},
{
"db": "NVD",
"id": "CVE-2011-4877"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-480"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-092"
}
]
},
"id": "VAR-201202-0164",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "28b0bc2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2012-0467"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"db": "VULHUB",
"id": "VHN-52822"
}
],
"trust": 4.553665231428571
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 3.8
}
],
"sources": [
{
"db": "IVD",
"id": "28b0bc2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2012-0467"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
}
]
},
"last_update_date": "2023-12-18T12:22:07.932000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-345442",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"title": "\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens SIMATIC WinCC Flexible Runtime \u0027HmiLoad.exe\u0027 file download vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/72694"
},
{
"title": "Siemens SIMATIC WinCC Flexible Runtime \u0027HmiLoad.exe\u0027 memory access vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/72697"
},
{
"title": "Siemens SIMATIC WinCC Flexible Runtime \u0027HmiLoad.exe\u0027 Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/72705"
},
{
"title": "Siemens SIMATIC WinCC Flexible Runtime \u0027HmiLoad.exe\u0027 service crash vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/72689"
},
{
"title": "Patch for Siemens SIMATIC WinCC HMI Denial of Service Attack Vulnerability (CNVD-2012-0467)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/9073"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2012-0467"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001319"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52822"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001319"
},
{
"db": "NVD",
"id": "CVE-2011-4877"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.9,
"url": "http://aluigi.altervista.org/adv/winccflex_1-adv.txt"
},
{
"trust": 3.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01.pdf"
},
{
"trust": 1.7,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"trust": 1.1,
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"trust": 1.1,
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-332-02.pdf"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-332-02a.pdf"
},
{
"trust": 1.1,
"url": "http://www.osvdb.org/77382"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71451"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4877"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4877"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/50828"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/pages/default.aspx"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01a.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2012-0467"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"db": "VULHUB",
"id": "VHN-52822"
},
{
"db": "BID",
"id": "50828"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001319"
},
{
"db": "NVD",
"id": "CVE-2011-4877"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-480"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-092"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "28b0bc2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2012-0467"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"db": "VULHUB",
"id": "VHN-52822"
},
{
"db": "BID",
"id": "50828"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001319"
},
{
"db": "NVD",
"id": "CVE-2011-4877"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-480"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-092"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-07T00:00:00",
"db": "IVD",
"id": "28b0bc2e-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0467"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"date": "2012-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-52822"
},
{
"date": "2011-11-28T00:00:00",
"db": "BID",
"id": "50828"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001319"
},
{
"date": "2012-02-03T20:55:01.983000",
"db": "NVD",
"id": "CVE-2011-4877"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-480"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-092"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"date": "2016-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"date": "2016-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"date": "2016-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0467"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-52822"
},
{
"date": "2012-04-18T21:20:00",
"db": "BID",
"id": "50828"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001319"
},
{
"date": "2017-08-29T01:30:37.270000",
"db": "NVD",
"id": "CVE-2011-4877"
},
{
"date": "2011-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-480"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-092"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-480"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-092"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens Product HmiLoad Service disruption in ( Application crash ) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001319"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "28b0bc2e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-092"
}
],
"trust": 0.8
}
}
var-201303-0260
Vulnerability from variot
Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated users to obtain sensitive information via a SQL query. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. Siemens SIMATIC PCS is a process control system. Siemens SIMATIC WinCC 7.2, Siemens SIMATIC PCS 7 8.0 SP1 versions have information disclosure, directory traversal, buffer overflow security vulnerabilities, which can be exploited by attackers to obtain sensitive information, any system files, and execute arbitrary applications in the context of applications using ActiveX controls. Code. Multiple information-disclosure vulnerabilities 2. A directory-traversal vulnerability 3. Failed exploit attempts will result in a denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201303-0260",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 1.4,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic pcs7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic pcs 7",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "8.0 sp1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "simatic pcs sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7\u003c8.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "0911ad8e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001990"
},
{
"db": "NVD",
"id": "CVE-2013-0678"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-446"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:sp3:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0678"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vendor, Gleb Gritsai and Sergey Gordeychik from Positive Technologies",
"sources": [
{
"db": "BID",
"id": "58545"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
}
],
"trust": 0.9
},
"cve": "CVE-2013-0678",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-0678",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-02175",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "0911ad8e-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-60680",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-0678",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-02175",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201303-446",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "0911ad8e-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-60680",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0911ad8e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60680"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001990"
},
{
"db": "NVD",
"id": "CVE-2013-0678"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-446"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated users to obtain sensitive information via a SQL query. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. Siemens SIMATIC PCS is a process control system. Siemens SIMATIC WinCC 7.2, Siemens SIMATIC PCS 7 8.0 SP1 versions have information disclosure, directory traversal, buffer overflow security vulnerabilities, which can be exploited by attackers to obtain sensitive information, any system files, and execute arbitrary applications in the context of applications using ActiveX controls. Code. Multiple information-disclosure vulnerabilities\n2. A directory-traversal vulnerability\n3. Failed exploit attempts will result in a denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0678"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001990"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "BID",
"id": "58545"
},
{
"db": "IVD",
"id": "0911ad8e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-60680"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0678",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-13-079-02",
"trust": 2.8
},
{
"db": "SIEMENS",
"id": "SSA-714398",
"trust": 2.0
},
{
"db": "BID",
"id": "58545",
"trust": 1.5
},
{
"db": "CNNVD",
"id": "CNNVD-201303-446",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001990",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-02175",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363",
"trust": 0.6
},
{
"db": "IVD",
"id": "0911AD8E-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "120899",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-60680",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "0911ad8e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60680"
},
{
"db": "BID",
"id": "58545"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001990"
},
{
"db": "PACKETSTORM",
"id": "120899"
},
{
"db": "NVD",
"id": "CVE-2013-0678"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-446"
}
]
},
"id": "VAR-201303-0260",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0911ad8e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60680"
}
],
"trust": 1.49052891
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0911ad8e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
}
]
},
"last_update_date": "2023-12-18T12:30:59.007000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/entry/cc/en/"
},
{
"title": "SSA-714398: Vulnerabilities in WinCC 7.0 SP3 Update 1",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/answers/jp/ja/"
},
{
"title": "Siemens SIMATIC WinCC and PCS 7 have patches for multiple vulnerabilities such as information leakage, directory traversal, buffer overflows, etc.",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/33002"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001990"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60680"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001990"
},
{
"db": "NVD",
"id": "CVE-2013-0678"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"trust": 2.0,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-079-02.pdf"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/58545"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0678"
},
{
"trust": 0.8,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-079-02-a.pdf"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0678"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/scada/simatic-wincc/pages/default.aspx"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0677"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0678"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0676"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0679"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0675"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60680"
},
{
"db": "BID",
"id": "58545"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001990"
},
{
"db": "PACKETSTORM",
"id": "120899"
},
{
"db": "NVD",
"id": "CVE-2013-0678"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-446"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0911ad8e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60680"
},
{
"db": "BID",
"id": "58545"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001990"
},
{
"db": "PACKETSTORM",
"id": "120899"
},
{
"db": "NVD",
"id": "CVE-2013-0678"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-446"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-22T00:00:00",
"db": "IVD",
"id": "0911ad8e-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"date": "2013-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-60680"
},
{
"date": "2013-03-15T00:00:00",
"db": "BID",
"id": "58545"
},
{
"date": "2013-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001990"
},
{
"date": "2013-03-21T15:07:17",
"db": "PACKETSTORM",
"id": "120899"
},
{
"date": "2013-03-21T15:55:01.600000",
"db": "NVD",
"id": "CVE-2013-0678"
},
{
"date": "2013-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"date": "2013-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-446"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"date": "2013-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-60680"
},
{
"date": "2013-04-02T15:37:00",
"db": "BID",
"id": "58545"
},
{
"date": "2013-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001990"
},
{
"date": "2013-03-22T04:00:00",
"db": "NVD",
"id": "CVE-2013-0678"
},
{
"date": "2013-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"date": "2013-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-446"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "120899"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-446"
}
],
"trust": 1.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC And PCS 7 Multiple Security Vulnerabilities",
"sources": [
{
"db": "BID",
"id": "58545"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trust management",
"sources": [
{
"db": "IVD",
"id": "0911ad8e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-446"
}
],
"trust": 0.8
}
}
var-201202-0045
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4511. plural Siemens Product HMI Web The server contains a cross-site scripting vulnerability. This vulnerability CVE-2011-4511 Is a different vulnerability.By any third party Web Script or HTML May be inserted. Siemens SIMATIC is an automation software in a single engineering environment. The SIMATIC HMI Smart Options web server has two separate cross-site scripting attacks that allow elevation of privilege, stealing data or corrupting services. SIMATIC HMI is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0045",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "mp"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "op"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "tp"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc runtime advanced",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "comfort_panels"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "mobile_panels"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.4,
"vendor": "siemens",
"version": "2007"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.4,
"vendor": "siemens",
"version": "2005"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.4,
"vendor": "siemens",
"version": "2004"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2008"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2005"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2007"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2004"
},
{
"model": "wincc flexible runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "comfort panels"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "mobile panels"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "v11 sp2 update 1"
},
{
"model": "simatic wincc flexible",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "2008 sp3"
},
{
"model": "simatic wincc flexible rumtime",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "v11"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc flexible",
"version": "2008"
},
{
"model": "simatic wincc flexible runtime",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic hmi panels",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc flexible runtime",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "v11"
},
{
"model": "simatic hmi smart options",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2004"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2005"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2007"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
},
{
"model": "comfort panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mobile panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "op",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "tp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc runtime advanced",
"version": "v11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible runtime",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "28691284-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0460"
},
{
"db": "BID",
"id": "51835"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001312"
},
{
"db": "NVD",
"id": "CVE-2011-4510"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-085"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:sp2:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "v11",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:v11:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4510"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios, Terry McCorkle, Shawn Merdinger, and Luigi Auriemma.",
"sources": [
{
"db": "BID",
"id": "51835"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4510",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-4510",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "28691284-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-52455",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4510",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-085",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "28691284-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-52455",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "28691284-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52455"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001312"
},
{
"db": "NVD",
"id": "CVE-2011-4510"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-085"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4511. plural Siemens Product HMI Web The server contains a cross-site scripting vulnerability. This vulnerability CVE-2011-4511 Is a different vulnerability.By any third party Web Script or HTML May be inserted. Siemens SIMATIC is an automation software in a single engineering environment. The SIMATIC HMI Smart Options web server has two separate cross-site scripting attacks that allow elevation of privilege, stealing data or corrupting services. SIMATIC HMI is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4510"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001312"
},
{
"db": "CNVD",
"id": "CNVD-2012-0460"
},
{
"db": "BID",
"id": "51835"
},
{
"db": "IVD",
"id": "28691284-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52455"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4510",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01",
"trust": 3.4
},
{
"db": "SIEMENS",
"id": "SSA-345442",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201202-085",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0460",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001312",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "19403",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01A",
"trust": 0.3
},
{
"db": "BID",
"id": "51835",
"trust": 0.3
},
{
"db": "IVD",
"id": "28691284-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52455",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "28691284-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0460"
},
{
"db": "VULHUB",
"id": "VHN-52455"
},
{
"db": "BID",
"id": "51835"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001312"
},
{
"db": "NVD",
"id": "CVE-2011-4510"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-085"
}
]
},
"id": "VAR-201202-0045",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "28691284-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0460"
},
{
"db": "VULHUB",
"id": "VHN-52455"
}
],
"trust": 1.5066835200000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "28691284-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0460"
}
]
},
"last_update_date": "2023-12-18T12:22:07.543000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-345442",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"title": "\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens SIMATIC WinCC HMI Cross-Site Scripting Vulnerability (CNVD-2012-0460)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/9058"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0460"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001312"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52455"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001312"
},
{
"db": "NVD",
"id": "CVE-2011-4510"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01.pdf"
},
{
"trust": 1.7,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4510"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4510"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19403"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/automation/en/human-machine-interface/pages/default.aspx"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01a.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0460"
},
{
"db": "VULHUB",
"id": "VHN-52455"
},
{
"db": "BID",
"id": "51835"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001312"
},
{
"db": "NVD",
"id": "CVE-2011-4510"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-085"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "28691284-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0460"
},
{
"db": "VULHUB",
"id": "VHN-52455"
},
{
"db": "BID",
"id": "51835"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001312"
},
{
"db": "NVD",
"id": "CVE-2011-4510"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-085"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-07T00:00:00",
"db": "IVD",
"id": "28691284-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0460"
},
{
"date": "2012-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-52455"
},
{
"date": "2012-01-30T00:00:00",
"db": "BID",
"id": "51835"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001312"
},
{
"date": "2012-02-03T20:55:01.343000",
"db": "NVD",
"id": "CVE-2011-4510"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-085"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0460"
},
{
"date": "2012-02-06T00:00:00",
"db": "VULHUB",
"id": "VHN-52455"
},
{
"date": "2012-04-18T21:20:00",
"db": "BID",
"id": "51835"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001312"
},
{
"date": "2012-02-06T05:00:00",
"db": "NVD",
"id": "CVE-2011-4510"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-085"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-085"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens Product HMI Web Server cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001312"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-085"
}
],
"trust": 0.6
}
}
var-201206-0073
Vulnerability from variot
Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL. WinCC flexible is a human-machine interface for use in some machine or process applications. An attacker can exploit the vulnerability to read arbitrary files. Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible.
The vulnerability is caused due to an input sanitisation error within the DiagAgent web server and can be exploited to cause a buffer overflow and crash the DiagAgent.
Successful exploitation requires the DiagAgent web server to be enabled (disabled by default). ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA49341
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49341/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
RELEASE DATE: 2012-06-07
DISCUSS ADVISORY: http://secunia.com/advisories/49341/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49341/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A weakness and some vulnerabilities have been reported in Siemens SIMATIC WinCC, which can be exploited by malicious users to disclose potentially sensitive information and system information and manipulate certain data and by malicious people to conduct spoofing and cross-site scripting attacks.
1) Certain input passed via URL parameters to two unspecified web applications is not properly sanitised before being used to construct a XPath query for XML data. This can be exploited to manipulate XPath queries by injecting arbitrary XPath code and e.g. read or write certain system settings.
2) Certain input passed via a filename to two unspecified web applications is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences.
3) Certain input passed to two unspecified web applications is not properly sanitised before being returned to the user.
4) Certain input is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.
The weakness and the vulnerabilities are reported in version 7.0 SP3.
SOLUTION: Apply "Update 2" (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: 1-3) The vendor credits Gleb Gritsai, Alexander Zaitsev, Sergey Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, and Andrey Medov, Positive Technologies. 4) Reported by the vendor.
ORIGINAL ADVISORY: Siemens: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf
ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0073",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc sp3",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "update 2"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.0"
}
],
"sources": [
{
"db": "IVD",
"id": "c4c1d040-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3213"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002660"
},
{
"db": "NVD",
"id": "CVE-2012-2597"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-086"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp3:update_1:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2597"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gleb Gritsai, Alexander Zaitsev, Sergey Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, Andrey Medov and Siemens",
"sources": [
{
"db": "BID",
"id": "53837"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-086"
}
],
"trust": 0.9
},
"cve": "CVE-2012-2597",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-2597",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "c4c1d040-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-55878",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-2597",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201206-086",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c4c1d040-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-55878",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c4c1d040-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-55878"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002660"
},
{
"db": "NVD",
"id": "CVE-2012-2597"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-086"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL. WinCC flexible is a human-machine interface for use in some machine or process applications. An attacker can exploit the vulnerability to read arbitrary files. Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible. \n\nThe vulnerability is caused due to an input sanitisation error within\nthe DiagAgent web server and can be exploited to cause a buffer\noverflow and crash the DiagAgent. \n\nSuccessful exploitation requires the DiagAgent web server to be\nenabled (disabled by default). ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens SIMATIC WinCC Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA49341\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49341/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341\n\nRELEASE DATE:\n2012-06-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49341/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49341/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA weakness and some vulnerabilities have been reported in Siemens\nSIMATIC WinCC, which can be exploited by malicious users to disclose\npotentially sensitive information and system information and\nmanipulate certain data and by malicious people to conduct spoofing\nand cross-site scripting attacks. \n\n1) Certain input passed via URL parameters to two unspecified web\napplications is not properly sanitised before being used to construct\na XPath query for XML data. This can be exploited to manipulate XPath\nqueries by injecting arbitrary XPath code and e.g. read or write\ncertain system settings. \n\n2) Certain input passed via a filename to two unspecified web\napplications is not properly verified before being used to display\nfiles. This can be exploited to disclose the contents of arbitrary\nfiles via directory traversal sequences. \n\n3) Certain input passed to two unspecified web applications is not\nproperly sanitised before being returned to the user. \n\n4) Certain input is not properly verified before being used to\nredirect users. This can be exploited to redirect a user to an\narbitrary website e.g. when a user clicks a specially crafted link to\nthe affected script hosted on a trusted domain. \n\nThe weakness and the vulnerabilities are reported in version 7.0 SP3. \n\nSOLUTION:\nApply \"Update 2\" (please see the vendor\u0027s advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\n1-3) The vendor credits Gleb Gritsai, Alexander Zaitsev, Sergey\nScherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis\nBaranov, and Andrey Medov, Positive Technologies. \n4) Reported by the vendor. \n\nORIGINAL ADVISORY:\nSiemens:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf\n\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2597"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002660"
},
{
"db": "CNVD",
"id": "CNVD-2012-3213"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "IVD",
"id": "c4c1d040-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-55878"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-2597",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-158-01",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-223158",
"trust": 1.9
},
{
"db": "CNNVD",
"id": "CNNVD-201206-086",
"trust": 0.9
},
{
"db": "BID",
"id": "53837",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "49341",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-3213",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002660",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "19751",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "49359",
"trust": 0.3
},
{
"db": "IVD",
"id": "C4C1D040-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-55878",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113374",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113371",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c4c1d040-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3213"
},
{
"db": "VULHUB",
"id": "VHN-55878"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002660"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "NVD",
"id": "CVE-2012-2597"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-086"
}
]
},
"id": "VAR-201206-0073",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c4c1d040-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3213"
},
{
"db": "VULHUB",
"id": "VHN-55878"
}
],
"trust": 1.5935203766666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c4c1d040-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3213"
}
]
},
"last_update_date": "2023-12-18T12:38:49.284000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-223158: Multiple Vulnerabilities in WinCC 7.0 SP3",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for the Siemens WinCC Directory Traversal Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/18133"
},
{
"title": "Update 2 for WinCC V7.0 SP3 und WinCC V7.0 SP3 ASIA",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=43310"
},
{
"title": "Update 2 for WinCC V7.0 SP3 und WinCC V7.0 SP3 ASIA",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=43309"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3213"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002660"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-086"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55878"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002660"
},
{
"db": "NVD",
"id": "CVE-2012-2597"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-158-01.pdf"
},
{
"trust": 1.9,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2597"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2597"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/49341"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/53837"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19751"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/pages/default.aspx"
},
{
"trust": 0.2,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49359/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49359/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49359"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49341/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49341/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3213"
},
{
"db": "VULHUB",
"id": "VHN-55878"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002660"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "NVD",
"id": "CVE-2012-2597"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-086"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c4c1d040-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3213"
},
{
"db": "VULHUB",
"id": "VHN-55878"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002660"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "NVD",
"id": "CVE-2012-2597"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-086"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-19T00:00:00",
"db": "IVD",
"id": "c4c1d040-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3213"
},
{
"date": "2012-06-08T00:00:00",
"db": "VULHUB",
"id": "VHN-55878"
},
{
"date": "2012-06-06T00:00:00",
"db": "BID",
"id": "53837"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002660"
},
{
"date": "2012-06-08T07:05:53",
"db": "PACKETSTORM",
"id": "113374"
},
{
"date": "2012-06-08T07:05:43",
"db": "PACKETSTORM",
"id": "113371"
},
{
"date": "2012-06-08T18:55:02.267000",
"db": "NVD",
"id": "CVE-2012-2597"
},
{
"date": "2012-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-086"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3213"
},
{
"date": "2012-06-12T00:00:00",
"db": "VULHUB",
"id": "VHN-55878"
},
{
"date": "2012-06-06T00:00:00",
"db": "BID",
"id": "53837"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002660"
},
{
"date": "2012-06-12T04:00:00",
"db": "NVD",
"id": "CVE-2012-2597"
},
{
"date": "2012-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-086"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201206-086"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens WinCC Directory Traversal Vulnerability",
"sources": [
{
"db": "IVD",
"id": "c4c1d040-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3213"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-086"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "c4c1d040-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-086"
}
],
"trust": 0.8
}
}
var-201202-0163
Vulnerability from variot
Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string. plural Siemens Product runtime loader HmiLoad Is Transfer A directory traversal vulnerability exists when the mode is enabled.By a third party .. ( Dot dot ) Arbitrary files may be executed, read, created, modified, or deleted via strings containing. Miniweb has a security vulnerability that allows an attacker to submit a specially crafted HTTP POST request to allow the server to access any illegal memory area while checking the extension of the requested file. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. HmiLoad provides functions that read data and unicode strings with stack-based buffer overflows, allowing an attacker to exploit a vulnerability to execute arbitrary code. HmiLoad has multiple security vulnerabilities that allow an attacker to stop a service or crash a service in multiple ways. A directory traversal vulnerability exists in the HmiLoad server that allows reading, writing, and deleting arbitrary files outside of the specified directory. Siemens SIMATIC is an automation software in a single engineering environment. A security vulnerability exists in the Siemens SIMATIC WinCC HMI web server. When the transfer mode is enabled, the runtime loader listens on the 2308/TCP or 50523/TCP port, but does not verify the submitted string, allowing the attacker to read and write any file in the file system. Attackers can exploit these issues to execute arbitrary code in the context of the affected application, read/write or delete arbitrary files outside of the server root directory, or cause denial-of-service conditions; other attacks may also be possible. (dots) in strings. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: Siemens SIMATIC WinCC Flexible HMI Miniweb Two Vulnerabilities
SECUNIA ADVISORY ID: SA46997
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46997/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46997
RELEASE DATE: 2011-11-30
DISCUSS ADVISORY: http://secunia.com/advisories/46997/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46997/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46997
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Luigi Auriemma has discovered two vulnerabilities in Siemens SIMATIC WinCC Flexible, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).
1) An input sanitisation error in Miniweb.exe when handling HTTP GET requests can be exploited to download arbitrary files via directory traversal attacks sent in a web request.
2) An input validation error in Miniweb.exe when handling HTTP POST requests can be exploited to crash the process via specially crafted content sent in a web request.
The vulnerabilities are confirmed in version 2008 SP2 Upd13 (K01.03.02.13_01.02.00.01). Other versions may also be affected.
SOLUTION: Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma
ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/winccflex_1-adv.txt
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0163",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic wincc flexible runtime",
"scope": null,
"trust": 3.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc flexible sp2",
"scope": "eq",
"trust": 3.3,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "mp"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "op"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "tp"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2007"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2005"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2004"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "2008"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "2007"
},
{
"model": "wincc runtime advanced",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "comfort_panels"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "mobile_panels"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.4,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2005"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2004"
},
{
"model": "wincc flexible runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "comfort panels"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "mobile panels"
},
{
"model": "simatic wincc flexible rumtime",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic wincc runtime advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi panels",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "wincc flexible runtime",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc flexible runtime",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc flexible sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2005"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2004"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2005"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2007"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2008"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "v11"
},
{
"model": "comfort panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mobile panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "op",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "tp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc runtime advanced",
"version": "v11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible runtime",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "28b71d12-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"db": "CNVD",
"id": "CNVD-2012-0466"
},
{
"db": "BID",
"id": "50828"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001318"
},
{
"db": "NVD",
"id": "CVE-2011-4876"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-091"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4876"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "50828"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-480"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4876",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-4876",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "28b71d12-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-52821",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4876",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-091",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "28b71d12-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-52821",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "28b71d12-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52821"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001318"
},
{
"db": "NVD",
"id": "CVE-2011-4876"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-091"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string. plural Siemens Product runtime loader HmiLoad Is Transfer A directory traversal vulnerability exists when the mode is enabled.By a third party .. ( Dot dot ) Arbitrary files may be executed, read, created, modified, or deleted via strings containing. Miniweb has a security vulnerability that allows an attacker to submit a specially crafted HTTP POST request to allow the server to access any illegal memory area while checking the extension of the requested file. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. HmiLoad provides functions that read data and unicode strings with stack-based buffer overflows, allowing an attacker to exploit a vulnerability to execute arbitrary code. HmiLoad has multiple security vulnerabilities that allow an attacker to stop a service or crash a service in multiple ways. A directory traversal vulnerability exists in the HmiLoad server that allows reading, writing, and deleting arbitrary files outside of the specified directory. Siemens SIMATIC is an automation software in a single engineering environment. A security vulnerability exists in the Siemens SIMATIC WinCC HMI web server. When the transfer mode is enabled, the runtime loader listens on the 2308/TCP or 50523/TCP port, but does not verify the submitted string, allowing the attacker to read and write any file in the file system. \nAttackers can exploit these issues to execute arbitrary code in the context of the affected application, read/write or delete arbitrary files outside of the server root directory, or cause denial-of-service conditions; other attacks may also be possible. (dots) in strings. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens SIMATIC WinCC Flexible HMI Miniweb Two Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA46997\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46997/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46997\n\nRELEASE DATE:\n2011-11-30\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46997/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46997/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46997\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nLuigi Auriemma has discovered two vulnerabilities in Siemens SIMATIC\nWinCC Flexible, which can be exploited by malicious people to\ndisclose potentially sensitive information and cause a DoS (Denial of\nService). \n\n1) An input sanitisation error in Miniweb.exe when handling HTTP GET\nrequests can be exploited to download arbitrary files via directory\ntraversal attacks sent in a web request. \n\n2) An input validation error in Miniweb.exe when handling HTTP POST\nrequests can be exploited to crash the process via specially crafted\ncontent sent in a web request. \n\nThe vulnerabilities are confirmed in version 2008 SP2 Upd13\n(K01.03.02.13_01.02.00.01). Other versions may also be affected. \n\nSOLUTION:\nRestrict access to trusted hosts only. \n\nPROVIDED AND/OR DISCOVERED BY:\nLuigi Auriemma\n\nORIGINAL ADVISORY:\nhttp://aluigi.altervista.org/adv/winccflex_1-adv.txt\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4876"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001318"
},
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"db": "CNVD",
"id": "CNVD-2012-0466"
},
{
"db": "BID",
"id": "50828"
},
{
"db": "IVD",
"id": "28b71d12-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52821"
},
{
"db": "PACKETSTORM",
"id": "107419"
}
],
"trust": 5.49
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-52821",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52821"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "50828",
"trust": 3.9
},
{
"db": "NVD",
"id": "CVE-2011-4876",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01",
"trust": 3.4
},
{
"db": "SIEMENS",
"id": "SSA-345442",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "46997",
"trust": 1.2
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-332-02A",
"trust": 1.1
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-332-02",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "77381",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "18166",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201202-091",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0466",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001318",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-5108",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-5110",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-5103",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-5107",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2011-5105",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201111-480",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01A",
"trust": 0.3
},
{
"db": "IVD",
"id": "28B71D12-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52821",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "107419",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "28b71d12-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"db": "CNVD",
"id": "CNVD-2012-0466"
},
{
"db": "VULHUB",
"id": "VHN-52821"
},
{
"db": "BID",
"id": "50828"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001318"
},
{
"db": "PACKETSTORM",
"id": "107419"
},
{
"db": "NVD",
"id": "CVE-2011-4876"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-480"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-091"
}
]
},
"id": "VAR-201202-0163",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "28b71d12-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"db": "CNVD",
"id": "CNVD-2012-0466"
},
{
"db": "VULHUB",
"id": "VHN-52821"
}
],
"trust": 4.553665231428571
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 3.8
}
],
"sources": [
{
"db": "IVD",
"id": "28b71d12-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"db": "CNVD",
"id": "CNVD-2012-0466"
}
]
},
"last_update_date": "2023-12-18T12:22:07.865000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-345442",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"title": "\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens SIMATIC WinCC Flexible Runtime \u0027HmiLoad.exe\u0027 file download vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/72694"
},
{
"title": "Siemens SIMATIC WinCC Flexible Runtime \u0027HmiLoad.exe\u0027 memory access vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/72697"
},
{
"title": "Siemens SIMATIC WinCC Flexible Runtime \u0027HmiLoad.exe\u0027 Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/72705"
},
{
"title": "Siemens SIMATIC WinCC Flexible Runtime \u0027HmiLoad.exe\u0027 service crash vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/72689"
},
{
"title": "Patch for Siemens SIMATIC WinCC HMI Directory Traversal Vulnerability (CNVD-2012-0466)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/9072"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2012-0466"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001318"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52821"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001318"
},
{
"db": "NVD",
"id": "CVE-2011-4876"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.0,
"url": "http://aluigi.altervista.org/adv/winccflex_1-adv.txt"
},
{
"trust": 3.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01.pdf"
},
{
"trust": 1.7,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"trust": 1.1,
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"trust": 1.1,
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-332-02.pdf"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-332-02a.pdf"
},
{
"trust": 1.1,
"url": "http://www.osvdb.org/77381"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/46997"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71450"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4876"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4876"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/50828"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/pages/default.aspx"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01a.pdf"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46997/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46997"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46997/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"db": "CNVD",
"id": "CNVD-2012-0466"
},
{
"db": "VULHUB",
"id": "VHN-52821"
},
{
"db": "BID",
"id": "50828"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001318"
},
{
"db": "PACKETSTORM",
"id": "107419"
},
{
"db": "NVD",
"id": "CVE-2011-4876"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-480"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-091"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "28b71d12-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"db": "CNVD",
"id": "CNVD-2012-0466"
},
{
"db": "VULHUB",
"id": "VHN-52821"
},
{
"db": "BID",
"id": "50828"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001318"
},
{
"db": "PACKETSTORM",
"id": "107419"
},
{
"db": "NVD",
"id": "CVE-2011-4876"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-480"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-091"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-07T00:00:00",
"db": "IVD",
"id": "28b71d12-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0466"
},
{
"date": "2012-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-52821"
},
{
"date": "2011-11-28T00:00:00",
"db": "BID",
"id": "50828"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001318"
},
{
"date": "2011-11-30T03:40:12",
"db": "PACKETSTORM",
"id": "107419"
},
{
"date": "2012-02-03T20:55:01.937000",
"db": "NVD",
"id": "CVE-2011-4876"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-480"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-091"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"date": "2016-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"date": "2016-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"date": "2016-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0466"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-52821"
},
{
"date": "2012-04-18T21:20:00",
"db": "BID",
"id": "50828"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001318"
},
{
"date": "2017-08-29T01:30:37.210000",
"db": "NVD",
"id": "CVE-2011-4876"
},
{
"date": "2011-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-480"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-091"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-480"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-091"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens Product HmiLoad Vulnerable to directory traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001318"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "28b71d12-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-091"
}
],
"trust": 0.8
}
}
var-201303-0256
Vulnerability from variot
Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long parameter. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. Siemens SIMATIC PCS is a process control system. Code. Multiple information-disclosure vulnerabilities 2. A directory-traversal vulnerability 3. Failed exploit attempts will result in a denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201303-0256",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 1.4,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic pcs7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "simatic pcs 7",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "8.0 sp1"
},
{
"model": "wincc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic pcs sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7\u003c8.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "5.0"
},
{
"model": "simatic wincc siemens simatic pcs sp1",
"scope": "lt",
"trust": 0.2,
"vendor": "siemens",
"version": "7.27\u003c8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "cb5589ec-1f2f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "08e4d3e0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02143"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001987"
},
{
"db": "NVD",
"id": "CVE-2013-0674"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-442"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0674"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vendor, Gleb Gritsai and Sergey Gordeychik from Positive Technologies",
"sources": [
{
"db": "BID",
"id": "58545"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
}
],
"trust": 0.9
},
"cve": "CVE-2013-0674",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-0674",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-02143",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-02175",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "cb5589ec-1f2f-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "08e4d3e0-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-60676",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-0674",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-02143",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-02175",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201303-442",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "cb5589ec-1f2f-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "08e4d3e0-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-60676",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "cb5589ec-1f2f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "08e4d3e0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02143"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60676"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001987"
},
{
"db": "NVD",
"id": "CVE-2013-0674"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-442"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long parameter. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. Siemens SIMATIC PCS is a process control system. Code. Multiple information-disclosure vulnerabilities\n2. A directory-traversal vulnerability\n3. Failed exploit attempts will result in a denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0674"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001987"
},
{
"db": "CNVD",
"id": "CNVD-2013-02143"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "BID",
"id": "58545"
},
{
"db": "IVD",
"id": "cb5589ec-1f2f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "08e4d3e0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-60676"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0674",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-13-079-02",
"trust": 2.8
},
{
"db": "SIEMENS",
"id": "SSA-714398",
"trust": 2.0
},
{
"db": "BID",
"id": "58545",
"trust": 1.5
},
{
"db": "CNNVD",
"id": "CNNVD-201303-442",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2013-02175",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-02143",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001987",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363",
"trust": 0.6
},
{
"db": "IVD",
"id": "CB5589EC-1F2F-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "08E4D3E0-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-60676",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "120899",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "cb5589ec-1f2f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "08e4d3e0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02143"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60676"
},
{
"db": "BID",
"id": "58545"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001987"
},
{
"db": "PACKETSTORM",
"id": "120899"
},
{
"db": "NVD",
"id": "CVE-2013-0674"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-442"
}
]
},
"id": "VAR-201303-0256",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "cb5589ec-1f2f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "08e4d3e0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02143"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60676"
}
],
"trust": 2.29052891
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "cb5589ec-1f2f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "08e4d3e0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02143"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
}
]
},
"last_update_date": "2023-12-18T12:30:58.847000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/entry/cc/en/"
},
{
"title": "SSA-714398: Vulnerabilities in WinCC 7.0 SP3 Update 1",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/answers/jp/ja/"
},
{
"title": "Patch for the Siemens WinCC RegReader ActiveX Control Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/32993"
},
{
"title": "Siemens SIMATIC WinCC and PCS 7 have patches for multiple vulnerabilities such as information leakage, directory traversal, buffer overflows, etc.",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/33002"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02143"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001987"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60676"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001987"
},
{
"db": "NVD",
"id": "CVE-2013-0674"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"trust": 2.0,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-079-02.pdf"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0674"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/58545"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0674"
},
{
"trust": 0.8,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-079-02-a.pdf"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/scada/simatic-wincc/pages/default.aspx"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0677"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0678"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0676"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0679"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0675"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02143"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60676"
},
{
"db": "BID",
"id": "58545"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001987"
},
{
"db": "PACKETSTORM",
"id": "120899"
},
{
"db": "NVD",
"id": "CVE-2013-0674"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-442"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "cb5589ec-1f2f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "08e4d3e0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02143"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60676"
},
{
"db": "BID",
"id": "58545"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001987"
},
{
"db": "PACKETSTORM",
"id": "120899"
},
{
"db": "NVD",
"id": "CVE-2013-0674"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-442"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-26T00:00:00",
"db": "IVD",
"id": "cb5589ec-1f2f-11e6-abef-000c29c66e3d"
},
{
"date": "2013-03-26T00:00:00",
"db": "IVD",
"id": "08e4d3e0-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02143"
},
{
"date": "2013-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"date": "2013-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-60676"
},
{
"date": "2013-03-15T00:00:00",
"db": "BID",
"id": "58545"
},
{
"date": "2013-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001987"
},
{
"date": "2013-03-21T15:07:17",
"db": "PACKETSTORM",
"id": "120899"
},
{
"date": "2013-03-21T15:55:01.533000",
"db": "NVD",
"id": "CVE-2013-0674"
},
{
"date": "2013-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"date": "2013-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-442"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02143"
},
{
"date": "2013-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"date": "2013-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-60676"
},
{
"date": "2013-04-02T15:37:00",
"db": "BID",
"id": "58545"
},
{
"date": "2013-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001987"
},
{
"date": "2013-03-22T13:49:57.633000",
"db": "NVD",
"id": "CVE-2013-0674"
},
{
"date": "2013-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"date": "2013-03-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-442"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "120899"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-442"
}
],
"trust": 1.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens WinCC RegReader ActiveX Control Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "08e4d3e0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02143"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-442"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "cb5589ec-1f2f-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "08e4d3e0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-442"
}
],
"trust": 1.0
}
}
var-201206-0115
Vulnerability from variot
Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request. WinCC flexible is a human-machine interface for use in some machine or process applications. Siemens SIMATIC WinCC Flexible does not filter out specially crafted characters when parsing URL parameters, and there is a security hole in implementation. An attacker could exploit a vulnerability to redirect a user to a malicious site. Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible.
The vulnerability is caused due to an input sanitisation error within the DiagAgent web server and can be exploited to cause a buffer overflow and crash the DiagAgent.
Successful exploitation requires the DiagAgent web server to be enabled (disabled by default). ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA49341
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49341/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
RELEASE DATE: 2012-06-07
DISCUSS ADVISORY: http://secunia.com/advisories/49341/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49341/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A weakness and some vulnerabilities have been reported in Siemens SIMATIC WinCC, which can be exploited by malicious users to disclose potentially sensitive information and system information and manipulate certain data and by malicious people to conduct spoofing and cross-site scripting attacks.
1) Certain input passed via URL parameters to two unspecified web applications is not properly sanitised before being used to construct a XPath query for XML data. This can be exploited to manipulate XPath queries by injecting arbitrary XPath code and e.g. read or write certain system settings.
2) Certain input passed via a filename to two unspecified web applications is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences.
3) Certain input passed to two unspecified web applications is not properly sanitised before being returned to the user.
4) Certain input is not properly verified before being used to redirect users. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.
The weakness and the vulnerabilities are reported in version 7.0 SP3.
SOLUTION: Apply "Update 2" (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: 1-3) The vendor credits Gleb Gritsai, Alexander Zaitsev, Sergey Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, and Andrey Medov, Positive Technologies. 4) Reported by the vendor.
ORIGINAL ADVISORY: Siemens: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf
ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0115",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc sp3",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "update 2"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.0"
}
],
"sources": [
{
"db": "IVD",
"id": "c4a98de6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3215"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002662"
},
{
"db": "NVD",
"id": "CVE-2012-3003"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-088"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp3:update_1:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3003"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gleb Gritsai, Alexander Zaitsev, Sergey Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, Andrey Medov and Siemens",
"sources": [
{
"db": "BID",
"id": "53837"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-088"
}
],
"trust": 0.9
},
"cve": "CVE-2012-3003",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-3003",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "c4a98de6-2353-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-56284",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-3003",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201206-088",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c4a98de6-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-56284",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c4a98de6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-56284"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002662"
},
{
"db": "NVD",
"id": "CVE-2012-3003"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-088"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request. WinCC flexible is a human-machine interface for use in some machine or process applications. Siemens SIMATIC WinCC Flexible does not filter out specially crafted characters when parsing URL parameters, and there is a security hole in implementation. An attacker could exploit a vulnerability to redirect a user to a malicious site. Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible. \n\nThe vulnerability is caused due to an input sanitisation error within\nthe DiagAgent web server and can be exploited to cause a buffer\noverflow and crash the DiagAgent. \n\nSuccessful exploitation requires the DiagAgent web server to be\nenabled (disabled by default). ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens SIMATIC WinCC Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA49341\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49341/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341\n\nRELEASE DATE:\n2012-06-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49341/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49341/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA weakness and some vulnerabilities have been reported in Siemens\nSIMATIC WinCC, which can be exploited by malicious users to disclose\npotentially sensitive information and system information and\nmanipulate certain data and by malicious people to conduct spoofing\nand cross-site scripting attacks. \n\n1) Certain input passed via URL parameters to two unspecified web\napplications is not properly sanitised before being used to construct\na XPath query for XML data. This can be exploited to manipulate XPath\nqueries by injecting arbitrary XPath code and e.g. read or write\ncertain system settings. \n\n2) Certain input passed via a filename to two unspecified web\napplications is not properly verified before being used to display\nfiles. This can be exploited to disclose the contents of arbitrary\nfiles via directory traversal sequences. \n\n3) Certain input passed to two unspecified web applications is not\nproperly sanitised before being returned to the user. \n\n4) Certain input is not properly verified before being used to\nredirect users. when a user clicks a specially crafted link to\nthe affected script hosted on a trusted domain. \n\nThe weakness and the vulnerabilities are reported in version 7.0 SP3. \n\nSOLUTION:\nApply \"Update 2\" (please see the vendor\u0027s advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\n1-3) The vendor credits Gleb Gritsai, Alexander Zaitsev, Sergey\nScherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis\nBaranov, and Andrey Medov, Positive Technologies. \n4) Reported by the vendor. \n\nORIGINAL ADVISORY:\nSiemens:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf\n\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3003"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002662"
},
{
"db": "CNVD",
"id": "CNVD-2012-3215"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "IVD",
"id": "c4a98de6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-56284"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3003",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-158-01",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-223158",
"trust": 1.9
},
{
"db": "CNNVD",
"id": "CNNVD-201206-088",
"trust": 0.9
},
{
"db": "BID",
"id": "53837",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "49341",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-3215",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002662",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "19751",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "49359",
"trust": 0.3
},
{
"db": "IVD",
"id": "C4A98DE6-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-56284",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113374",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113371",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c4a98de6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3215"
},
{
"db": "VULHUB",
"id": "VHN-56284"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002662"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "NVD",
"id": "CVE-2012-3003"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-088"
}
]
},
"id": "VAR-201206-0115",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c4a98de6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3215"
},
{
"db": "VULHUB",
"id": "VHN-56284"
}
],
"trust": 1.5935203766666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c4a98de6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3215"
}
]
},
"last_update_date": "2023-12-18T12:38:49.138000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-223158: Multiple Vulnerabilities in WinCC 7.0 SP3",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens WinCC Vulnerability (CNVD-2012-3215)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/18135"
},
{
"title": "Update 2 for WinCC V7.0 SP3 und WinCC V7.0 SP3 ASIA",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=43310"
},
{
"title": "Update 2 for WinCC V7.0 SP3 und WinCC V7.0 SP3 ASIA",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=43309"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3215"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002662"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-088"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56284"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002662"
},
{
"db": "NVD",
"id": "CVE-2012-3003"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-158-01.pdf"
},
{
"trust": 1.9,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3003"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3003"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/49341"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/53837"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19751"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/pages/default.aspx"
},
{
"trust": 0.2,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49359/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49359/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49359"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49341/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49341/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3215"
},
{
"db": "VULHUB",
"id": "VHN-56284"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002662"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "NVD",
"id": "CVE-2012-3003"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-088"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c4a98de6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3215"
},
{
"db": "VULHUB",
"id": "VHN-56284"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002662"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "NVD",
"id": "CVE-2012-3003"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-088"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-19T00:00:00",
"db": "IVD",
"id": "c4a98de6-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3215"
},
{
"date": "2012-06-08T00:00:00",
"db": "VULHUB",
"id": "VHN-56284"
},
{
"date": "2012-06-06T00:00:00",
"db": "BID",
"id": "53837"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002662"
},
{
"date": "2012-06-08T07:05:53",
"db": "PACKETSTORM",
"id": "113374"
},
{
"date": "2012-06-08T07:05:43",
"db": "PACKETSTORM",
"id": "113371"
},
{
"date": "2012-06-08T18:55:02.347000",
"db": "NVD",
"id": "CVE-2012-3003"
},
{
"date": "2012-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-088"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3215"
},
{
"date": "2012-06-12T00:00:00",
"db": "VULHUB",
"id": "VHN-56284"
},
{
"date": "2012-06-06T00:00:00",
"db": "BID",
"id": "53837"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002662"
},
{
"date": "2012-06-12T04:00:00",
"db": "NVD",
"id": "CVE-2012-3003"
},
{
"date": "2012-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-088"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201206-088"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens WinCC of Web Application open redirect vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002662"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "c4a98de6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-088"
}
],
"trust": 0.8
}
}
var-201308-0267
Vulnerability from variot
Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product. Based on the Windows platform, Siemens SIMATIC WinCC provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to multi-user systems supporting redundant servers and remote web client solutions. Siemens SIMATIC WinCC TIA Portal is prone to a remote URL-redirection vulnerability. An attacker can leverage this issue by constructing a URI that includes a malicious site redirection. When an unsuspecting victim follows the URI, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Siemens SIMATIC WinCC TIA Portal prior to 12SP1 are vulnerable. The software enables fast and intuitive development and commissioning of automation systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201308-0267",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "11.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "12.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "11"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "12 sp1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc",
"version": "11.0"
},
{
"model": "simatic wincc tia portal",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "12.x"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "12.0"
}
],
"sources": [
{
"db": "IVD",
"id": "ce6aff78-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-11281"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003627"
},
{
"db": "NVD",
"id": "CVE-2013-4912"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-680"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:11.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:11.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4912"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Timur Yunusov and Sergey Bobrov from Positive Technologies",
"sources": [
{
"db": "BID",
"id": "61535"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-680"
}
],
"trust": 0.9
},
"cve": "CVE-2013-4912",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-4912",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-11281",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "ce6aff78-2352-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-64914",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-4912",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-11281",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201307-680",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "ce6aff78-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-64914",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ce6aff78-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-11281"
},
{
"db": "VULHUB",
"id": "VHN-64914"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003627"
},
{
"db": "NVD",
"id": "CVE-2013-4912"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-680"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product. Based on the Windows platform, Siemens SIMATIC WinCC provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to multi-user systems supporting redundant servers and remote web client solutions. Siemens SIMATIC WinCC TIA Portal is prone to a remote URL-redirection vulnerability. \nAn attacker can leverage this issue by constructing a URI that includes a malicious site redirection. When an unsuspecting victim follows the URI, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. \nSiemens SIMATIC WinCC TIA Portal prior to 12SP1 are vulnerable. The software enables fast and intuitive development and commissioning of automation systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4912"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003627"
},
{
"db": "CNVD",
"id": "CNVD-2013-11281"
},
{
"db": "BID",
"id": "61535"
},
{
"db": "IVD",
"id": "ce6aff78-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-64914"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-4912",
"trust": 3.7
},
{
"db": "BID",
"id": "61535",
"trust": 2.6
},
{
"db": "SIEMENS",
"id": "SSA-064884",
"trust": 2.3
},
{
"db": "ICS CERT",
"id": "ICSA-13-213-02",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "54051",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "54252",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201307-680",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-11281",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003627",
"trust": 0.8
},
{
"db": "IVD",
"id": "CE6AFF78-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-64914",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "122647",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ce6aff78-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-11281"
},
{
"db": "VULHUB",
"id": "VHN-64914"
},
{
"db": "BID",
"id": "61535"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003627"
},
{
"db": "PACKETSTORM",
"id": "122647"
},
{
"db": "NVD",
"id": "CVE-2013-4912"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-680"
}
]
},
"id": "VAR-201308-0267",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ce6aff78-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-11281"
},
{
"db": "VULHUB",
"id": "VHN-64914"
}
],
"trust": 1.4840432433333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ce6aff78-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-11281"
}
]
},
"last_update_date": "2023-12-18T12:38:31.363000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-064884",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf"
},
{
"title": "Patch for Siemens SIMATIC WinCC TIA Portal URL Redirection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/37987"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11281"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003627"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64914"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003627"
},
{
"db": "NVD",
"id": "CVE-2013-4912"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf"
},
{
"trust": 1.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-13-213-02"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/61535"
},
{
"trust": 1.1,
"url": "http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/54051"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/54252"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86100"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4912"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4912"
},
{
"trust": 0.6,
"url": "http://www.secunia.com/advisories/54051/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4911"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4912"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11281"
},
{
"db": "VULHUB",
"id": "VHN-64914"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003627"
},
{
"db": "PACKETSTORM",
"id": "122647"
},
{
"db": "NVD",
"id": "CVE-2013-4912"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-680"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ce6aff78-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-11281"
},
{
"db": "VULHUB",
"id": "VHN-64914"
},
{
"db": "BID",
"id": "61535"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003627"
},
{
"db": "PACKETSTORM",
"id": "122647"
},
{
"db": "NVD",
"id": "CVE-2013-4912"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-680"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-05T00:00:00",
"db": "IVD",
"id": "ce6aff78-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-08-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-11281"
},
{
"date": "2013-08-01T00:00:00",
"db": "VULHUB",
"id": "VHN-64914"
},
{
"date": "2013-07-31T00:00:00",
"db": "BID",
"id": "61535"
},
{
"date": "2013-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003627"
},
{
"date": "2013-08-02T03:07:16",
"db": "PACKETSTORM",
"id": "122647"
},
{
"date": "2013-08-01T13:32:26.127000",
"db": "NVD",
"id": "CVE-2013-4912"
},
{
"date": "2013-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-680"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-11281"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-64914"
},
{
"date": "2013-08-01T17:55:00",
"db": "BID",
"id": "61535"
},
{
"date": "2013-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003627"
},
{
"date": "2017-08-29T01:33:41.247000",
"db": "NVD",
"id": "CVE-2013-4912"
},
{
"date": "2013-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-680"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201307-680"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC TIA Portal URL Redirection Vulnerability",
"sources": [
{
"db": "IVD",
"id": "ce6aff78-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-11281"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "ce6aff78-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-680"
}
],
"trust": 0.8
}
}
var-201504-0235
Vulnerability from variot
Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password. plural SIMATIC HMI Products and SIMATIC WinCC Contains a vulnerability that allows authentication to be completed.Even if there is no related password information, a third party may use the password hash to complete the authentication. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. Siemens SIMATIC and SIMATIC WinCC HMI Comfort Panels have verification bypass vulnerabilities that allow remote attackers to exploit vulnerabilities to bypass authentication. Multiple Siemens SIMATIC products are prone to an authentication-bypass vulnerability. This may aid in further attacks. The SIMATIC HMI Panel series, SIMATIC WinCC Runtime Advanced and Professional are all HMI software for operating and monitoring machines and plants. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. A remote attacker could exploit this vulnerability to authenticate using a known hashed password
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0235",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 2.2,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 2.2,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "wincc",
"scope": "eq",
"trust": 2.2,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "wincc",
"scope": "eq",
"trust": 2.2,
"vendor": "siemens",
"version": "7.3"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "13.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "*"
},
{
"model": "simatic hmi basic panels 2nd generation",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "(wincc 13 sp1 upd2"
},
{
"model": "simatic hmi mobile panel 277",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "(wincc all versions )"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "7.3 upd4"
},
{
"model": "simatic hmi comfort panels",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": ")"
},
{
"model": "simatic hmi multi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "(wincc all versions )"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "(wincc 13 sp1 upd2"
},
{
"model": "simatic hmi basic panels 1st generation",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "(wincc all versions )"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.x"
},
{
"model": "simatic hmi basic panels 2nd generation",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": ")"
},
{
"model": "simatic hmi basic panels generation",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "1"
},
{
"model": "simatic hmi basic panels generation",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2"
},
{
"model": "simatic hmi comfort panels",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi mobile panel",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "277"
},
{
"model": "simatic hmi mobile panels",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "13.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.3"
}
],
"sources": [
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "NVD",
"id": "CVE-2015-2823"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:sp1:*:*:advanced:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:sp1:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_basic_panels_generation_2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_comfort_panels:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_mobile_panel_277:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_multi_panels:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_basic_panels_generation_1:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2823"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quarkslab team and Ilya Karpov from Positive Technologies.",
"sources": [
{
"db": "BID",
"id": "74040"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2823",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-2823",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-02291",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "9844de6a-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-80784",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2823",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-02291",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-097",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-80784",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-2823",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "VULHUB",
"id": "VHN-80784"
},
{
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "NVD",
"id": "CVE-2015-2823"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password. plural SIMATIC HMI Products and SIMATIC WinCC Contains a vulnerability that allows authentication to be completed.Even if there is no related password information, a third party may use the password hash to complete the authentication. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. Siemens SIMATIC and SIMATIC WinCC HMI Comfort Panels have verification bypass vulnerabilities that allow remote attackers to exploit vulnerabilities to bypass authentication. Multiple Siemens SIMATIC products are prone to an authentication-bypass vulnerability. This may aid in further attacks. The SIMATIC HMI Panel series, SIMATIC WinCC Runtime Advanced and Professional are all HMI software for operating and monitoring machines and plants. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. A remote attacker could exploit this vulnerability to authenticate using a known hashed password",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2823"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "BID",
"id": "74040"
},
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-80784"
},
{
"db": "VULMON",
"id": "CVE-2015-2823"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2823",
"trust": 3.9
},
{
"db": "BID",
"id": "74040",
"trust": 2.1
},
{
"db": "SIEMENS",
"id": "SSA-487246",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-097",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2015-02291",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSA-15-099-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126",
"trust": 0.8
},
{
"db": "IVD",
"id": "344280CB-0461-40FA-A3C6-537FF0CE4AFF",
"trust": 0.2
},
{
"db": "IVD",
"id": "9844DE6A-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-80784",
"trust": 0.1
},
{
"db": "ICS CERT",
"id": "ICSA-15-099-01E",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-2823",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "VULHUB",
"id": "VHN-80784"
},
{
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"db": "BID",
"id": "74040"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "NVD",
"id": "CVE-2015-2823"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
]
},
"id": "VAR-201504-0235",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "VULHUB",
"id": "VHN-80784"
}
],
"trust": 1.79651604125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
}
]
},
"last_update_date": "2023-12-18T12:07:29.451000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-487246",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf"
},
{
"title": "Siemens SIMATIC and SIMATIC WinCC HMI Comfort Panels verify patches for bypassing vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/57127"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2015/08/31/ruskie_ics_hacker_drops_nine_holes_in_popular_siemens_power_plant_kit/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80784"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "NVD",
"id": "CVE-2015-2823"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2823"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/74040"
},
{
"trust": 1.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2823"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-099-01"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.theregister.co.uk/2015/08/31/ruskie_ics_hacker_drops_nine_holes_in_popular_siemens_power_plant_kit/"
},
{
"trust": 0.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-099-01e"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "VULHUB",
"id": "VHN-80784"
},
{
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"db": "BID",
"id": "74040"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "NVD",
"id": "CVE-2015-2823"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "VULHUB",
"id": "VHN-80784"
},
{
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"db": "BID",
"id": "74040"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "NVD",
"id": "CVE-2015-2823"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-10T00:00:00",
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"date": "2015-04-10T00:00:00",
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"date": "2015-04-08T00:00:00",
"db": "VULHUB",
"id": "VHN-80784"
},
{
"date": "2015-04-08T00:00:00",
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"date": "2015-04-10T00:00:00",
"db": "BID",
"id": "74040"
},
{
"date": "2015-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"date": "2015-04-08T16:59:01.270000",
"db": "NVD",
"id": "CVE-2015-2823"
},
{
"date": "2015-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-80784"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"date": "2015-11-03T19:21:00",
"db": "BID",
"id": "74040"
},
{
"date": "2015-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"date": "2016-11-28T19:21:58.403000",
"db": "NVD",
"id": "CVE-2015-2823"
},
{
"date": "2015-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SIMATIC HMI Products and SIMATIC WinCC Vulnerabilities that complete authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
],
"trust": 0.6
}
}
var-201202-0047
Vulnerability from variot
CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. plural Siemens Product HMI Web The server CRLF An injection vulnerability exists.By any third party HTTP Inserted header, and HTTP Response splitting attacks can be triggered. Siemens SIMATIC is an automation software in a single engineering environment. The HMI web server has a header injection vulnerability that allows elevation of privilege, stealing data or breaking services. Siemens SIMATIC WinCC is prone to an HTTP-header-injection issue, a directory-traversal issue, and an arbitrary memory-read access issue because the application fails to properly sanitize user-supplied input. A remote attacker can exploit these issues to gain elevated privileges, obtain sensitive information, or cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0047",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "mp"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "op"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "tp"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2007"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2005"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2004"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc runtime advanced",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "comfort_panels"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "mobile_panels"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2008"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2005"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2007"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2004"
},
{
"model": "wincc flexible runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "comfort panels"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "mobile panels"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "v11 sp2 update 1"
},
{
"model": "simatic wincc flexible",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "2008 sp3"
},
{
"model": "simatic wincc flexible rumtime",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "v11"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc flexible",
"version": "2008"
},
{
"model": "simatic wincc flexible runtime",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi panels",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "wincc flexible runtime",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "v11"
},
{
"model": "simatic wincc flexible runtime",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2004"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2005"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2007"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
},
{
"model": "comfort panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mobile panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "op",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "tp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc runtime advanced",
"version": "v11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible runtime",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "289d30d2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0462"
},
{
"db": "BID",
"id": "51836"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001314"
},
{
"db": "NVD",
"id": "CVE-2011-4512"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-087"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:sp2:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "v11",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:v11:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4512"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ICS-CERT",
"sources": [
{
"db": "BID",
"id": "51836"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-087"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4512",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-4512",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "289d30d2-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-52457",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4512",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-087",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "289d30d2-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-52457",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "289d30d2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52457"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001314"
},
{
"db": "NVD",
"id": "CVE-2011-4512"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-087"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. plural Siemens Product HMI Web The server CRLF An injection vulnerability exists.By any third party HTTP Inserted header, and HTTP Response splitting attacks can be triggered. Siemens SIMATIC is an automation software in a single engineering environment. The HMI web server has a header injection vulnerability that allows elevation of privilege, stealing data or breaking services. Siemens SIMATIC WinCC is prone to an HTTP-header-injection issue, a directory-traversal issue, and an arbitrary memory-read access issue because the application fails to properly sanitize user-supplied input. \nA remote attacker can exploit these issues to gain elevated privileges, obtain sensitive information, or cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4512"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001314"
},
{
"db": "CNVD",
"id": "CNVD-2012-0462"
},
{
"db": "BID",
"id": "51836"
},
{
"db": "IVD",
"id": "289d30d2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52457"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4512",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01",
"trust": 3.4
},
{
"db": "SIEMENS",
"id": "SSA-345442",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2012-0462",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201202-087",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001314",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "18633",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01A",
"trust": 0.3
},
{
"db": "BID",
"id": "51836",
"trust": 0.3
},
{
"db": "IVD",
"id": "289D30D2-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52457",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "289d30d2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0462"
},
{
"db": "VULHUB",
"id": "VHN-52457"
},
{
"db": "BID",
"id": "51836"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001314"
},
{
"db": "NVD",
"id": "CVE-2011-4512"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-087"
}
]
},
"id": "VAR-201202-0047",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "289d30d2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0462"
},
{
"db": "VULHUB",
"id": "VHN-52457"
}
],
"trust": 1.494686884
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "289d30d2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0462"
}
]
},
"last_update_date": "2023-12-18T12:22:07.785000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-345442",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"title": "\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens SIMATIC WinCC HMI Header Injection Vulnerability (CNVD-2012-0462)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/9060"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0462"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001314"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52457"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001314"
},
{
"db": "NVD",
"id": "CVE-2011-4512"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01.pdf"
},
{
"trust": 1.7,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4512"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4512"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/18633"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/scada/pages/default.aspx"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01a.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0462"
},
{
"db": "VULHUB",
"id": "VHN-52457"
},
{
"db": "BID",
"id": "51836"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001314"
},
{
"db": "NVD",
"id": "CVE-2011-4512"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-087"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "289d30d2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0462"
},
{
"db": "VULHUB",
"id": "VHN-52457"
},
{
"db": "BID",
"id": "51836"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001314"
},
{
"db": "NVD",
"id": "CVE-2011-4512"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-087"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-07T00:00:00",
"db": "IVD",
"id": "289d30d2-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0462"
},
{
"date": "2012-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-52457"
},
{
"date": "2012-02-02T00:00:00",
"db": "BID",
"id": "51836"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001314"
},
{
"date": "2012-02-03T20:55:01.453000",
"db": "NVD",
"id": "CVE-2011-4512"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-087"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0462"
},
{
"date": "2012-02-06T00:00:00",
"db": "VULHUB",
"id": "VHN-52457"
},
{
"date": "2012-04-18T21:20:00",
"db": "BID",
"id": "51836"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001314"
},
{
"date": "2012-02-06T05:00:00",
"db": "NVD",
"id": "CVE-2011-4512"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-087"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-087"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC HMI Web Server Multiple Input Validation Vulnerabilities",
"sources": [
{
"db": "BID",
"id": "51836"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-087"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code injection",
"sources": [
{
"db": "IVD",
"id": "289d30d2-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-087"
}
],
"trust": 0.8
}
}
var-201808-0744
Vulnerability from variot
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device. SIMATIC STEP 7 and WinCC (TIA Portal ) Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens SIMATIC STEP 7 (TIA Portal) is a set of programming software for SIMATIC controllers. The software provides PLC programming, design option packages and advanced drive technology. WinCC (TIA Portal) is an automated data acquisition and monitoring (SCADA) system. The system provides functions such as process monitoring and data acquisition. And resources that are executed by the user. Siemens SIMATIC STEP 7 and SIMATIC WinCC are prone to multiple insecure file-permissions vulnerabilities. A local attacker can exploit these issues by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0744",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "15.0"
},
{
"model": "simatic step 7 \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "13.0"
},
{
"model": "simatic step 7 \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "15.0"
},
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "13.0"
},
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "10.0"
},
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "11.0"
},
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "12.0"
},
{
"model": "simatic step 7 \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "simatic step 7 \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "11.0"
},
{
"model": "simatic step 7 \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "10.0"
},
{
"model": "simatic step 7 \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "12.0"
},
{
"model": "simatic step 7",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "710"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "711"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "712"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "713"
},
{
"model": "simatic step sp1 update",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "714.*\u003c146"
},
{
"model": "simatic step update",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "715.*\u003c152"
},
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "10"
},
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "11"
},
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "12"
},
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "13"
},
{
"model": "wincc sp1 update",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "14.*\u003c146"
},
{
"model": "wincc update",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "15.*\u003c152"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "simatic step 7 tia portal",
"version": "13.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v120"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v110"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v15"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v13"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v10"
},
{
"model": "simatic step tia portal",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v14"
},
{
"model": "simatic step tia portal",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v13"
},
{
"model": "simatic step tia portal",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v12"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v15"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v11"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7 tia portal",
"version": "10.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7 tia portal",
"version": "11.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7 tia portal",
"version": "12.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7 tia portal",
"version": "14.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7 tia portal",
"version": "15.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": "10.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": "11.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": "12.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": "13.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": "14.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": "15.0"
}
],
"sources": [
{
"db": "IVD",
"id": "e2fc30c0-39ab-11e9-8ae0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19602"
},
{
"db": "BID",
"id": "105115"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009208"
},
{
"db": "NVD",
"id": "CVE-2018-11454"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-240"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):13.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-11454"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Younes Dragoni from Nozomi Networks.",
"sources": [
{
"db": "BID",
"id": "105115"
}
],
"trust": 0.3
},
"cve": "CVE-2018-11454",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-11454",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-19602",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "e2fc30c0-39ab-11e9-8ae0-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-121315",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-11454",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-11454",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-19602",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-240",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2fc30c0-39ab-11e9-8ae0-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-121315",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2fc30c0-39ab-11e9-8ae0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19602"
},
{
"db": "VULHUB",
"id": "VHN-121315"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009208"
},
{
"db": "NVD",
"id": "CVE-2018-11454"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-240"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions \u003c V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions \u003c V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device. SIMATIC STEP 7 and WinCC (TIA Portal ) Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens SIMATIC STEP 7 (TIA Portal) is a set of programming software for SIMATIC controllers. The software provides PLC programming, design option packages and advanced drive technology. WinCC (TIA Portal) is an automated data acquisition and monitoring (SCADA) system. The system provides functions such as process monitoring and data acquisition. And resources that are executed by the user. Siemens SIMATIC STEP 7 and SIMATIC WinCC are prone to multiple insecure file-permissions vulnerabilities. \nA local attacker can exploit these issues by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-11454"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009208"
},
{
"db": "CNVD",
"id": "CNVD-2018-19602"
},
{
"db": "BID",
"id": "105115"
},
{
"db": "IVD",
"id": "e2fc30c0-39ab-11e9-8ae0-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-121315"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-11454",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-979106",
"trust": 2.3
},
{
"db": "BID",
"id": "105115",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-18-226-01",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201808-240",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-19602",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009208",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2FC30C0-39AB-11E9-8AE0-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-121315",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2fc30c0-39ab-11e9-8ae0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19602"
},
{
"db": "VULHUB",
"id": "VHN-121315"
},
{
"db": "BID",
"id": "105115"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009208"
},
{
"db": "NVD",
"id": "CVE-2018-11454"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-240"
}
]
},
"id": "VAR-201808-0744",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2fc30c0-39ab-11e9-8ae0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19602"
},
{
"db": "VULHUB",
"id": "VHN-121315"
}
],
"trust": 1.6596514042857142
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2fc30c0-39ab-11e9-8ae0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19602"
}
]
},
"last_update_date": "2023-12-18T12:43:53.710000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-979106",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf"
},
{
"title": "Patch for Siemens SIMATIC STEP 7 and WinCC Rights Management Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/140875"
},
{
"title": "Siemens SIMATIC STEP 7 and WinCC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83959"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19602"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009208"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-240"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121315"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009208"
},
{
"db": "NVD",
"id": "CVE-2018-11454"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105115"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-226-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11454"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11454"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19602"
},
{
"db": "VULHUB",
"id": "VHN-121315"
},
{
"db": "BID",
"id": "105115"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009208"
},
{
"db": "NVD",
"id": "CVE-2018-11454"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-240"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2fc30c0-39ab-11e9-8ae0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19602"
},
{
"db": "VULHUB",
"id": "VHN-121315"
},
{
"db": "BID",
"id": "105115"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009208"
},
{
"db": "NVD",
"id": "CVE-2018-11454"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-240"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-21T00:00:00",
"db": "IVD",
"id": "e2fc30c0-39ab-11e9-8ae0-000c29342cb1"
},
{
"date": "2018-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19602"
},
{
"date": "2018-08-07T00:00:00",
"db": "VULHUB",
"id": "VHN-121315"
},
{
"date": "2018-08-14T00:00:00",
"db": "BID",
"id": "105115"
},
{
"date": "2018-11-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009208"
},
{
"date": "2018-08-07T15:29:00.373000",
"db": "NVD",
"id": "CVE-2018-11454"
},
{
"date": "2018-08-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-240"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19602"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-121315"
},
{
"date": "2018-08-14T00:00:00",
"db": "BID",
"id": "105115"
},
{
"date": "2019-01-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009208"
},
{
"date": "2019-10-09T23:33:32.290000",
"db": "NVD",
"id": "CVE-2018-11454"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-240"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "105115"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-240"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SIMATIC STEP 7 and WinCC Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009208"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-240"
}
],
"trust": 0.6
}
}
var-201303-0259
Vulnerability from variot
The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a crafted project file. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. Siemens SIMATIC PCS is a process control system. Code. Multiple information-disclosure vulnerabilities 2. A directory-traversal vulnerability 3. Failed exploit attempts will result in a denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201303-0259",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 1.4,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic pcs7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "simatic pcs 7",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "8.0 sp1"
},
{
"model": "simatic pcs sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7\u003c8.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "09175612-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001989"
},
{
"db": "NVD",
"id": "CVE-2013-0677"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-445"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0677"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vendor, Gleb Gritsai and Sergey Gordeychik from Positive Technologies",
"sources": [
{
"db": "BID",
"id": "58545"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
}
],
"trust": 0.9
},
"cve": "CVE-2013-0677",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-0677",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-02175",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "09175612-2353-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-60679",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-0677",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-02175",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201303-445",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "09175612-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-60679",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2013-0677",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "09175612-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60679"
},
{
"db": "VULMON",
"id": "CVE-2013-0677"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001989"
},
{
"db": "NVD",
"id": "CVE-2013-0677"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-445"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a crafted project file. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. Siemens SIMATIC PCS is a process control system. Code. Multiple information-disclosure vulnerabilities\n2. A directory-traversal vulnerability\n3. Failed exploit attempts will result in a denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0677"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001989"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "BID",
"id": "58545"
},
{
"db": "IVD",
"id": "09175612-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-60679"
},
{
"db": "VULMON",
"id": "CVE-2013-0677"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0677",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-13-079-02",
"trust": 2.9
},
{
"db": "SIEMENS",
"id": "SSA-714398",
"trust": 2.1
},
{
"db": "BID",
"id": "58545",
"trust": 1.5
},
{
"db": "CNNVD",
"id": "CNNVD-201303-445",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001989",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-02175",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363",
"trust": 0.6
},
{
"db": "IVD",
"id": "09175612-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-60679",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2013-0677",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "120899",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "09175612-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60679"
},
{
"db": "VULMON",
"id": "CVE-2013-0677"
},
{
"db": "BID",
"id": "58545"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001989"
},
{
"db": "PACKETSTORM",
"id": "120899"
},
{
"db": "NVD",
"id": "CVE-2013-0677"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-445"
}
]
},
"id": "VAR-201303-0259",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "09175612-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60679"
}
],
"trust": 1.49052891
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "09175612-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
}
]
},
"last_update_date": "2023-12-18T12:30:59.053000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/entry/cc/en/"
},
{
"title": "SSA-714398: Vulnerabilities in WinCC 7.0 SP3 Update 1",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/answers/jp/ja/"
},
{
"title": "Siemens SIMATIC WinCC and PCS 7 have patches for multiple vulnerabilities such as information leakage, directory traversal, buffer overflows, etc.",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/33002"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001989"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60679"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001989"
},
{
"db": "NVD",
"id": "CVE-2013-0677"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"trust": 2.1,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-079-02.pdf"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/58545"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0677"
},
{
"trust": 0.8,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-079-02-a.pdf"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0677"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/scada/simatic-wincc/pages/default.aspx"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=28666"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-13-079-02"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0677"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0678"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0676"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0679"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0675"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60679"
},
{
"db": "VULMON",
"id": "CVE-2013-0677"
},
{
"db": "BID",
"id": "58545"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001989"
},
{
"db": "PACKETSTORM",
"id": "120899"
},
{
"db": "NVD",
"id": "CVE-2013-0677"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-445"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "09175612-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60679"
},
{
"db": "VULMON",
"id": "CVE-2013-0677"
},
{
"db": "BID",
"id": "58545"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001989"
},
{
"db": "PACKETSTORM",
"id": "120899"
},
{
"db": "NVD",
"id": "CVE-2013-0677"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-445"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-22T00:00:00",
"db": "IVD",
"id": "09175612-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"date": "2013-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-60679"
},
{
"date": "2013-03-21T00:00:00",
"db": "VULMON",
"id": "CVE-2013-0677"
},
{
"date": "2013-03-15T00:00:00",
"db": "BID",
"id": "58545"
},
{
"date": "2013-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001989"
},
{
"date": "2013-03-21T15:07:17",
"db": "PACKETSTORM",
"id": "120899"
},
{
"date": "2013-03-21T15:55:01.583000",
"db": "NVD",
"id": "CVE-2013-0677"
},
{
"date": "2013-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"date": "2013-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-445"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"date": "2013-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-60679"
},
{
"date": "2013-03-22T00:00:00",
"db": "VULMON",
"id": "CVE-2013-0677"
},
{
"date": "2013-04-02T15:37:00",
"db": "BID",
"id": "58545"
},
{
"date": "2013-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001989"
},
{
"date": "2013-03-22T14:11:21.193000",
"db": "NVD",
"id": "CVE-2013-0677"
},
{
"date": "2013-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"date": "2013-03-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-445"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "120899"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-445"
}
],
"trust": 1.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC And PCS 7 Multiple Security Vulnerabilities",
"sources": [
{
"db": "BID",
"id": "58545"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-445"
}
],
"trust": 0.6
}
}
var-201209-0224
Vulnerability from variot
Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a (1) GET parameter, (2) POST parameter, or (3) Referer HTTP header. Siemens SIMATIC PCS7 And used in other products Siemens WinCC of WebNavigator Contains a cross-site scripting vulnerability.By any third party, any Web Script or HTML May be inserted. (1) GET Parameters (2) POST Parameters (3) Referer HTTP header. A cross-site request forgery vulnerability exists in Siemens SIMATIC WinCC that allows an attacker to build a malicious web page, trick the user into parsing, and perform malicious actions in the target user context. Siemens SIMATIC is an automation software in a single engineering environment. Part of the input passed to the WebNavigator component lacks filtering before returning to the user, and can be exploited for cross-site scripting attacks to obtain sensitive information or hijack user sessions. Siemens SIMATIC WinCC is prone to information-disclosure, SQL-injection, directory-traversal, and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. The attacker may exploit the information-disclosure issue and directory-traversal issues to gain access to sensitive information that may lead to further attacks. The attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Siemens SIMATIC WinCC 7.0 SP3 and prior versions are vulnerable. WinCC flexible is a human-machine interface used in some machine or process applications.
The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to perform certain unspecified actions when a logged-in administrative user visits a specially crafted web page. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA50568
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50568/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
RELEASE DATE: 2012-09-11
DISCUSS ADVISORY: http://secunia.com/advisories/50568/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/50568/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Siemens SIMATIC WinCC, which can be exploited by malicious people to conduct cross-site scripting attacks, conduct SQL injection attacks, and disclose certain sensitive information.
2) Certain input passed to the WebNavigator component is not properly verified before being used to read files. This can be exploited to read arbitrary files via directory traversal sequences.
3) Certain input passed via SOAP messages to the WebNavigator component is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
4) An error within the ActiveX control can be exploited to disclose the username and password of an authenticated user.
SOLUTION: Apply Update 3.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: The vendor credits Denis Baranov, Sergey Bobrov, Artem Chaykin, Vladimir Kochetkov, Pavel Toporkov, and Timur Yunusov, Positive Technologies.
ORIGINAL ADVISORY: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201209-0224",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "6.0"
},
{
"model": "simatic pcs 7",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "lte",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.x"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "77.x"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "5dd0e308-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "CNVD",
"id": "CNVD-2012-5084"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004448"
},
{
"db": "NVD",
"id": "CVE-2012-3031"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-294"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:sp3:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3031"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pavel Toporkov,Denis Baranov Sergey Bobrov, Artem Chaykin,Timur Yunusov from Positive Technologies, Vladimir Kochetkov",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-294"
}
],
"trust": 0.6
},
"cve": "CVE-2012-3031",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-3031",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2012-5088",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "5dd0e308-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-56312",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-3031",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2012-5088",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201209-294",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5dd0e308-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-56312",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5dd0e308-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "VULHUB",
"id": "VHN-56312"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004448"
},
{
"db": "NVD",
"id": "CVE-2012-3031"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-294"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a (1) GET parameter, (2) POST parameter, or (3) Referer HTTP header. Siemens SIMATIC PCS7 And used in other products Siemens WinCC of WebNavigator Contains a cross-site scripting vulnerability.By any third party, any Web Script or HTML May be inserted. (1) GET Parameters (2) POST Parameters (3) Referer HTTP header. A cross-site request forgery vulnerability exists in Siemens SIMATIC WinCC that allows an attacker to build a malicious web page, trick the user into parsing, and perform malicious actions in the target user context. Siemens SIMATIC is an automation software in a single engineering environment. Part of the input passed to the WebNavigator component lacks filtering before returning to the user, and can be exploited for cross-site scripting attacks to obtain sensitive information or hijack user sessions. Siemens SIMATIC WinCC is prone to information-disclosure, SQL-injection, directory-traversal, and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. \nThe attacker may exploit the information-disclosure issue and directory-traversal issues to gain access to sensitive information that may lead to further attacks. \nThe attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nAn attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nSiemens SIMATIC WinCC 7.0 SP3 and prior versions are vulnerable. WinCC flexible is a human-machine interface used in some machine or process applications. \n\nThe application allows users to perform certain actions via HTTP\nrequests without performing proper validity checks to verify the\nrequests. This can be exploited to perform certain unspecified\nactions when a logged-in administrative user visits a specially\ncrafted web page. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens SIMATIC WinCC Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA50568\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50568/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568\n\nRELEASE DATE:\n2012-09-11\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50568/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50568/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Siemens SIMATIC WinCC,\nwhich can be exploited by malicious people to conduct cross-site\nscripting attacks, conduct SQL injection attacks, and disclose\ncertain sensitive information. \n\n2) Certain input passed to the WebNavigator component is not properly\nverified before being used to read files. This can be exploited to\nread arbitrary files via directory traversal sequences. \n\n3) Certain input passed via SOAP messages to the WebNavigator\ncomponent is not properly sanitised before being used in SQL queries. \nThis can be exploited to manipulate SQL queries by injecting arbitrary\nSQL code. \n\n4) An error within the ActiveX control can be exploited to disclose\nthe username and password of an authenticated user. \n\nSOLUTION:\nApply Update 3. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Denis Baranov, Sergey Bobrov, Artem Chaykin,\nVladimir Kochetkov, Pavel Toporkov, and Timur Yunusov, Positive\nTechnologies. \n\nORIGINAL ADVISORY:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3031"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004448"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "CNVD",
"id": "CNVD-2012-5084"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "IVD",
"id": "5dd0e308-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-56312"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3031",
"trust": 4.2
},
{
"db": "SIEMENS",
"id": "SSA-864051",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-256-01",
"trust": 1.9
},
{
"db": "CNNVD",
"id": "CNNVD-201209-294",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-5084",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004448",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2012-5088",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47149",
"trust": 0.6
},
{
"db": "BID",
"id": "55492",
"trust": 0.3
},
{
"db": "IVD",
"id": "5DD0E308-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "50581",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "50568",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-56312",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116445",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116447",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5dd0e308-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "CNVD",
"id": "CNVD-2012-5084"
},
{
"db": "VULHUB",
"id": "VHN-56312"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004448"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "NVD",
"id": "CVE-2012-3031"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-294"
}
]
},
"id": "VAR-201209-0224",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5dd0e308-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "CNVD",
"id": "CNVD-2012-5084"
},
{
"db": "VULHUB",
"id": "VHN-56312"
}
],
"trust": 2.09052891
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.4
}
],
"sources": [
{
"db": "IVD",
"id": "5dd0e308-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "CNVD",
"id": "CNVD-2012-5084"
}
]
},
"last_update_date": "2023-12-18T12:58:16.194000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/"
},
{
"title": "SSA-864051: Multiple Vulnerabilities in WinCC 7.0 SP3",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens SIMATIC WinCC Cross-Site Request Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/80787"
},
{
"title": "Patch for Siemens SIMATIC WinCC Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/22132"
},
{
"title": "WinCC_V70_SP3_Upd4",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=44861"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "CNVD",
"id": "CNVD-2012-5084"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004448"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-294"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56312"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004448"
},
{
"db": "NVD",
"id": "CVE-2012-3031"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-256-01.pdf"
},
{
"trust": 1.3,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"trust": 1.1,
"url": "http://en.securitylab.ru/lab/pt-2012-42"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3031"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3031"
},
{
"trust": 0.6,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-864051.pdf"
},
{
"trust": 0.6,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdfhttp"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47149"
},
{
"trust": 0.3,
"url": "http://aunz.siemens.com/newscentre/productreleases/pages/iac_pr_simaticwinccv62.aspx"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50581"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50581/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50581/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50568/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50568/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "CNVD",
"id": "CNVD-2012-5084"
},
{
"db": "VULHUB",
"id": "VHN-56312"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004448"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "NVD",
"id": "CVE-2012-3031"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-294"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5dd0e308-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "CNVD",
"id": "CNVD-2012-5084"
},
{
"db": "VULHUB",
"id": "VHN-56312"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004448"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "NVD",
"id": "CVE-2012-3031"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-294"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-13T00:00:00",
"db": "IVD",
"id": "5dd0e308-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"date": "2012-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5084"
},
{
"date": "2012-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-56312"
},
{
"date": "2012-09-11T00:00:00",
"db": "BID",
"id": "55492"
},
{
"date": "2012-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004448"
},
{
"date": "2012-09-11T07:30:00",
"db": "PACKETSTORM",
"id": "116445"
},
{
"date": "2012-09-11T07:30:06",
"db": "PACKETSTORM",
"id": "116447"
},
{
"date": "2012-09-18T14:55:01.490000",
"db": "NVD",
"id": "CVE-2012-3031"
},
{
"date": "2012-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-294"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"date": "2012-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5084"
},
{
"date": "2012-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-56312"
},
{
"date": "2012-09-12T22:50:00",
"db": "BID",
"id": "55492"
},
{
"date": "2012-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004448"
},
{
"date": "2012-09-19T04:00:00",
"db": "NVD",
"id": "CVE-2012-3031"
},
{
"date": "2020-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-294"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-294"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "5dd0e308-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5084"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-294"
}
],
"trust": 0.6
}
}
var-201209-0222
Vulnerability from variot
Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service. (DoS) There is a possibility of being put into a state. Siemens SIMATIC is an automation software in a single engineering environment. Siemens SIMATIC WinCC is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. Siemens SIMATIC WinCC 7.0 SP3 and prior versions are vulnerable.
The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to perform certain unspecified actions when a logged-in administrative user visits a specially crafted web page. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA50568
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50568/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
RELEASE DATE: 2012-09-11
DISCUSS ADVISORY: http://secunia.com/advisories/50568/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/50568/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Siemens SIMATIC WinCC, which can be exploited by malicious people to conduct cross-site scripting attacks, conduct SQL injection attacks, and disclose certain sensitive information.
1) Certain unspecified input passed to the WebNavigator component is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Certain input passed to the WebNavigator component is not properly verified before being used to read files. This can be exploited to read arbitrary files via directory traversal sequences.
3) Certain input passed via SOAP messages to the WebNavigator component is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
4) An error within the ActiveX control can be exploited to disclose the username and password of an authenticated user.
SOLUTION: Apply Update 3.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: The vendor credits Denis Baranov, Sergey Bobrov, Artem Chaykin, Vladimir Kochetkov, Pavel Toporkov, and Timur Yunusov, Positive Technologies.
ORIGINAL ADVISORY: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201209-0222",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "6.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "6.0"
},
{
"model": "simatic pcs 7",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "lte",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "5ddc3ec4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "BID",
"id": "55493"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004446"
},
{
"db": "NVD",
"id": "CVE-2012-3028"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-303"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:sp3:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3028"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Denis Baranov, Sergey Bobrov, Artem Chaykin, Vladimir Kochetkov, Pavel Toporkov, and Timur Yunusov from Positive Technologies",
"sources": [
{
"db": "BID",
"id": "55493"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-303"
}
],
"trust": 0.9
},
"cve": "CVE-2012-3028",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-3028",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2012-5088",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "5ddc3ec4-2353-11e6-abef-000c29c66e3d",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-56309",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-3028",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2012-5088",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201209-303",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5ddc3ec4-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-56309",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5ddc3ec4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "VULHUB",
"id": "VHN-56309"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004446"
},
{
"db": "NVD",
"id": "CVE-2012-3028"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-303"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service. (DoS) There is a possibility of being put into a state. Siemens SIMATIC is an automation software in a single engineering environment. Siemens SIMATIC WinCC is prone to a cross-site request-forgery vulnerability. \nExploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. \nSiemens SIMATIC WinCC 7.0 SP3 and prior versions are vulnerable. \n\nThe application allows users to perform certain actions via HTTP\nrequests without performing proper validity checks to verify the\nrequests. This can be exploited to perform certain unspecified\nactions when a logged-in administrative user visits a specially\ncrafted web page. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens SIMATIC WinCC Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA50568\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50568/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568\n\nRELEASE DATE:\n2012-09-11\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50568/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50568/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Siemens SIMATIC WinCC,\nwhich can be exploited by malicious people to conduct cross-site\nscripting attacks, conduct SQL injection attacks, and disclose\ncertain sensitive information. \n\n1) Certain unspecified input passed to the WebNavigator component is\nnot properly sanitised before being returned to the user. This can be\nexploited to execute arbitrary HTML and script code in a user\u0027s\nbrowser session in context of an affected site. \n\n2) Certain input passed to the WebNavigator component is not properly\nverified before being used to read files. This can be exploited to\nread arbitrary files via directory traversal sequences. \n\n3) Certain input passed via SOAP messages to the WebNavigator\ncomponent is not properly sanitised before being used in SQL queries. \nThis can be exploited to manipulate SQL queries by injecting arbitrary\nSQL code. \n\n4) An error within the ActiveX control can be exploited to disclose\nthe username and password of an authenticated user. \n\nSOLUTION:\nApply Update 3. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Denis Baranov, Sergey Bobrov, Artem Chaykin,\nVladimir Kochetkov, Pavel Toporkov, and Timur Yunusov, Positive\nTechnologies. \n\nORIGINAL ADVISORY:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3028"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004446"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "BID",
"id": "55493"
},
{
"db": "IVD",
"id": "5ddc3ec4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-56309"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3028",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-864051",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-256-01",
"trust": 2.5
},
{
"db": "BID",
"id": "55493",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201209-303",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-5088",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004446",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "50581",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "20652",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "20933",
"trust": 0.6
},
{
"db": "IVD",
"id": "5DDC3EC4-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "50568",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-56309",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116445",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116447",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5ddc3ec4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "VULHUB",
"id": "VHN-56309"
},
{
"db": "BID",
"id": "55493"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004446"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "NVD",
"id": "CVE-2012-3028"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-303"
}
]
},
"id": "VAR-201209-0222",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5ddc3ec4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "VULHUB",
"id": "VHN-56309"
}
],
"trust": 1.49052891
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "5ddc3ec4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
}
]
},
"last_update_date": "2023-12-18T12:58:16.092000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/"
},
{
"title": "SSA-864051: Multiple Vulnerabilities in WinCC 7.0 SP3",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens SIMATIC WinCC Cross-Site Request Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/80787"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004446"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56309"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004446"
},
{
"db": "NVD",
"id": "CVE-2012-3028"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-256-01.pdf"
},
{
"trust": 2.2,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"trust": 1.7,
"url": "http://en.securitylab.ru/lab/pt-2012-42"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3028"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3028"
},
{
"trust": 0.6,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-864051.pdf"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/50581"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/55493"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20933"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20652"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/scada/simatic-wincc/pages/default.aspx"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50581"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50581/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50581/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50568/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50568/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "VULHUB",
"id": "VHN-56309"
},
{
"db": "BID",
"id": "55493"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004446"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "NVD",
"id": "CVE-2012-3028"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-303"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5ddc3ec4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "VULHUB",
"id": "VHN-56309"
},
{
"db": "BID",
"id": "55493"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004446"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "NVD",
"id": "CVE-2012-3028"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-303"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-13T00:00:00",
"db": "IVD",
"id": "5ddc3ec4-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"date": "2012-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-56309"
},
{
"date": "2012-09-11T00:00:00",
"db": "BID",
"id": "55493"
},
{
"date": "2012-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004446"
},
{
"date": "2012-09-11T07:30:00",
"db": "PACKETSTORM",
"id": "116445"
},
{
"date": "2012-09-11T07:30:06",
"db": "PACKETSTORM",
"id": "116447"
},
{
"date": "2012-09-18T14:55:01.397000",
"db": "NVD",
"id": "CVE-2012-3028"
},
{
"date": "2012-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-303"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"date": "2012-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-56309"
},
{
"date": "2015-03-19T09:33:00",
"db": "BID",
"id": "55493"
},
{
"date": "2012-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004446"
},
{
"date": "2012-09-19T04:00:00",
"db": "NVD",
"id": "CVE-2012-3028"
},
{
"date": "2012-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-303"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-303"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "IVD",
"id": "5ddc3ec4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "BID",
"id": "55493"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-303"
}
],
"trust": 1.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-303"
}
],
"trust": 0.6
}
}
var-201303-0258
Vulnerability from variot
Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. Siemens SIMATIC PCS is a process control system. Siemens SIMATIC WinCC 7.2, Siemens SIMATIC PCS 7 8.0 SP1 versions have information disclosure, directory traversal, buffer overflow security vulnerabilities, which can be exploited by attackers to obtain sensitive information, any system files, and execute arbitrary applications in the context of applications using ActiveX controls. Code. Multiple information-disclosure vulnerabilities 2. A directory-traversal vulnerability 3. Failed exploit attempts will result in a denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201303-0258",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 1.4,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic pcs7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "simatic pcs 7",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "8.0 sp1"
},
{
"model": "simatic pcs sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7\u003c8.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "09019714-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005228"
},
{
"db": "NVD",
"id": "CVE-2013-0676"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-444"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0676"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vendor, Gleb Gritsai and Sergey Gordeychik from Positive Technologies",
"sources": [
{
"db": "BID",
"id": "58545"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
}
],
"trust": 0.9
},
"cve": "CVE-2013-0676",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-0676",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-02175",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "09019714-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-60678",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-0676",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-02175",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201303-444",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "09019714-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-60678",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "09019714-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60678"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005228"
},
{
"db": "NVD",
"id": "CVE-2013-0676"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-444"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. Siemens SIMATIC PCS is a process control system. Siemens SIMATIC WinCC 7.2, Siemens SIMATIC PCS 7 8.0 SP1 versions have information disclosure, directory traversal, buffer overflow security vulnerabilities, which can be exploited by attackers to obtain sensitive information, any system files, and execute arbitrary applications in the context of applications using ActiveX controls. Code. Multiple information-disclosure vulnerabilities\n2. A directory-traversal vulnerability\n3. Failed exploit attempts will result in a denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0676"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005228"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "BID",
"id": "58545"
},
{
"db": "IVD",
"id": "09019714-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-60678"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0676",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-13-079-02",
"trust": 2.8
},
{
"db": "SIEMENS",
"id": "SSA-714398",
"trust": 2.0
},
{
"db": "BID",
"id": "58545",
"trust": 1.5
},
{
"db": "CNNVD",
"id": "CNNVD-201303-444",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005228",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-02175",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363",
"trust": 0.6
},
{
"db": "IVD",
"id": "09019714-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-60678",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "120899",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "09019714-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60678"
},
{
"db": "BID",
"id": "58545"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005228"
},
{
"db": "PACKETSTORM",
"id": "120899"
},
{
"db": "NVD",
"id": "CVE-2013-0676"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-444"
}
]
},
"id": "VAR-201303-0258",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "09019714-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60678"
}
],
"trust": 1.49052891
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "09019714-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
}
]
},
"last_update_date": "2023-12-18T12:30:59.106000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/entry/cc/en/"
},
{
"title": "SSA-714398: Vulnerabilities in WinCC 7.0 SP3 Update 1",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/answers/jp/ja/"
},
{
"title": "Siemens SIMATIC WinCC and PCS 7 have patches for multiple vulnerabilities such as information leakage, directory traversal, buffer overflows, etc.",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/33002"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005228"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-60678"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005228"
},
{
"db": "NVD",
"id": "CVE-2013-0676"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"trust": 2.0,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-079-02.pdf"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/58545"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0676"
},
{
"trust": 0.8,
"url": "http://ics-cert.us-cert.gov/pdf/icsa-13-079-02-a.pdf"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0676"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/scada/simatic-wincc/pages/default.aspx"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0677"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0678"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0676"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0679"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0675"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60678"
},
{
"db": "BID",
"id": "58545"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005228"
},
{
"db": "PACKETSTORM",
"id": "120899"
},
{
"db": "NVD",
"id": "CVE-2013-0676"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-444"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "09019714-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"db": "VULHUB",
"id": "VHN-60678"
},
{
"db": "BID",
"id": "58545"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-005228"
},
{
"db": "PACKETSTORM",
"id": "120899"
},
{
"db": "NVD",
"id": "CVE-2013-0676"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-444"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-22T00:00:00",
"db": "IVD",
"id": "09019714-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"date": "2013-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-60678"
},
{
"date": "2013-03-15T00:00:00",
"db": "BID",
"id": "58545"
},
{
"date": "2013-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-005228"
},
{
"date": "2013-03-21T15:07:17",
"db": "PACKETSTORM",
"id": "120899"
},
{
"date": "2013-03-21T15:55:01.567000",
"db": "NVD",
"id": "CVE-2013-0676"
},
{
"date": "2013-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"date": "2013-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-444"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-02175"
},
{
"date": "2013-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-60678"
},
{
"date": "2013-04-02T15:37:00",
"db": "BID",
"id": "58545"
},
{
"date": "2013-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-005228"
},
{
"date": "2013-03-22T13:55:16.407000",
"db": "NVD",
"id": "CVE-2013-0676"
},
{
"date": "2013-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"date": "2013-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201303-444"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "120899"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-444"
}
],
"trust": 1.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC And PCS 7 Multiple Security Vulnerabilities",
"sources": [
{
"db": "BID",
"id": "58545"
},
{
"db": "CNNVD",
"id": "CNNVD-201303-363"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201303-444"
}
],
"trust": 0.6
}
}
var-201202-0165
Vulnerability from variot
Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI. plural Siemens Product HMI Web Server miniweb.exe Contains a directory traversal vulnerability.By a third party ..%5c ( Dot dot backslash ) including URI Any file may be read via. Siemens SIMATIC is an automation software in a single engineering environment. A security vulnerability exists in the Siemens SIMATIC WinCC HMI web server. The HMI web server listening on TCP ports 80 and 443 does not correctly verify the URL in the HTTP request, and builds a URL containing a specially crafted slash to perform a directory traversal attack and read any file in the file system. Siemens SIMATIC WinCC is prone to an HTTP-header-injection issue, a directory-traversal issue, and an arbitrary memory-read access issue because the application fails to properly sanitize user-supplied input. A remote attacker can exploit these issues to gain elevated privileges, obtain sensitive information, or cause denial-of-service conditions. A remote attacker can exploit this vulnerability to read arbitrary files by means of ../ (dotted backslashes) in the URL
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0165",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "mp"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "tp"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "op"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2005"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2004"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2007"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc runtime advanced",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "comfort_panels"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "mobile_panels"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2008"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2005"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2007"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2004"
},
{
"model": "wincc flexible runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "sp2 update 1"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "v11\\\\"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "comfort panels"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "mobile panels"
},
{
"model": "simatic wincc flexible rumtime",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc flexible",
"version": "2008"
},
{
"model": "simatic hmi panels",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc flexible runtime",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "wincc flexible runtime",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "v11"
},
{
"model": "simatic wincc flexible runtime",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2004"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2005"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2007"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
},
{
"model": "comfort panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mobile panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "op",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "tp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc runtime advanced",
"version": "v11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible runtime",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "2848847e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0468"
},
{
"db": "BID",
"id": "51836"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001320"
},
{
"db": "NVD",
"id": "CVE-2011-4878"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-093"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:sp2:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "v11",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:v11:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4878"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ICS-CERT",
"sources": [
{
"db": "BID",
"id": "51836"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-093"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4878",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-4878",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "2848847e-2354-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-52823",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4878",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-093",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "2848847e-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-52823",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "2848847e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52823"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001320"
},
{
"db": "NVD",
"id": "CVE-2011-4878"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-093"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI. plural Siemens Product HMI Web Server miniweb.exe Contains a directory traversal vulnerability.By a third party ..%5c ( Dot dot backslash ) including URI Any file may be read via. Siemens SIMATIC is an automation software in a single engineering environment. A security vulnerability exists in the Siemens SIMATIC WinCC HMI web server. The HMI web server listening on TCP ports 80 and 443 does not correctly verify the URL in the HTTP request, and builds a URL containing a specially crafted slash to perform a directory traversal attack and read any file in the file system. Siemens SIMATIC WinCC is prone to an HTTP-header-injection issue, a directory-traversal issue, and an arbitrary memory-read access issue because the application fails to properly sanitize user-supplied input. \nA remote attacker can exploit these issues to gain elevated privileges, obtain sensitive information, or cause denial-of-service conditions. A remote attacker can exploit this vulnerability to read arbitrary files by means of ../ (dotted backslashes) in the URL",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4878"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001320"
},
{
"db": "CNVD",
"id": "CNVD-2012-0468"
},
{
"db": "BID",
"id": "51836"
},
{
"db": "IVD",
"id": "2848847e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52823"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-52823",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52823"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4878",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01",
"trust": 3.4
},
{
"db": "SIEMENS",
"id": "SSA-345442",
"trust": 1.7
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-332-02A",
"trust": 1.1
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-332-02",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "18166",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "77383",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201202-093",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0468",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001320",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "18633",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01A",
"trust": 0.3
},
{
"db": "BID",
"id": "51836",
"trust": 0.3
},
{
"db": "IVD",
"id": "2848847E-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52823",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "2848847e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0468"
},
{
"db": "VULHUB",
"id": "VHN-52823"
},
{
"db": "BID",
"id": "51836"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001320"
},
{
"db": "NVD",
"id": "CVE-2011-4878"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-093"
}
]
},
"id": "VAR-201202-0165",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "2848847e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0468"
},
{
"db": "VULHUB",
"id": "VHN-52823"
}
],
"trust": 1.494686884
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "2848847e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0468"
}
]
},
"last_update_date": "2023-12-18T12:22:07.582000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-345442",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"title": "\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens SIMATIC WinCC HMI Directory Traversal Vulnerability (CNVD-2012-0468)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/9074"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0468"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001320"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52823"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001320"
},
{
"db": "NVD",
"id": "CVE-2011-4878"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01.pdf"
},
{
"trust": 1.7,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"trust": 1.1,
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"trust": 1.1,
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-332-02.pdf"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-332-02a.pdf"
},
{
"trust": 1.1,
"url": "http://www.osvdb.org/77383"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71452"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4878"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4878"
},
{
"trust": 0.6,
"url": "http://aluigi.altervista.org/adv/winccflex_1-adv.txt"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/18633"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/scada/pages/default.aspx"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01a.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0468"
},
{
"db": "VULHUB",
"id": "VHN-52823"
},
{
"db": "BID",
"id": "51836"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001320"
},
{
"db": "NVD",
"id": "CVE-2011-4878"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-093"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "2848847e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0468"
},
{
"db": "VULHUB",
"id": "VHN-52823"
},
{
"db": "BID",
"id": "51836"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001320"
},
{
"db": "NVD",
"id": "CVE-2011-4878"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-093"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-07T00:00:00",
"db": "IVD",
"id": "2848847e-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0468"
},
{
"date": "2012-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-52823"
},
{
"date": "2012-02-02T00:00:00",
"db": "BID",
"id": "51836"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001320"
},
{
"date": "2012-02-03T20:55:02.030000",
"db": "NVD",
"id": "CVE-2011-4878"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-093"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0468"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-52823"
},
{
"date": "2012-04-18T21:20:00",
"db": "BID",
"id": "51836"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001320"
},
{
"date": "2017-08-29T01:30:37.350000",
"db": "NVD",
"id": "CVE-2011-4878"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-093"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-093"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens Product HMI Web Server traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001320"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "2848847e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-093"
}
],
"trust": 0.8
}
}
var-201407-0606
Vulnerability from variot
The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during the sniffing of network traffic on TCP port 1030. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A privilege elevation vulnerability exists in Siemens SIMATIC WinCC and PCS7 that allows an attacker to exploit the vulnerability to gain administrative access on the affected device. Siemens SIMATIC WinCC and PCS7 are prone to a privilege-escalation vulnerability. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0606",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 2.4,
"vendor": "wincc",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 2.4,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 1.4,
"vendor": "siemens",
"version": "7.3"
},
{
"model": null,
"scope": "eq",
"trust": 1.2,
"vendor": "wincc",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 1.2,
"vendor": "wincc",
"version": "7.1"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic pcs7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic pcs 7",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc",
"version": "*"
},
{
"model": "pcs7",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "8.1"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
}
],
"sources": [
{
"db": "IVD",
"id": "ea209009-7fdb-4811-b130-403cdc16f255"
},
{
"db": "IVD",
"id": "7d720861-463f-11e9-a37c-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ce69a6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-04643"
},
{
"db": "BID",
"id": "68875"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003569"
},
{
"db": "NVD",
"id": "CVE-2014-4686"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-606"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:*:sp1:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4686"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergey Gordeychik, Alexander Tlyapov, Dmitry Nagibin, and Gleb Gritsai from Positive Technologies.",
"sources": [
{
"db": "BID",
"id": "68875"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4686",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-4686",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-04643",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "ea209009-7fdb-4811-b130-403cdc16f255",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "7d720861-463f-11e9-a37c-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "e2ce69a6-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-72627",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-4686",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-04643",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-606",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "ea209009-7fdb-4811-b130-403cdc16f255",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d720861-463f-11e9-a37c-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2ce69a6-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-72627",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ea209009-7fdb-4811-b130-403cdc16f255"
},
{
"db": "IVD",
"id": "7d720861-463f-11e9-a37c-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ce69a6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-04643"
},
{
"db": "VULHUB",
"id": "VHN-72627"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003569"
},
{
"db": "NVD",
"id": "CVE-2014-4686"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-606"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during the sniffing of network traffic on TCP port 1030. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A privilege elevation vulnerability exists in Siemens SIMATIC WinCC and PCS7 that allows an attacker to exploit the vulnerability to gain administrative access on the affected device. Siemens SIMATIC WinCC and PCS7 are prone to a privilege-escalation vulnerability. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4686"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003569"
},
{
"db": "CNVD",
"id": "CNVD-2014-04643"
},
{
"db": "BID",
"id": "68875"
},
{
"db": "IVD",
"id": "ea209009-7fdb-4811-b130-403cdc16f255"
},
{
"db": "IVD",
"id": "7d720861-463f-11e9-a37c-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ce69a6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-72627"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4686",
"trust": 4.2
},
{
"db": "SIEMENS",
"id": "SSA-214365",
"trust": 2.3
},
{
"db": "CNNVD",
"id": "CNNVD-201407-606",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2014-04643",
"trust": 1.2
},
{
"db": "BID",
"id": "68875",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSA-14-205-02",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003569",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "60392",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "60388",
"trust": 0.6
},
{
"db": "IVD",
"id": "EA209009-7FDB-4811-B130-403CDC16F255",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D720861-463F-11E9-A37C-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "E2CE69A6-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "130406",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-72627",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127660",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ea209009-7fdb-4811-b130-403cdc16f255"
},
{
"db": "IVD",
"id": "7d720861-463f-11e9-a37c-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ce69a6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-04643"
},
{
"db": "VULHUB",
"id": "VHN-72627"
},
{
"db": "BID",
"id": "68875"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003569"
},
{
"db": "PACKETSTORM",
"id": "130406"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "NVD",
"id": "CVE-2014-4686"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-606"
}
]
},
"id": "VAR-201407-0606",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ea209009-7fdb-4811-b130-403cdc16f255"
},
{
"db": "IVD",
"id": "7d720861-463f-11e9-a37c-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ce69a6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-04643"
},
{
"db": "VULHUB",
"id": "VHN-72627"
}
],
"trust": 1.958282974
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "IVD",
"id": "ea209009-7fdb-4811-b130-403cdc16f255"
},
{
"db": "IVD",
"id": "7d720861-463f-11e9-a37c-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ce69a6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-04643"
}
]
},
"last_update_date": "2023-12-18T12:30:37.507000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-214365",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
},
{
"title": "Patch for Siemens SIMATIC WinCC and PCS7 Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/47905"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04643"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003569"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003569"
},
{
"db": "NVD",
"id": "CVE-2014-4686"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4686"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4686"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-205-02"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/68875"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/60388"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/60392"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4686"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4684"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4683"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4682"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04643"
},
{
"db": "VULHUB",
"id": "VHN-72627"
},
{
"db": "BID",
"id": "68875"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003569"
},
{
"db": "PACKETSTORM",
"id": "130406"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "NVD",
"id": "CVE-2014-4686"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-606"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ea209009-7fdb-4811-b130-403cdc16f255"
},
{
"db": "IVD",
"id": "7d720861-463f-11e9-a37c-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ce69a6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-04643"
},
{
"db": "VULHUB",
"id": "VHN-72627"
},
{
"db": "BID",
"id": "68875"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003569"
},
{
"db": "PACKETSTORM",
"id": "130406"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "NVD",
"id": "CVE-2014-4686"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-606"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-28T00:00:00",
"db": "IVD",
"id": "ea209009-7fdb-4811-b130-403cdc16f255"
},
{
"date": "2014-07-28T00:00:00",
"db": "IVD",
"id": "7d720861-463f-11e9-a37c-000c29342cb1"
},
{
"date": "2014-07-28T00:00:00",
"db": "IVD",
"id": "e2ce69a6-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04643"
},
{
"date": "2014-07-24T00:00:00",
"db": "VULHUB",
"id": "VHN-72627"
},
{
"date": "2014-07-23T00:00:00",
"db": "BID",
"id": "68875"
},
{
"date": "2014-07-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003569"
},
{
"date": "2015-02-16T17:36:59",
"db": "PACKETSTORM",
"id": "130406"
},
{
"date": "2014-07-29T22:37:22",
"db": "PACKETSTORM",
"id": "127660"
},
{
"date": "2014-07-24T14:55:08.190000",
"db": "NVD",
"id": "CVE-2014-4686"
},
{
"date": "2014-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-606"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04643"
},
{
"date": "2014-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-72627"
},
{
"date": "2015-03-19T09:08:00",
"db": "BID",
"id": "68875"
},
{
"date": "2014-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003569"
},
{
"date": "2014-07-25T14:59:40.003000",
"db": "NVD",
"id": "CVE-2014-4686"
},
{
"date": "2014-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-606"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "130406"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-606"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC PCS 7 Used in products such as SIMATIC WinCC Vulnerabilities in which important information is obtained in project management applications",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003569"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Encryption issues",
"sources": [
{
"db": "IVD",
"id": "ea209009-7fdb-4811-b130-403cdc16f255"
},
{
"db": "IVD",
"id": "7d720861-463f-11e9-a37c-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ce69a6-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 0.6
}
}
var-201206-0074
Vulnerability from variot
Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input. WinCC flexible is a human-machine interface for use in some machine or process applications. Siemens SIMATIC WinCC Flexible does not filter out specially crafted characters when parsing URL parameters, and there is a buffer overflow vulnerability in implementation. An attacker could exploit the vulnerability to cause a denial of service. Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible.
Successful exploitation requires the DiagAgent web server to be enabled (disabled by default). ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA49341
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49341/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
RELEASE DATE: 2012-06-07
DISCUSS ADVISORY: http://secunia.com/advisories/49341/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49341/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A weakness and some vulnerabilities have been reported in Siemens SIMATIC WinCC, which can be exploited by malicious users to disclose potentially sensitive information and system information and manipulate certain data and by malicious people to conduct spoofing and cross-site scripting attacks.
1) Certain input passed via URL parameters to two unspecified web applications is not properly sanitised before being used to construct a XPath query for XML data. This can be exploited to manipulate XPath queries by injecting arbitrary XPath code and e.g. read or write certain system settings.
2) Certain input passed via a filename to two unspecified web applications is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences.
3) Certain input passed to two unspecified web applications is not properly sanitised before being returned to the user.
4) Certain input is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.
The weakness and the vulnerabilities are reported in version 7.0 SP3.
SOLUTION: Apply "Update 2" (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: 1-3) The vendor credits Gleb Gritsai, Alexander Zaitsev, Sergey Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, and Andrey Medov, Positive Technologies. 4) Reported by the vendor.
ORIGINAL ADVISORY: Siemens: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf
ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0074",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc sp3",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3 to update 2"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc",
"version": "7.0"
}
],
"sources": [
{
"db": "IVD",
"id": "c4b582fe-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3214"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002661"
},
{
"db": "NVD",
"id": "CVE-2012-2598"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-087"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp3:update_1:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp3:update_2:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2598"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gleb Gritsai, Alexander Zaitsev, Sergey Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, Andrey Medov and Siemens",
"sources": [
{
"db": "BID",
"id": "53837"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-087"
}
],
"trust": 0.9
},
"cve": "CVE-2012-2598",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-2598",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "c4b582fe-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-55879",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-2598",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201206-087",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c4b582fe-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-55879",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c4b582fe-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-55879"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002661"
},
{
"db": "NVD",
"id": "CVE-2012-2598"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-087"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input. WinCC flexible is a human-machine interface for use in some machine or process applications. Siemens SIMATIC WinCC Flexible does not filter out specially crafted characters when parsing URL parameters, and there is a buffer overflow vulnerability in implementation. An attacker could exploit the vulnerability to cause a denial of service. Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible. \n\nSuccessful exploitation requires the DiagAgent web server to be\nenabled (disabled by default). ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens SIMATIC WinCC Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA49341\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49341/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341\n\nRELEASE DATE:\n2012-06-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49341/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49341/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA weakness and some vulnerabilities have been reported in Siemens\nSIMATIC WinCC, which can be exploited by malicious users to disclose\npotentially sensitive information and system information and\nmanipulate certain data and by malicious people to conduct spoofing\nand cross-site scripting attacks. \n\n1) Certain input passed via URL parameters to two unspecified web\napplications is not properly sanitised before being used to construct\na XPath query for XML data. This can be exploited to manipulate XPath\nqueries by injecting arbitrary XPath code and e.g. read or write\ncertain system settings. \n\n2) Certain input passed via a filename to two unspecified web\napplications is not properly verified before being used to display\nfiles. This can be exploited to disclose the contents of arbitrary\nfiles via directory traversal sequences. \n\n3) Certain input passed to two unspecified web applications is not\nproperly sanitised before being returned to the user. \n\n4) Certain input is not properly verified before being used to\nredirect users. This can be exploited to redirect a user to an\narbitrary website e.g. when a user clicks a specially crafted link to\nthe affected script hosted on a trusted domain. \n\nThe weakness and the vulnerabilities are reported in version 7.0 SP3. \n\nSOLUTION:\nApply \"Update 2\" (please see the vendor\u0027s advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\n1-3) The vendor credits Gleb Gritsai, Alexander Zaitsev, Sergey\nScherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis\nBaranov, and Andrey Medov, Positive Technologies. \n4) Reported by the vendor. \n\nORIGINAL ADVISORY:\nSiemens:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf\n\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2598"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002661"
},
{
"db": "CNVD",
"id": "CNVD-2012-3214"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "IVD",
"id": "c4b582fe-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-55879"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-2598",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-158-01",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-223158",
"trust": 1.9
},
{
"db": "CNNVD",
"id": "CNNVD-201206-087",
"trust": 0.9
},
{
"db": "BID",
"id": "53837",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "49359",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-3214",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002661",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "19751",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "49341",
"trust": 0.3
},
{
"db": "IVD",
"id": "C4B582FE-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-55879",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113374",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113371",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c4b582fe-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3214"
},
{
"db": "VULHUB",
"id": "VHN-55879"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002661"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "NVD",
"id": "CVE-2012-2598"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-087"
}
]
},
"id": "VAR-201206-0074",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c4b582fe-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3214"
},
{
"db": "VULHUB",
"id": "VHN-55879"
}
],
"trust": 1.5935203766666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c4b582fe-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3214"
}
]
},
"last_update_date": "2023-12-18T12:38:49.331000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-223158: Multiple Vulnerabilities in WinCC 7.0 SP3",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens WinCC Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/18134"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3214"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002661"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55879"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002661"
},
{
"db": "NVD",
"id": "CVE-2012-2598"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-158-01.pdf"
},
{
"trust": 1.9,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2598"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2598"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/49359"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/53837"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19751"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/pages/default.aspx"
},
{
"trust": 0.2,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49359/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49359/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49359"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49341/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49341/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3214"
},
{
"db": "VULHUB",
"id": "VHN-55879"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002661"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "NVD",
"id": "CVE-2012-2598"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-087"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c4b582fe-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3214"
},
{
"db": "VULHUB",
"id": "VHN-55879"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002661"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "NVD",
"id": "CVE-2012-2598"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-087"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-19T00:00:00",
"db": "IVD",
"id": "c4b582fe-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3214"
},
{
"date": "2012-06-08T00:00:00",
"db": "VULHUB",
"id": "VHN-55879"
},
{
"date": "2012-06-06T00:00:00",
"db": "BID",
"id": "53837"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002661"
},
{
"date": "2012-06-08T07:05:53",
"db": "PACKETSTORM",
"id": "113374"
},
{
"date": "2012-06-08T07:05:43",
"db": "PACKETSTORM",
"id": "113371"
},
{
"date": "2012-06-08T18:55:02.317000",
"db": "NVD",
"id": "CVE-2012-2598"
},
{
"date": "2012-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-087"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3214"
},
{
"date": "2012-06-12T00:00:00",
"db": "VULHUB",
"id": "VHN-55879"
},
{
"date": "2012-06-06T00:00:00",
"db": "BID",
"id": "53837"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002661"
},
{
"date": "2012-06-12T04:00:00",
"db": "NVD",
"id": "CVE-2012-2598"
},
{
"date": "2012-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-087"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201206-087"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens WinCC Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "c4b582fe-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3214"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-087"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "c4b582fe-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-087"
}
],
"trust": 0.8
}
}
var-201306-0316
Vulnerability from variot
The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account names via crafted URL parameters. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. Siemens SIMATIC PCS is a process control system. Siemens SIMATIC WinCC And PCS 7 are prone to a username-enumeration weakness because of a design error in the application when verifying user-supplied input. Attackers may exploit this weakness to discern valid usernames. This may aid brute-force password cracking or other attacks. There is a vulnerability in the Web Navigator in Siemens WinCC 7.2 Update 1 and earlier versions used in SIMATIC PCS7 8.0 SP1 and earlier versions and other products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201306-0316",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic pcs7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "simatic pcs 7",
"scope": "lte",
"trust": 0.8,
"vendor": "siemens",
"version": "8.0 sp1"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.2 update 1"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.x"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "78.x"
},
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e694e1ea-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-07608"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002984"
},
{
"db": "NVD",
"id": "CVE-2013-3959"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-249"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:*:sp1:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3959"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexander Tlyapov from Positive Technologies",
"sources": [
{
"db": "BID",
"id": "60559"
}
],
"trust": 0.3
},
"cve": "CVE-2013-3959",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-3959",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2013-07608",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "e694e1ea-2352-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-63961",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-3959",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-07608",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201306-249",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e694e1ea-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-63961",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e694e1ea-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-07608"
},
{
"db": "VULHUB",
"id": "VHN-63961"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002984"
},
{
"db": "NVD",
"id": "CVE-2013-3959"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-249"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account names via crafted URL parameters. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. Siemens SIMATIC PCS is a process control system. Siemens SIMATIC WinCC And PCS 7 are prone to a username-enumeration weakness because of a design error in the application when verifying user-supplied input. \nAttackers may exploit this weakness to discern valid usernames. This may aid brute-force password cracking or other attacks. There is a vulnerability in the Web Navigator in Siemens WinCC 7.2 Update 1 and earlier versions used in SIMATIC PCS7 8.0 SP1 and earlier versions and other products",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3959"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002984"
},
{
"db": "CNVD",
"id": "CNVD-2013-07608"
},
{
"db": "BID",
"id": "60559"
},
{
"db": "IVD",
"id": "e694e1ea-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-63961"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3959",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-345843",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "53805",
"trust": 1.2
},
{
"db": "ICS CERT",
"id": "ICSA-13-169-02",
"trust": 1.1
},
{
"db": "BID",
"id": "60559",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201306-249",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-07608",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002984",
"trust": 0.8
},
{
"db": "IVD",
"id": "E694E1EA-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-63961",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e694e1ea-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-07608"
},
{
"db": "VULHUB",
"id": "VHN-63961"
},
{
"db": "BID",
"id": "60559"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002984"
},
{
"db": "NVD",
"id": "CVE-2013-3959"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-249"
}
]
},
"id": "VAR-201306-0316",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e694e1ea-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-07608"
},
{
"db": "VULHUB",
"id": "VHN-63961"
}
],
"trust": 1.49052891
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e694e1ea-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-07608"
}
]
},
"last_update_date": "2023-12-18T13:09:31.178000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-345843: Vulnerabilites in WinCC 7.2",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf"
},
{
"title": "Siemens SIMATIC WinCC/PCS 7 User Name Enumeration Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/34668"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07608"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002984"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63961"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002984"
},
{
"db": "NVD",
"id": "CVE-2013-3959"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-13-169-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3959"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3959"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/53805/"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/53805"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/scada/simatic-wincc/pages/default.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07608"
},
{
"db": "VULHUB",
"id": "VHN-63961"
},
{
"db": "BID",
"id": "60559"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002984"
},
{
"db": "NVD",
"id": "CVE-2013-3959"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-249"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e694e1ea-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-07608"
},
{
"db": "VULHUB",
"id": "VHN-63961"
},
{
"db": "BID",
"id": "60559"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002984"
},
{
"db": "NVD",
"id": "CVE-2013-3959"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-249"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-19T00:00:00",
"db": "IVD",
"id": "e694e1ea-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-07608"
},
{
"date": "2013-06-14T00:00:00",
"db": "VULHUB",
"id": "VHN-63961"
},
{
"date": "2013-06-14T00:00:00",
"db": "BID",
"id": "60559"
},
{
"date": "2013-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002984"
},
{
"date": "2013-06-14T19:55:01.270000",
"db": "NVD",
"id": "CVE-2013-3959"
},
{
"date": "2013-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-249"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-07608"
},
{
"date": "2013-06-17T00:00:00",
"db": "VULHUB",
"id": "VHN-63961"
},
{
"date": "2015-03-19T09:11:00",
"db": "BID",
"id": "60559"
},
{
"date": "2013-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002984"
},
{
"date": "2013-06-17T04:00:00",
"db": "NVD",
"id": "CVE-2013-3959"
},
{
"date": "2013-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-249"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-249"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC/PCS 7 User Name Enumeration Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e694e1ea-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-07608"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-249"
}
],
"trust": 0.6
}
}
var-201504-0234
Vulnerability from variot
Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A port that can cause a denial of service attack. Multiple Siemens SIMATIC products are prone to a denial-of-service vulnerability. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. Siemens SIMATIC HMI Comfort Panels and SIMATIC WinCC Runtime Advanced are HMI software for controlling and monitoring machines and equipment from Siemens, Germany
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0234",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "13.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "*"
},
{
"model": "simatic hmi comfort panels",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "runtime advanced 13 sp1 upd2"
},
{
"model": "simatic hmi comfort panels before wincc sp1 upd2",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc runtime advanced sp1 upd2",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "13"
},
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "13.0"
}
],
"sources": [
{
"db": "IVD",
"id": "984ee090-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "cda955ed-285a-41f6-a455-3a71c5e4729a"
},
{
"db": "CNVD",
"id": "CNVD-2015-02292"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002125"
},
{
"db": "NVD",
"id": "CVE-2015-2822"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-096"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:sp1:*:*:advanced:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:sp1:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2822"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quarkslab team and Ilya Karpov from Positive Technologies.",
"sources": [
{
"db": "BID",
"id": "74028"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2822",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-2822",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-02292",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "984ee090-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "cda955ed-285a-41f6-a455-3a71c5e4729a",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-80783",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2822",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-02292",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-096",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "984ee090-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "cda955ed-285a-41f6-a455-3a71c5e4729a",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-80783",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "984ee090-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "cda955ed-285a-41f6-a455-3a71c5e4729a"
},
{
"db": "CNVD",
"id": "CNVD-2015-02292"
},
{
"db": "VULHUB",
"id": "VHN-80783"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002125"
},
{
"db": "NVD",
"id": "CVE-2015-2822"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-096"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A port that can cause a denial of service attack. Multiple Siemens SIMATIC products are prone to a denial-of-service vulnerability. \nRemote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. Siemens SIMATIC HMI Comfort Panels and SIMATIC WinCC Runtime Advanced are HMI software for controlling and monitoring machines and equipment from Siemens, Germany",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2822"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002125"
},
{
"db": "CNVD",
"id": "CNVD-2015-02292"
},
{
"db": "BID",
"id": "74028"
},
{
"db": "IVD",
"id": "984ee090-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "cda955ed-285a-41f6-a455-3a71c5e4729a"
},
{
"db": "VULHUB",
"id": "VHN-80783"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2822",
"trust": 3.8
},
{
"db": "BID",
"id": "74028",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-487246",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201504-096",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2015-02292",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSA-15-099-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002125",
"trust": 0.8
},
{
"db": "IVD",
"id": "984EE090-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "CDA955ED-285A-41F6-A455-3A71C5E4729A",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-80783",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "984ee090-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "cda955ed-285a-41f6-a455-3a71c5e4729a"
},
{
"db": "CNVD",
"id": "CNVD-2015-02292"
},
{
"db": "VULHUB",
"id": "VHN-80783"
},
{
"db": "BID",
"id": "74028"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002125"
},
{
"db": "NVD",
"id": "CVE-2015-2822"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-096"
}
]
},
"id": "VAR-201504-0234",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "984ee090-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "cda955ed-285a-41f6-a455-3a71c5e4729a"
},
{
"db": "CNVD",
"id": "CNVD-2015-02292"
},
{
"db": "VULHUB",
"id": "VHN-80783"
}
],
"trust": 1.662152946
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "984ee090-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "cda955ed-285a-41f6-a455-3a71c5e4729a"
},
{
"db": "CNVD",
"id": "CNVD-2015-02292"
}
]
},
"last_update_date": "2023-12-18T12:07:29.321000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-487246",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf"
},
{
"title": "Patch for Siemens SIMATIC and SIMATIC WinCC HMI Comfort Panels denial of service vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/57131"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02292"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002125"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80783"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002125"
},
{
"db": "NVD",
"id": "CVE-2015-2822"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2822"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/74028"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2822"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-099-01"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02292"
},
{
"db": "VULHUB",
"id": "VHN-80783"
},
{
"db": "BID",
"id": "74028"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002125"
},
{
"db": "NVD",
"id": "CVE-2015-2822"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-096"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "984ee090-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "cda955ed-285a-41f6-a455-3a71c5e4729a"
},
{
"db": "CNVD",
"id": "CNVD-2015-02292"
},
{
"db": "VULHUB",
"id": "VHN-80783"
},
{
"db": "BID",
"id": "74028"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002125"
},
{
"db": "NVD",
"id": "CVE-2015-2822"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-096"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-10T00:00:00",
"db": "IVD",
"id": "984ee090-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-04-10T00:00:00",
"db": "IVD",
"id": "cda955ed-285a-41f6-a455-3a71c5e4729a"
},
{
"date": "2015-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02292"
},
{
"date": "2015-04-08T00:00:00",
"db": "VULHUB",
"id": "VHN-80783"
},
{
"date": "2015-04-09T00:00:00",
"db": "BID",
"id": "74028"
},
{
"date": "2015-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002125"
},
{
"date": "2015-04-08T16:59:00.067000",
"db": "NVD",
"id": "CVE-2015-2822"
},
{
"date": "2015-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-096"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02292"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-80783"
},
{
"date": "2015-10-26T16:22:00",
"db": "BID",
"id": "74028"
},
{
"date": "2015-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002125"
},
{
"date": "2016-11-28T19:21:57.340000",
"db": "NVD",
"id": "CVE-2015-2822"
},
{
"date": "2015-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-096"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-096"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC HMI Comfort Panels and SIMATIC WinCC Runtime Advanced Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002125"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "984ee090-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "cda955ed-285a-41f6-a455-3a71c5e4729a"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-096"
}
],
"trust": 1.0
}
}
var-201407-0603
Vulnerability from variot
The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A remote privilege elevation vulnerability exists in Siemens SIMATIC WinCC And PCS7 that can be exploited by remote attackers to gain elevated privileges on affected devices. Siemens SIMATIC WinCC and PCS7 are prone to a remote privilege-escalation vulnerability. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions. There is a security hole in the WebNavigator server used by Siemens SIMATIC WinCC versions prior to 7.3 for PCS7 and other products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0603",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 2.4,
"vendor": "wincc",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 2.4,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 1.4,
"vendor": "siemens",
"version": "7.3"
},
{
"model": null,
"scope": "eq",
"trust": 1.2,
"vendor": "wincc",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 1.2,
"vendor": "wincc",
"version": "7.1"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic pcs7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic pcs 7",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc",
"version": "*"
},
{
"model": "pcs7",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "8.1"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "6.2"
}
],
"sources": [
{
"db": "IVD",
"id": "e2d78202-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c0a709a9-648b-4fbc-869e-37cd7064012b"
},
{
"db": "IVD",
"id": "7d71e153-463f-11e9-be10-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04644"
},
{
"db": "BID",
"id": "68879"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003566"
},
{
"db": "NVD",
"id": "CVE-2014-4683"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-603"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:*:sp1:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4683"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergey Gordeychik, Alexander Tlyapov, Dmitry Nagibin, and Gleb Gritsai from Positive Technologies.",
"sources": [
{
"db": "BID",
"id": "68879"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4683",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-4683",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2014-04644",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "e2d78202-2351-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "c0a709a9-648b-4fbc-869e-37cd7064012b",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "7d71e153-463f-11e9-be10-000c29342cb1",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-72624",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-4683",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-04644",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-603",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2d78202-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c0a709a9-648b-4fbc-869e-37cd7064012b",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d71e153-463f-11e9-be10-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-72624",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2d78202-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c0a709a9-648b-4fbc-869e-37cd7064012b"
},
{
"db": "IVD",
"id": "7d71e153-463f-11e9-be10-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04644"
},
{
"db": "VULHUB",
"id": "VHN-72624"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003566"
},
{
"db": "NVD",
"id": "CVE-2014-4683"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-603"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A remote privilege elevation vulnerability exists in Siemens SIMATIC WinCC And PCS7 that can be exploited by remote attackers to gain elevated privileges on affected devices. Siemens SIMATIC WinCC and PCS7 are prone to a remote privilege-escalation vulnerability. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions. There is a security hole in the WebNavigator server used by Siemens SIMATIC WinCC versions prior to 7.3 for PCS7 and other products",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4683"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003566"
},
{
"db": "CNVD",
"id": "CNVD-2014-04644"
},
{
"db": "BID",
"id": "68879"
},
{
"db": "IVD",
"id": "e2d78202-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c0a709a9-648b-4fbc-869e-37cd7064012b"
},
{
"db": "IVD",
"id": "7d71e153-463f-11e9-be10-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-72624"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4683",
"trust": 4.1
},
{
"db": "SIEMENS",
"id": "SSA-214365",
"trust": 2.3
},
{
"db": "CNNVD",
"id": "CNNVD-201407-603",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2014-04644",
"trust": 1.2
},
{
"db": "BID",
"id": "68879",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSA-14-205-02",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003566",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "60392",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "60388",
"trust": 0.6
},
{
"db": "IVD",
"id": "E2D78202-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "C0A709A9-648B-4FBC-869E-37CD7064012B",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D71E153-463F-11E9-BE10-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-72624",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127660",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2d78202-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c0a709a9-648b-4fbc-869e-37cd7064012b"
},
{
"db": "IVD",
"id": "7d71e153-463f-11e9-be10-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04644"
},
{
"db": "VULHUB",
"id": "VHN-72624"
},
{
"db": "BID",
"id": "68879"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003566"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "NVD",
"id": "CVE-2014-4683"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-603"
}
]
},
"id": "VAR-201407-0603",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2d78202-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c0a709a9-648b-4fbc-869e-37cd7064012b"
},
{
"db": "IVD",
"id": "7d71e153-463f-11e9-be10-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04644"
},
{
"db": "VULHUB",
"id": "VHN-72624"
}
],
"trust": 1.9928966825
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2d78202-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c0a709a9-648b-4fbc-869e-37cd7064012b"
},
{
"db": "IVD",
"id": "7d71e153-463f-11e9-be10-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04644"
}
]
},
"last_update_date": "2023-12-18T12:30:37.614000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-214365",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
},
{
"title": "Patch for Siemens SIMATIC Multiple Products Remote Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/47899"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04644"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003566"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72624"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003566"
},
{
"db": "NVD",
"id": "CVE-2014-4683"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4683"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4683"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-205-02"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/68879/info"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/60388"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/60392"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.3,
"url": "http://aunz.siemens.com/newscentre/productreleases/pages/iac_pr_simaticwinccv62.aspx"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4684"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4683"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4686"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4682"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04644"
},
{
"db": "VULHUB",
"id": "VHN-72624"
},
{
"db": "BID",
"id": "68879"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003566"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "NVD",
"id": "CVE-2014-4683"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-603"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2d78202-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c0a709a9-648b-4fbc-869e-37cd7064012b"
},
{
"db": "IVD",
"id": "7d71e153-463f-11e9-be10-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04644"
},
{
"db": "VULHUB",
"id": "VHN-72624"
},
{
"db": "BID",
"id": "68879"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003566"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "NVD",
"id": "CVE-2014-4683"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-603"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-28T00:00:00",
"db": "IVD",
"id": "e2d78202-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-07-28T00:00:00",
"db": "IVD",
"id": "c0a709a9-648b-4fbc-869e-37cd7064012b"
},
{
"date": "2014-07-28T00:00:00",
"db": "IVD",
"id": "7d71e153-463f-11e9-be10-000c29342cb1"
},
{
"date": "2014-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04644"
},
{
"date": "2014-07-24T00:00:00",
"db": "VULHUB",
"id": "VHN-72624"
},
{
"date": "2014-07-23T00:00:00",
"db": "BID",
"id": "68879"
},
{
"date": "2014-07-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003566"
},
{
"date": "2014-07-29T22:37:22",
"db": "PACKETSTORM",
"id": "127660"
},
{
"date": "2014-07-24T14:55:08.050000",
"db": "NVD",
"id": "CVE-2014-4683"
},
{
"date": "2014-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-603"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04644"
},
{
"date": "2014-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-72624"
},
{
"date": "2015-03-19T09:40:00",
"db": "BID",
"id": "68879"
},
{
"date": "2014-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003566"
},
{
"date": "2014-07-25T14:37:19.350000",
"db": "NVD",
"id": "CVE-2014-4683"
},
{
"date": "2014-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-603"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-603"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC PCS 7 Used in products such as SIMATIC WinCC of WebNavigator Vulnerability that can be obtained privilege in the server",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003566"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Permission permission and access control",
"sources": [
{
"db": "IVD",
"id": "e2d78202-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c0a709a9-648b-4fbc-869e-37cd7064012b"
},
{
"db": "IVD",
"id": "7d71e153-463f-11e9-be10-000c29342cb1"
}
],
"trust": 0.6
}
}
var-201306-0315
Vulnerability from variot
The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. Siemens SIMATIC PCS is a process control system. An attacker can exploit the vulnerability to gain access. The vulnerability is due to the fact that the program has hard-coded accounts
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201306-0315",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic pcs7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "simatic pcs 7",
"scope": "lte",
"trust": 0.8,
"vendor": "siemens",
"version": "8.0 sp1"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.2 update 1"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.x"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "78.x"
},
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e69a1ca0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-07606"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002983"
},
{
"db": "NVD",
"id": "CVE-2013-3958"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-248"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:*:sp1:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3958"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexander Tlyapov from Positive Technologies",
"sources": [
{
"db": "BID",
"id": "60561"
}
],
"trust": 0.3
},
"cve": "CVE-2013-3958",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-3958",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-07606",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e69a1ca0-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-63960",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-3958",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-07606",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201306-248",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e69a1ca0-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-63960",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e69a1ca0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-07606"
},
{
"db": "VULHUB",
"id": "VHN-63960"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002983"
},
{
"db": "NVD",
"id": "CVE-2013-3958"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-248"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. Siemens SIMATIC PCS is a process control system. An attacker can exploit the vulnerability to gain access. The vulnerability is due to the fact that the program has hard-coded accounts",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3958"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002983"
},
{
"db": "CNVD",
"id": "CNVD-2013-07606"
},
{
"db": "BID",
"id": "60561"
},
{
"db": "IVD",
"id": "e69a1ca0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-63960"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3958",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-345843",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "53805",
"trust": 1.2
},
{
"db": "BID",
"id": "60561",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201306-248",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-07606",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-13-169-02",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002983",
"trust": 0.8
},
{
"db": "IVD",
"id": "E69A1CA0-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-63960",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e69a1ca0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-07606"
},
{
"db": "VULHUB",
"id": "VHN-63960"
},
{
"db": "BID",
"id": "60561"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002983"
},
{
"db": "NVD",
"id": "CVE-2013-3958"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-248"
}
]
},
"id": "VAR-201306-0315",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e69a1ca0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-07606"
},
{
"db": "VULHUB",
"id": "VHN-63960"
}
],
"trust": 1.49052891
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e69a1ca0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-07606"
}
]
},
"last_update_date": "2023-12-18T13:09:31.141000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-345843: Vulnerabilites in WinCC 7.2",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf"
},
{
"title": "\\302\\240Siemens SIMATIC WinCC/PCS 7 Hardcoded Credential Security Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/34666"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07606"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002983"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63960"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002983"
},
{
"db": "NVD",
"id": "CVE-2013-3958"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3958"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-13-169-02"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3958"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/53805/"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/53805"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.3,
"url": "http://aunz.siemens.com/newscentre/productreleases/pages/iac_pr_simaticwinccv62.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-07606"
},
{
"db": "VULHUB",
"id": "VHN-63960"
},
{
"db": "BID",
"id": "60561"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002983"
},
{
"db": "NVD",
"id": "CVE-2013-3958"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-248"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e69a1ca0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-07606"
},
{
"db": "VULHUB",
"id": "VHN-63960"
},
{
"db": "BID",
"id": "60561"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002983"
},
{
"db": "NVD",
"id": "CVE-2013-3958"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-248"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-19T00:00:00",
"db": "IVD",
"id": "e69a1ca0-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-07606"
},
{
"date": "2013-06-14T00:00:00",
"db": "VULHUB",
"id": "VHN-63960"
},
{
"date": "2013-06-14T00:00:00",
"db": "BID",
"id": "60561"
},
{
"date": "2013-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002983"
},
{
"date": "2013-06-14T19:55:01.250000",
"db": "NVD",
"id": "CVE-2013-3958"
},
{
"date": "2013-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-248"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-07606"
},
{
"date": "2013-06-17T00:00:00",
"db": "VULHUB",
"id": "VHN-63960"
},
{
"date": "2013-06-19T07:17:00",
"db": "BID",
"id": "60561"
},
{
"date": "2013-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002983"
},
{
"date": "2013-06-17T04:00:00",
"db": "NVD",
"id": "CVE-2013-3958"
},
{
"date": "2013-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-248"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-248"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC/PCS 7 Hardcoded Credential Security Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e69a1ca0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-07606"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trust management",
"sources": [
{
"db": "IVD",
"id": "e69a1ca0-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-248"
}
],
"trust": 0.8
}
}
var-201202-0162
Vulnerability from variot
Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings. Miniweb has a security vulnerability that allows an attacker to submit a specially crafted HTTP POST request to allow the server to access any illegal memory area while checking the extension of the requested file. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. HmiLoad has multiple security vulnerabilities that allow an attacker to stop a service or crash a service in multiple ways. Siemens SIMATIC is an automation software in a single engineering environment. A security vulnerability exists in the Siemens SIMATIC WinCC HMI web server. When the transfer mode is enabled, the runtime loader listens on the 2308/TCP or 50523/TCP port. Without the correct data segment length and Unicode string, a stack overflow can be triggered, causing arbitrary code execution. A directory traversal vulnerability exists in the HmiLoad server that allows reading, writing, and deleting arbitrary files outside of the specified directory. Attackers can exploit these issues to execute arbitrary code in the context of the affected application, read/write or delete arbitrary files outside of the server root directory, or cause denial-of-service conditions; other attacks may also be possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0162",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic wincc flexible runtime",
"scope": null,
"trust": 3.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc flexible sp2",
"scope": "eq",
"trust": 3.3,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "mp"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "op"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "tp"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2007"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2005"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2004"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "2008"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "2007"
},
{
"model": "wincc runtime advanced",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "comfort_panels"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "mobile_panels"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.4,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic wincc flexible runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic wincc flexible sp2",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2008*"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2005"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2004"
},
{
"model": "wincc flexible runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "comfort panels"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "mobile panels"
},
{
"model": "simatic wincc flexible rumtime",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic wincc runtime advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi panels",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "wincc flexible runtime",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc flexible runtime",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc flexible sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2005"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2004"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2005"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2007"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2008"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "v11"
},
{
"model": "comfort panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mobile panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "op",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "tp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc runtime advanced",
"version": "v11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible runtime",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "61050c40-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5e37bfa8-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9fe8f34a-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28c3f672-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9c31ed38-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9ef7b7be-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2012-0465"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"db": "BID",
"id": "50828"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001317"
},
{
"db": "NVD",
"id": "CVE-2011-4875"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-090"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4875"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "50828"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-480"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4875",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-4875",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "61050c40-1f7d-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "5e37bfa8-1f7d-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "9fe8f34a-1f7d-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "28c3f672-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "9c31ed38-1f7d-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "9ef7b7be-1f7d-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-52820",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4875",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-090",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "61050c40-1f7d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "5e37bfa8-1f7d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "9fe8f34a-1f7d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "28c3f672-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "9c31ed38-1f7d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "9ef7b7be-1f7d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-52820",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "61050c40-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5e37bfa8-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9fe8f34a-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28c3f672-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9c31ed38-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9ef7b7be-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52820"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001317"
},
{
"db": "NVD",
"id": "CVE-2011-4875"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-090"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings. Miniweb has a security vulnerability that allows an attacker to submit a specially crafted HTTP POST request to allow the server to access any illegal memory area while checking the extension of the requested file. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. HmiLoad has multiple security vulnerabilities that allow an attacker to stop a service or crash a service in multiple ways. Siemens SIMATIC is an automation software in a single engineering environment. A security vulnerability exists in the Siemens SIMATIC WinCC HMI web server. When the transfer mode is enabled, the runtime loader listens on the 2308/TCP or 50523/TCP port. Without the correct data segment length and Unicode string, a stack overflow can be triggered, causing arbitrary code execution. A directory traversal vulnerability exists in the HmiLoad server that allows reading, writing, and deleting arbitrary files outside of the specified directory. \nAttackers can exploit these issues to execute arbitrary code in the context of the affected application, read/write or delete arbitrary files outside of the server root directory, or cause denial-of-service conditions; other attacks may also be possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4875"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001317"
},
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2012-0465"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"db": "BID",
"id": "50828"
},
{
"db": "IVD",
"id": "61050c40-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5e37bfa8-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9fe8f34a-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28c3f672-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9c31ed38-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9ef7b7be-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52820"
}
],
"trust": 6.3
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-52820",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52820"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4875",
"trust": 4.6
},
{
"db": "BID",
"id": "50828",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01",
"trust": 3.4
},
{
"db": "CNNVD",
"id": "CNNVD-201202-090",
"trust": 1.9
},
{
"db": "SIEMENS",
"id": "SSA-345442",
"trust": 1.7
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-332-02A",
"trust": 1.1
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-332-02",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "18166",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "77380",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2011-5103",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-5105",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-5107",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2012-0465",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-5110",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-5108",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001317",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201111-480",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01A",
"trust": 0.3
},
{
"db": "IVD",
"id": "61050C40-1F7D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "5E37BFA8-1F7D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "9FE8F34A-1F7D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "28C3F672-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "9C31ED38-1F7D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "9EF7B7BE-1F7D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-72366",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-52820",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "61050c40-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5e37bfa8-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9fe8f34a-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28c3f672-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9c31ed38-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9ef7b7be-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2012-0465"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"db": "VULHUB",
"id": "VHN-52820"
},
{
"db": "BID",
"id": "50828"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001317"
},
{
"db": "NVD",
"id": "CVE-2011-4875"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-480"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-090"
}
]
},
"id": "VAR-201202-0162",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "61050c40-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5e37bfa8-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9fe8f34a-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28c3f672-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9c31ed38-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9ef7b7be-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2012-0465"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"db": "VULHUB",
"id": "VHN-52820"
}
],
"trust": 5.553665231428572
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 4.8
}
],
"sources": [
{
"db": "IVD",
"id": "61050c40-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5e37bfa8-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9fe8f34a-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28c3f672-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9c31ed38-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9ef7b7be-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2012-0465"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
}
]
},
"last_update_date": "2023-12-18T12:22:07.666000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-345442",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"title": "\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens SIMATIC WinCC Flexible Runtime \u0027HmiLoad.exe\u0027 file download vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/72694"
},
{
"title": "Siemens SIMATIC WinCC Flexible Runtime \u0027HmiLoad.exe\u0027 memory access vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/72697"
},
{
"title": "Siemens SIMATIC WinCC Flexible Runtime \u0027HmiLoad.exe\u0027 Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/72705"
},
{
"title": "Siemens SIMATIC WinCC Flexible Runtime \u0027HmiLoad.exe\u0027 service crash vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/72689"
},
{
"title": "Patch for Siemens SIMATIC WinCC HMI String Stack Overflow Vulnerability (CNVD-2012-0465)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/9071"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2012-0465"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001317"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52820"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001317"
},
{
"db": "NVD",
"id": "CVE-2011-4875"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.9,
"url": "http://aluigi.altervista.org/adv/winccflex_1-adv.txt"
},
{
"trust": 3.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01.pdf"
},
{
"trust": 1.7,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"trust": 1.1,
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"trust": 1.1,
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-332-02.pdf"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-332-02a.pdf"
},
{
"trust": 1.1,
"url": "http://www.osvdb.org/77380"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71449"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4875"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4875"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/50828"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/pages/default.aspx"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01a.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2012-0465"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"db": "VULHUB",
"id": "VHN-52820"
},
{
"db": "BID",
"id": "50828"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001317"
},
{
"db": "NVD",
"id": "CVE-2011-4875"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-480"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-090"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "61050c40-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5e37bfa8-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9fe8f34a-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28c3f672-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9c31ed38-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9ef7b7be-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2012-0465"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"db": "VULHUB",
"id": "VHN-52820"
},
{
"db": "BID",
"id": "50828"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001317"
},
{
"db": "NVD",
"id": "CVE-2011-4875"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-480"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-090"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-05T00:00:00",
"db": "IVD",
"id": "61050c40-1f7d-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-05T00:00:00",
"db": "IVD",
"id": "5e37bfa8-1f7d-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-05T00:00:00",
"db": "IVD",
"id": "9fe8f34a-1f7d-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-07T00:00:00",
"db": "IVD",
"id": "28c3f672-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-05T00:00:00",
"db": "IVD",
"id": "9c31ed38-1f7d-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-05T00:00:00",
"db": "IVD",
"id": "9ef7b7be-1f7d-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0465"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"date": "2012-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-52820"
},
{
"date": "2011-11-28T00:00:00",
"db": "BID",
"id": "50828"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001317"
},
{
"date": "2012-02-03T20:55:01.907000",
"db": "NVD",
"id": "CVE-2011-4875"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-480"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-090"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"date": "2016-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"date": "2016-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"date": "2016-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0465"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-52820"
},
{
"date": "2012-04-18T21:20:00",
"db": "BID",
"id": "50828"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001317"
},
{
"date": "2017-08-29T01:30:37.130000",
"db": "NVD",
"id": "CVE-2011-4875"
},
{
"date": "2011-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-480"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-090"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-480"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-090"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC Flexible Runtime \u0027HmiLoad.exe\u0027 Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "61050c40-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "61050c40-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5e37bfa8-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9fe8f34a-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28c3f672-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9c31ed38-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9ef7b7be-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-090"
}
],
"trust": 1.8
}
}
var-202407-0957
Vulnerability from variot
WinCC is a SCADA system suitable for all walks of life. It can access devices from mobile terminals, extract intelligent data, analyze data and make reports.
Siemens (China) Co., Ltd. WinCC has a denial of service vulnerability, which can be exploited by attackers to cause denial of service.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202407-0957",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v7.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-25229"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CNVD-2024-25229",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2024-25229",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-25229"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WinCC is a SCADA system suitable for all walks of life. It can access devices from mobile terminals, extract intelligent data, analyze data and make reports.\n\nSiemens (China) Co., Ltd. WinCC has a denial of service vulnerability, which can be exploited by attackers to cause denial of service.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-25229"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-25229",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-25229"
}
]
},
"id": "VAR-202407-0957",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-25229"
}
],
"trust": 1.1531915
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-25229"
}
]
},
"last_update_date": "2024-07-23T22:45:59.391000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens (China) Co., Ltd. WinCC has a denial of service vulnerability (CNVD-C-2024-309044)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/554936"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-25229"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-25229"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-25229"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-06-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-25229"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens (China) Co., Ltd. WinCC has a denial of service vulnerability (CNVD-C-2024-309044)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-25229"
}
],
"trust": 0.6
}
}
var-201308-0266
Vulnerability from variot
Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging improper configuration of SIMATIC HMI panels by the WinCC product. Based on the Windows platform, Siemens SIMATIC WinCC provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to multi-user systems supporting redundant servers and remote web client solutions. Siemens SIMATIC WinCC TIA Portal is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. Siemens SIMATIC WinCC TIA Portal prior to 12SP1 are vulnerable. The software enables fast and intuitive development and commissioning of automation systems. A remote attacker can exploit this vulnerability to hijack user authentication through incorrectly configured SIMATIC HMI panels of WinCC products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201308-0266",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "11.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "12.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "11"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "12 sp1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc",
"version": "11.0"
},
{
"model": "simatic wincc tia portal",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "12.x"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "12.0"
}
],
"sources": [
{
"db": "IVD",
"id": "ce456e70-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-11280"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003626"
},
{
"db": "NVD",
"id": "CVE-2013-4911"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-681"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:11.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:11.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4911"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Timur Yunusov and Sergey Bobrov from Positive Technologies",
"sources": [
{
"db": "BID",
"id": "61536"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-681"
}
],
"trust": 0.9
},
"cve": "CVE-2013-4911",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-4911",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-11280",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "ce456e70-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-64913",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-4911",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-11280",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201307-681",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "ce456e70-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-64913",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ce456e70-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-11280"
},
{
"db": "VULHUB",
"id": "VHN-64913"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003626"
},
{
"db": "NVD",
"id": "CVE-2013-4911"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-681"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging improper configuration of SIMATIC HMI panels by the WinCC product. Based on the Windows platform, Siemens SIMATIC WinCC provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to multi-user systems supporting redundant servers and remote web client solutions. Siemens SIMATIC WinCC TIA Portal is prone to a cross-site request-forgery vulnerability. \nExploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. \nSiemens SIMATIC WinCC TIA Portal prior to 12SP1 are vulnerable. The software enables fast and intuitive development and commissioning of automation systems. A remote attacker can exploit this vulnerability to hijack user authentication through incorrectly configured SIMATIC HMI panels of WinCC products",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4911"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003626"
},
{
"db": "CNVD",
"id": "CNVD-2013-11280"
},
{
"db": "BID",
"id": "61536"
},
{
"db": "IVD",
"id": "ce456e70-2352-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-64913"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-4911",
"trust": 3.7
},
{
"db": "BID",
"id": "61536",
"trust": 2.6
},
{
"db": "SIEMENS",
"id": "SSA-064884",
"trust": 2.3
},
{
"db": "ICS CERT",
"id": "ICSA-13-213-02",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "54051",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "54252",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201307-681",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-11280",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003626",
"trust": 0.8
},
{
"db": "IVD",
"id": "CE456E70-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "122647",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-64913",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ce456e70-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-11280"
},
{
"db": "VULHUB",
"id": "VHN-64913"
},
{
"db": "BID",
"id": "61536"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003626"
},
{
"db": "PACKETSTORM",
"id": "122647"
},
{
"db": "NVD",
"id": "CVE-2013-4911"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-681"
}
]
},
"id": "VAR-201308-0266",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ce456e70-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-11280"
},
{
"db": "VULHUB",
"id": "VHN-64913"
}
],
"trust": 1.4840432433333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ce456e70-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-11280"
}
]
},
"last_update_date": "2023-12-18T12:38:31.321000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-064884",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf"
},
{
"title": "Patch for Siemens SIMATIC WinCC TIA Portal cross-site request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/37986"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11280"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003626"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64913"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003626"
},
{
"db": "NVD",
"id": "CVE-2013-4911"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf"
},
{
"trust": 1.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-13-213-02"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/61536"
},
{
"trust": 1.1,
"url": "http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/54051"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/54252"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86099"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4911"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4911"
},
{
"trust": 0.6,
"url": "http://www.secunia.com/advisories/54051/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4911"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4912"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-11280"
},
{
"db": "VULHUB",
"id": "VHN-64913"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003626"
},
{
"db": "PACKETSTORM",
"id": "122647"
},
{
"db": "NVD",
"id": "CVE-2013-4911"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-681"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ce456e70-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-11280"
},
{
"db": "VULHUB",
"id": "VHN-64913"
},
{
"db": "BID",
"id": "61536"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003626"
},
{
"db": "PACKETSTORM",
"id": "122647"
},
{
"db": "NVD",
"id": "CVE-2013-4911"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-681"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-05T00:00:00",
"db": "IVD",
"id": "ce456e70-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2013-08-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-11280"
},
{
"date": "2013-08-01T00:00:00",
"db": "VULHUB",
"id": "VHN-64913"
},
{
"date": "2013-07-31T00:00:00",
"db": "BID",
"id": "61536"
},
{
"date": "2013-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003626"
},
{
"date": "2013-08-02T03:07:16",
"db": "PACKETSTORM",
"id": "122647"
},
{
"date": "2013-08-01T13:32:26.113000",
"db": "NVD",
"id": "CVE-2013-4911"
},
{
"date": "2013-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-681"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-11280"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-64913"
},
{
"date": "2013-08-01T17:55:00",
"db": "BID",
"id": "61536"
},
{
"date": "2013-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003626"
},
{
"date": "2017-08-29T01:33:41.200000",
"db": "NVD",
"id": "CVE-2013-4911"
},
{
"date": "2013-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-681"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201307-681"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC TIA Portal Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "IVD",
"id": "ce456e70-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-11280"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-681"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201307-681"
}
],
"trust": 0.6
}
}
var-201206-0071
Vulnerability from variot
Multiple cross-site scripting (XSS) vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors involving special characters in parameters. WinCC flexible is a human-machine interface for use in some machine or process applications. Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible.
The vulnerability is caused due to an input sanitisation error within the DiagAgent web server and can be exploited to cause a buffer overflow and crash the DiagAgent.
Successful exploitation requires the DiagAgent web server to be enabled (disabled by default). ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA49341
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49341/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
RELEASE DATE: 2012-06-07
DISCUSS ADVISORY: http://secunia.com/advisories/49341/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49341/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A weakness and some vulnerabilities have been reported in Siemens SIMATIC WinCC, which can be exploited by malicious users to disclose potentially sensitive information and system information and manipulate certain data and by malicious people to conduct spoofing and cross-site scripting attacks.
1) Certain input passed via URL parameters to two unspecified web applications is not properly sanitised before being used to construct a XPath query for XML data. This can be exploited to manipulate XPath queries by injecting arbitrary XPath code and e.g. read or write certain system settings.
2) Certain input passed via a filename to two unspecified web applications is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences.
3) Certain input passed to two unspecified web applications is not properly sanitised before being returned to the user.
4) Certain input is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.
The weakness and the vulnerabilities are reported in version 7.0 SP3.
SOLUTION: Apply "Update 2" (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: 1-3) The vendor credits Gleb Gritsai, Alexander Zaitsev, Sergey Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, and Andrey Medov, Positive Technologies. 4) Reported by the vendor.
ORIGINAL ADVISORY: Siemens: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf
ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0071",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc sp3",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "update 2"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.0"
}
],
"sources": [
{
"db": "IVD",
"id": "c4cebbde-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3211"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002658"
},
{
"db": "NVD",
"id": "CVE-2012-2595"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-084"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp3:update_1:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2595"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gleb Gritsai, Alexander Zaitsev, Sergey Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, Andrey Medov and Siemens",
"sources": [
{
"db": "BID",
"id": "53837"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-084"
}
],
"trust": 0.9
},
"cve": "CVE-2012-2595",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-2595",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "c4cebbde-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-55876",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-2595",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201206-084",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c4cebbde-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-55876",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c4cebbde-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-55876"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002658"
},
{
"db": "NVD",
"id": "CVE-2012-2595"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-084"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors involving special characters in parameters. WinCC flexible is a human-machine interface for use in some machine or process applications. Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible. \n\nThe vulnerability is caused due to an input sanitisation error within\nthe DiagAgent web server and can be exploited to cause a buffer\noverflow and crash the DiagAgent. \n\nSuccessful exploitation requires the DiagAgent web server to be\nenabled (disabled by default). ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens SIMATIC WinCC Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA49341\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49341/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341\n\nRELEASE DATE:\n2012-06-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49341/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49341/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA weakness and some vulnerabilities have been reported in Siemens\nSIMATIC WinCC, which can be exploited by malicious users to disclose\npotentially sensitive information and system information and\nmanipulate certain data and by malicious people to conduct spoofing\nand cross-site scripting attacks. \n\n1) Certain input passed via URL parameters to two unspecified web\napplications is not properly sanitised before being used to construct\na XPath query for XML data. This can be exploited to manipulate XPath\nqueries by injecting arbitrary XPath code and e.g. read or write\ncertain system settings. \n\n2) Certain input passed via a filename to two unspecified web\napplications is not properly verified before being used to display\nfiles. This can be exploited to disclose the contents of arbitrary\nfiles via directory traversal sequences. \n\n3) Certain input passed to two unspecified web applications is not\nproperly sanitised before being returned to the user. \n\n4) Certain input is not properly verified before being used to\nredirect users. This can be exploited to redirect a user to an\narbitrary website e.g. when a user clicks a specially crafted link to\nthe affected script hosted on a trusted domain. \n\nThe weakness and the vulnerabilities are reported in version 7.0 SP3. \n\nSOLUTION:\nApply \"Update 2\" (please see the vendor\u0027s advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\n1-3) The vendor credits Gleb Gritsai, Alexander Zaitsev, Sergey\nScherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis\nBaranov, and Andrey Medov, Positive Technologies. \n4) Reported by the vendor. \n\nORIGINAL ADVISORY:\nSiemens:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf\n\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2595"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002658"
},
{
"db": "CNVD",
"id": "CNVD-2012-3211"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "IVD",
"id": "c4cebbde-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-55876"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-2595",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-158-01",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-223158",
"trust": 1.9
},
{
"db": "CNNVD",
"id": "CNNVD-201206-084",
"trust": 0.9
},
{
"db": "BID",
"id": "53837",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "49341",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-3211",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002658",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "19751",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "49359",
"trust": 0.3
},
{
"db": "IVD",
"id": "C4CEBBDE-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-55876",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113374",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113371",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c4cebbde-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3211"
},
{
"db": "VULHUB",
"id": "VHN-55876"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002658"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "NVD",
"id": "CVE-2012-2595"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-084"
}
]
},
"id": "VAR-201206-0071",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c4cebbde-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3211"
},
{
"db": "VULHUB",
"id": "VHN-55876"
}
],
"trust": 1.5935203766666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c4cebbde-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3211"
}
]
},
"last_update_date": "2023-12-18T12:38:49.189000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-223158: Multiple Vulnerabilities in WinCC 7.0 SP3",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens WinCC Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/18131"
},
{
"title": "Update 2 for WinCC V7.0 SP3 und WinCC V7.0 SP3 ASIA",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=43310"
},
{
"title": "Update 2 for WinCC V7.0 SP3 und WinCC V7.0 SP3 ASIA",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=43309"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3211"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002658"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-084"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55876"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002658"
},
{
"db": "NVD",
"id": "CVE-2012-2595"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-158-01.pdf"
},
{
"trust": 1.9,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2595"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2595"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/49341"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/53837"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19751"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/pages/default.aspx"
},
{
"trust": 0.2,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49359/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49359/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49359"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49341/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49341/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3211"
},
{
"db": "VULHUB",
"id": "VHN-55876"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002658"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "NVD",
"id": "CVE-2012-2595"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-084"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c4cebbde-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3211"
},
{
"db": "VULHUB",
"id": "VHN-55876"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002658"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "NVD",
"id": "CVE-2012-2595"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-084"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-19T00:00:00",
"db": "IVD",
"id": "c4cebbde-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3211"
},
{
"date": "2012-06-08T00:00:00",
"db": "VULHUB",
"id": "VHN-55876"
},
{
"date": "2012-06-06T00:00:00",
"db": "BID",
"id": "53837"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002658"
},
{
"date": "2012-06-08T07:05:53",
"db": "PACKETSTORM",
"id": "113374"
},
{
"date": "2012-06-08T07:05:43",
"db": "PACKETSTORM",
"id": "113371"
},
{
"date": "2012-06-08T18:55:02.173000",
"db": "NVD",
"id": "CVE-2012-2595"
},
{
"date": "2012-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-084"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3211"
},
{
"date": "2012-06-12T00:00:00",
"db": "VULHUB",
"id": "VHN-55876"
},
{
"date": "2012-06-06T00:00:00",
"db": "BID",
"id": "53837"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002658"
},
{
"date": "2012-06-12T04:00:00",
"db": "NVD",
"id": "CVE-2012-2595"
},
{
"date": "2012-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-084"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201206-084"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens WinCC Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "c4cebbde-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3211"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-084"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201206-084"
}
],
"trust": 0.6
}
}
var-201407-0605
Vulnerability from variot
Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A number of Siemens products have local privilege escalation vulnerabilities that allow an attacker to exploit vulnerabilities to escalate permissions on affected computers. Siemens SIMATIC WinCC and PCS 7 are prone to a local privilege-escalation vulnerability. Attackers can exploit this issue to gain elevated privileges on affected computers. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions. A security vulnerability exists in versions prior to Siemens SIMATIC WinCC 7.3 used by PCS7 and other products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0605",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 2.4,
"vendor": "wincc",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 2.4,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 1.4,
"vendor": "siemens",
"version": "7.3"
},
{
"model": null,
"scope": "eq",
"trust": 1.2,
"vendor": "wincc",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 1.2,
"vendor": "wincc",
"version": "7.1"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic pcs7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic pcs 7",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc",
"version": "*"
},
{
"model": "pcs7",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.2"
}
],
"sources": [
{
"db": "IVD",
"id": "7d76ea61-463f-11e9-a2da-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d14a5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "d7eabc36-02a7-4430-8646-7d7359179ce3"
},
{
"db": "CNVD",
"id": "CNVD-2014-04695"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003568"
},
{
"db": "NVD",
"id": "CVE-2014-4685"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-605"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:*:sp1:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4685"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergey Gordeychik, Alexander Tlyapov, Dmitry Nagibin, and Gleb Gritsai\nfrom Positive Technologies",
"sources": [
{
"db": "BID",
"id": "68872"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4685",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-4685",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-04695",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d76ea61-463f-11e9-a2da-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2d14a5e-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "d7eabc36-02a7-4430-8646-7d7359179ce3",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-72626",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-4685",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-04695",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-605",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d76ea61-463f-11e9-a2da-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2d14a5e-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "d7eabc36-02a7-4430-8646-7d7359179ce3",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-72626",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d76ea61-463f-11e9-a2da-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d14a5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "d7eabc36-02a7-4430-8646-7d7359179ce3"
},
{
"db": "CNVD",
"id": "CNVD-2014-04695"
},
{
"db": "VULHUB",
"id": "VHN-72626"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003568"
},
{
"db": "NVD",
"id": "CVE-2014-4685"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-605"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A number of Siemens products have local privilege escalation vulnerabilities that allow an attacker to exploit vulnerabilities to escalate permissions on affected computers. Siemens SIMATIC WinCC and PCS 7 are prone to a local privilege-escalation vulnerability. \nAttackers can exploit this issue to gain elevated privileges on affected computers. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions. A security vulnerability exists in versions prior to Siemens SIMATIC WinCC 7.3 used by PCS7 and other products",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4685"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003568"
},
{
"db": "CNVD",
"id": "CNVD-2014-04695"
},
{
"db": "BID",
"id": "68872"
},
{
"db": "IVD",
"id": "7d76ea61-463f-11e9-a2da-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d14a5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "d7eabc36-02a7-4430-8646-7d7359179ce3"
},
{
"db": "VULHUB",
"id": "VHN-72626"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4685",
"trust": 4.1
},
{
"db": "SIEMENS",
"id": "SSA-214365",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201407-605",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2014-04695",
"trust": 1.2
},
{
"db": "ICS CERT",
"id": "ICSA-14-205-02",
"trust": 1.1
},
{
"db": "BID",
"id": "68872",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003568",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "60392",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "60388",
"trust": 0.6
},
{
"db": "IVD",
"id": "7D76EA61-463F-11E9-A2DA-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "E2D14A5E-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "D7EABC36-02A7-4430-8646-7D7359179CE3",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-72626",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127660",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d76ea61-463f-11e9-a2da-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d14a5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "d7eabc36-02a7-4430-8646-7d7359179ce3"
},
{
"db": "CNVD",
"id": "CNVD-2014-04695"
},
{
"db": "VULHUB",
"id": "VHN-72626"
},
{
"db": "BID",
"id": "68872"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003568"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "NVD",
"id": "CVE-2014-4685"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-605"
}
]
},
"id": "VAR-201407-0605",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d76ea61-463f-11e9-a2da-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d14a5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "d7eabc36-02a7-4430-8646-7d7359179ce3"
},
{
"db": "CNVD",
"id": "CNVD-2014-04695"
},
{
"db": "VULHUB",
"id": "VHN-72626"
}
],
"trust": 1.9928966825
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d76ea61-463f-11e9-a2da-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d14a5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "d7eabc36-02a7-4430-8646-7d7359179ce3"
},
{
"db": "CNVD",
"id": "CNVD-2014-04695"
}
]
},
"last_update_date": "2023-12-18T12:30:37.564000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-214365",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
},
{
"title": "A patch for Siemens\u0027 local product privilege escalation vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/47934"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04695"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003568"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72626"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003568"
},
{
"db": "NVD",
"id": "CVE-2014-4685"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-205-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4685"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4685"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/68872/info"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/60388"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/60392"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/scada/simatic-wincc/pages/default.aspx"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4684"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4683"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4686"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4682"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04695"
},
{
"db": "VULHUB",
"id": "VHN-72626"
},
{
"db": "BID",
"id": "68872"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003568"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "NVD",
"id": "CVE-2014-4685"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-605"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d76ea61-463f-11e9-a2da-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d14a5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "d7eabc36-02a7-4430-8646-7d7359179ce3"
},
{
"db": "CNVD",
"id": "CNVD-2014-04695"
},
{
"db": "VULHUB",
"id": "VHN-72626"
},
{
"db": "BID",
"id": "68872"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003568"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "NVD",
"id": "CVE-2014-4685"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-605"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-30T00:00:00",
"db": "IVD",
"id": "7d76ea61-463f-11e9-a2da-000c29342cb1"
},
{
"date": "2014-07-30T00:00:00",
"db": "IVD",
"id": "e2d14a5e-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-07-30T00:00:00",
"db": "IVD",
"id": "d7eabc36-02a7-4430-8646-7d7359179ce3"
},
{
"date": "2014-07-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04695"
},
{
"date": "2014-07-24T00:00:00",
"db": "VULHUB",
"id": "VHN-72626"
},
{
"date": "2014-07-23T00:00:00",
"db": "BID",
"id": "68872"
},
{
"date": "2014-07-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003568"
},
{
"date": "2014-07-29T22:37:22",
"db": "PACKETSTORM",
"id": "127660"
},
{
"date": "2014-07-24T14:55:08.143000",
"db": "NVD",
"id": "CVE-2014-4685"
},
{
"date": "2014-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-605"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04695"
},
{
"date": "2014-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-72626"
},
{
"date": "2015-03-19T09:46:00",
"db": "BID",
"id": "68872"
},
{
"date": "2014-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003568"
},
{
"date": "2014-07-25T14:49:24.540000",
"db": "NVD",
"id": "CVE-2014-4685"
},
{
"date": "2014-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-605"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "68872"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-605"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC PCS 7 Used in products such as SIMATIC WinCC Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003568"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Permission permission and access control",
"sources": [
{
"db": "IVD",
"id": "7d76ea61-463f-11e9-a2da-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d14a5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "d7eabc36-02a7-4430-8646-7d7359179ce3"
}
],
"trust": 0.6
}
}
var-201202-0046
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4510. plural Siemens Product HMI Web The server contains a cross-site scripting vulnerability. This vulnerability is CVE-2011-4510 This is a different vulnerability.By any third party, Web Script or HTML May be inserted. Siemens SIMATIC is an automation software in a single engineering environment. The SIMATIC HMI Smart Options web server has two separate cross-site scripting attacks that allow elevation of privilege, stealing data or corrupting services. SIMATIC HMI is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0046",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "mp"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "op"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "tp"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc runtime advanced",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "comfort_panels"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "mobile_panels"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.4,
"vendor": "siemens",
"version": "2007"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.4,
"vendor": "siemens",
"version": "2005"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.4,
"vendor": "siemens",
"version": "2004"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2008"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2005"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2007"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2004"
},
{
"model": "wincc flexible runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "comfort panels"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "mobile panels"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "v11 sp2 update 1"
},
{
"model": "simatic wincc flexible",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "2008 sp3"
},
{
"model": "simatic wincc flexible rumtime",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "v11"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc flexible",
"version": "2008"
},
{
"model": "simatic wincc flexible runtime",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic hmi panels",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc flexible runtime",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "v11"
},
{
"model": "simatic hmi smart options",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2004"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2005"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2007"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
},
{
"model": "comfort panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mobile panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "op",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "tp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc runtime advanced",
"version": "v11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible runtime",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "28629d64-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0461"
},
{
"db": "BID",
"id": "51835"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001313"
},
{
"db": "NVD",
"id": "CVE-2011-4511"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-086"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:v11:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:sp2:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "v11",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4511"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios, Terry McCorkle, Shawn Merdinger, and Luigi Auriemma.",
"sources": [
{
"db": "BID",
"id": "51835"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4511",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-4511",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "28629d64-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-52456",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4511",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-086",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "28629d64-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-52456",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2011-4511",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "28629d64-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52456"
},
{
"db": "VULMON",
"id": "CVE-2011-4511"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001313"
},
{
"db": "NVD",
"id": "CVE-2011-4511"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-086"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4510. plural Siemens Product HMI Web The server contains a cross-site scripting vulnerability. This vulnerability is CVE-2011-4510 This is a different vulnerability.By any third party, Web Script or HTML May be inserted. Siemens SIMATIC is an automation software in a single engineering environment. The SIMATIC HMI Smart Options web server has two separate cross-site scripting attacks that allow elevation of privilege, stealing data or corrupting services. SIMATIC HMI is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4511"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001313"
},
{
"db": "CNVD",
"id": "CNVD-2012-0461"
},
{
"db": "BID",
"id": "51835"
},
{
"db": "IVD",
"id": "28629d64-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52456"
},
{
"db": "VULMON",
"id": "CVE-2011-4511"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4511",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01",
"trust": 3.5
},
{
"db": "SIEMENS",
"id": "SSA-345442",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201202-086",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0461",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001313",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "19403",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01A",
"trust": 0.4
},
{
"db": "BID",
"id": "51835",
"trust": 0.4
},
{
"db": "IVD",
"id": "28629D64-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52456",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2011-4511",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "28629d64-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0461"
},
{
"db": "VULHUB",
"id": "VHN-52456"
},
{
"db": "VULMON",
"id": "CVE-2011-4511"
},
{
"db": "BID",
"id": "51835"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001313"
},
{
"db": "NVD",
"id": "CVE-2011-4511"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-086"
}
]
},
"id": "VAR-201202-0046",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "28629d64-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0461"
},
{
"db": "VULHUB",
"id": "VHN-52456"
}
],
"trust": 1.5066835200000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "28629d64-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0461"
}
]
},
"last_update_date": "2023-12-18T12:22:07.621000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-345442",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"title": "\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens SIMATIC WinCC HMI Cross-Site Scripting Vulnerability (CNVD-2012-0461)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/9059"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0461"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001313"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52456"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001313"
},
{
"db": "NVD",
"id": "CVE-2011-4511"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01.pdf"
},
{
"trust": 1.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4511"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4511"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19403"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/automation/en/human-machine-interface/pages/default.aspx"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01a.pdf"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/51835"
},
{
"trust": 0.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-12-030-01a"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0461"
},
{
"db": "VULHUB",
"id": "VHN-52456"
},
{
"db": "VULMON",
"id": "CVE-2011-4511"
},
{
"db": "BID",
"id": "51835"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001313"
},
{
"db": "NVD",
"id": "CVE-2011-4511"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-086"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "28629d64-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0461"
},
{
"db": "VULHUB",
"id": "VHN-52456"
},
{
"db": "VULMON",
"id": "CVE-2011-4511"
},
{
"db": "BID",
"id": "51835"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001313"
},
{
"db": "NVD",
"id": "CVE-2011-4511"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-086"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-07T00:00:00",
"db": "IVD",
"id": "28629d64-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0461"
},
{
"date": "2012-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-52456"
},
{
"date": "2012-02-03T00:00:00",
"db": "VULMON",
"id": "CVE-2011-4511"
},
{
"date": "2012-01-30T00:00:00",
"db": "BID",
"id": "51835"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001313"
},
{
"date": "2012-02-03T20:55:01.407000",
"db": "NVD",
"id": "CVE-2011-4511"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-086"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0461"
},
{
"date": "2012-02-06T00:00:00",
"db": "VULHUB",
"id": "VHN-52456"
},
{
"date": "2012-02-06T00:00:00",
"db": "VULMON",
"id": "CVE-2011-4511"
},
{
"date": "2012-04-18T21:20:00",
"db": "BID",
"id": "51835"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001313"
},
{
"date": "2012-02-06T05:00:00",
"db": "NVD",
"id": "CVE-2011-4511"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-086"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-086"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens Product HMI Web Server vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001313"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-086"
}
],
"trust": 0.6
}
}
var-201708-0476
Vulnerability from variot
An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions < V7.4 SP1), SIMATIC WinCC Runtime Professional (All versions < V14 SP1), SIMATIC NET PC Software, and SIMATIC IT Production Suite. By sending specially crafted packets to the OPC Discovery Server at port 4840/tcp, an attacker might cause the system to access various resources chosen by the attacker. Siemens industrial products are based on the OPC UAP protocol based on OPC to discover and configure LAN device information.
The Siemens OPC UA protocol has an XML external entity vulnerability. Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions. Siemens SIMATIC PCS and so on are all products of German Siemens (Siemens). Siemens SIMATIC PCS is a process control system. SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0476",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic pcs7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.1"
},
{
"model": "local discovery server",
"scope": "lte",
"trust": 1.0,
"vendor": "ocpfoundation",
"version": "1.01.333.0"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.4"
},
{
"model": "ua .net",
"scope": "lte",
"trust": 1.0,
"vendor": "ocpfoundation",
"version": "2017-03-21"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "78.0"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "78.1"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "7.3"
},
{
"model": "local discovery server",
"scope": "lt",
"trust": 0.8,
"vendor": "opc",
"version": "1.03.367"
},
{
"model": "ua .net",
"scope": "eq",
"trust": 0.8,
"vendor": "opc",
"version": "2017-03-21"
},
{
"model": "simatic it production suite",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic net pc software",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic pcs 7",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime professional",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic it production suite all",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic net pc-software",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7\u003c=7.1"
},
{
"model": "simatic wincc sp1",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v7.4"
},
{
"model": "simatic wincc runtime professional",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v13"
},
{
"model": "simatic wincc runtime professional sp1",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v14"
},
{
"model": "local discovery server",
"scope": "eq",
"trust": 0.6,
"vendor": "ocpfoundation",
"version": "1.01.333.0"
},
{
"model": "ua .net",
"scope": "eq",
"trust": 0.6,
"vendor": "ocpfoundation",
"version": "2017-03-21"
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.4"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "77.1"
},
{
"model": "simatic net pc-software",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic net pc-software sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc-software hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc-software",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc-software sp2 hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic net pc-software",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic it production suite",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "plant connectivity",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "15.0"
},
{
"model": "simatic wincc runtime professional sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "7.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "local discovery server",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ua net",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"db": "BID",
"id": "100559"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"db": "NVD",
"id": "CVE-2017-12069"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1273"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ocpfoundation:ua_.net:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2017-03-21",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ocpfoundation:local_discovery_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.01.333.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12069"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergey Temnikov of Kaspersky Lab.",
"sources": [
{
"db": "BID",
"id": "100559"
}
],
"trust": 0.3
},
"cve": "CVE-2017-12069",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-12069",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-24363",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-102554",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.2,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-12069",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12069",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-24363",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1273",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-102554",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-12069",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"db": "VULHUB",
"id": "VHN-102554"
},
{
"db": "VULMON",
"id": "CVE-2017-12069"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"db": "NVD",
"id": "CVE-2017-12069"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1273"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions \u003c V7.4 SP1), SIMATIC WinCC Runtime Professional (All versions \u003c V14 SP1), SIMATIC NET PC Software, and SIMATIC IT Production Suite. By sending specially crafted packets to the OPC Discovery Server at port 4840/tcp, an attacker might cause the system to access various resources chosen by the attacker. Siemens industrial products are based on the OPC UAP protocol based on OPC to discover and configure LAN device information. \n\nThe Siemens OPC UA protocol has an XML external entity vulnerability. \nAttackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions. Siemens SIMATIC PCS and so on are all products of German Siemens (Siemens). Siemens SIMATIC PCS is a process control system. SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12069"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"db": "BID",
"id": "100559"
},
{
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"db": "VULHUB",
"id": "VHN-102554"
},
{
"db": "VULMON",
"id": "CVE-2017-12069"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12069",
"trust": 3.7
},
{
"db": "SIEMENS",
"id": "SSA-535640",
"trust": 1.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-243-01",
"trust": 1.6
},
{
"db": "BID",
"id": "100559",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1039510",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1273",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-24363",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-243-01B",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019",
"trust": 0.8
},
{
"db": "IVD",
"id": "E3C681F4-90BE-4763-9EA0-9BF8B55433BB",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-102554",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-12069",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"db": "VULHUB",
"id": "VHN-102554"
},
{
"db": "VULMON",
"id": "CVE-2017-12069"
},
{
"db": "BID",
"id": "100559"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"db": "NVD",
"id": "CVE-2017-12069"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1273"
}
]
},
"id": "VAR-201708-0476",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"db": "VULHUB",
"id": "VHN-102554"
}
],
"trust": 1.4807013
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"db": "CNVD",
"id": "CNVD-2017-24363"
}
]
},
"last_update_date": "2023-12-18T13:24:20.856000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Update for the OPC UA .NET Sample Code",
"trust": 0.8,
"url": "https://opcfoundation-onlineapplications.org/faq/securitybulletins/opc_foundation_security_bulletin_cve-2017-12069.pdf"
},
{
"title": "SSA-535640",
"trust": 0.8,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-535640.pdf"
},
{
"title": "Patch for Siemens OPC UA Protocol XML External Entity Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/176381"
},
{
"title": "Multiple Siemens product OPC Foundation UA .NET Sample Code and Local Discovery Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74833"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=0561e5e7e515f186e8a5589cf02f38a8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"db": "VULMON",
"id": "CVE-2017-12069"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1273"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-611",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102554"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"db": "NVD",
"id": "CVE-2017-12069"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-535640.pdf"
},
{
"trust": 1.5,
"url": "https://opcfoundation-onlineapplications.org/faq/securitybulletins/opc_foundation_security_bulletin_cve-2017-12069.pdf"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/100559"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1039510"
},
{
"trust": 0.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-243-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12069"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-243-01b"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12069"
},
{
"trust": 0.6,
"url": "https://support.industry.siemens.com/cs/ww/en/view/109746038"
},
{
"trust": 0.6,
"url": "https://support.industry.siemens.com/cs/ww/en/view/109746276"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-17-243-01-0"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.3,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=500633095"
},
{
"trust": 0.3,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=499356993"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/611.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=55504"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-17-243-01-0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"db": "VULHUB",
"id": "VHN-102554"
},
{
"db": "VULMON",
"id": "CVE-2017-12069"
},
{
"db": "BID",
"id": "100559"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"db": "NVD",
"id": "CVE-2017-12069"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1273"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"db": "VULHUB",
"id": "VHN-102554"
},
{
"db": "VULMON",
"id": "CVE-2017-12069"
},
{
"db": "BID",
"id": "100559"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"db": "NVD",
"id": "CVE-2017-12069"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1273"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-02T00:00:00",
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"date": "2017-09-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"date": "2017-08-30T00:00:00",
"db": "VULHUB",
"id": "VHN-102554"
},
{
"date": "2017-08-30T00:00:00",
"db": "VULMON",
"id": "CVE-2017-12069"
},
{
"date": "2017-08-31T00:00:00",
"db": "BID",
"id": "100559"
},
{
"date": "2017-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"date": "2017-08-30T19:29:00.210000",
"db": "NVD",
"id": "CVE-2017-12069"
},
{
"date": "2017-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1273"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"date": "2017-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-102554"
},
{
"date": "2017-10-06T00:00:00",
"db": "VULMON",
"id": "CVE-2017-12069"
},
{
"date": "2018-10-12T04:00:00",
"db": "BID",
"id": "100559"
},
{
"date": "2017-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"date": "2017-10-06T01:29:00.443000",
"db": "NVD",
"id": "CVE-2017-12069"
},
{
"date": "2020-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1273"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1273"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens OPC UA protocol XML External entity vulnerability",
"sources": [
{
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"db": "CNVD",
"id": "CNVD-2017-24363"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1273"
}
],
"trust": 0.6
}
}
var-201202-0048
Vulnerability from variot
Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader. plural Siemens The product includes HMI Web An arbitrary code execution vulnerability exists due to a flaw in processing related to the server and runtime loader.Crafted by attackers project An arbitrary code may be executed via the file. Siemens SIMATIC is an automation software in a single engineering environment. A security vulnerability exists in the Siemens SIMATIC WinCC HMI web server. Social engineering is required to enable administrators to download files and execute them. SIMATIC Wincc Runtime Advanced is prone to a remote security vulnerability. Vulnerabilities exist in several versions of Siemens SIMATIC WinCC
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0048",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "mp"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "op"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "tp"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.9,
"vendor": "siemens",
"version": "2008"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.9,
"vendor": "siemens",
"version": "2007"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.9,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc runtime advanced",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "comfort_panels"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "mobile_panels"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.4,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.4,
"vendor": "siemens",
"version": "2007"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.4,
"vendor": "siemens",
"version": "2005"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.4,
"vendor": "siemens",
"version": "2004"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.4,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.3,
"vendor": "siemens",
"version": "2005"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.3,
"vendor": "siemens",
"version": "2004"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 1.1,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc flexible runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "comfort panels"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "mobile panels"
},
{
"model": "simatic wincc flexible rumtime",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc flexible runtime",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi panels",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "wincc flexible runtime",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "wincc flexible runtime",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi panels tp",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi panels op",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi panels mp",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi panels mobile panels",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi panels comfort panels",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2004"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2005"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2007"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2008"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "v11"
},
{
"model": "comfort panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mobile panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "op",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "tp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc runtime advanced",
"version": "v11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible runtime",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "28dd62b0-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0463"
},
{
"db": "BID",
"id": "78355"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001315"
},
{
"db": "NVD",
"id": "CVE-2011-4513"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-088"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4513"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "78355"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4513",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-4513",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "28dd62b0-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-52458",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4513",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-088",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "28dd62b0-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-52458",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "28dd62b0-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52458"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001315"
},
{
"db": "NVD",
"id": "CVE-2011-4513"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-088"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader. plural Siemens The product includes HMI Web An arbitrary code execution vulnerability exists due to a flaw in processing related to the server and runtime loader.Crafted by attackers project An arbitrary code may be executed via the file. Siemens SIMATIC is an automation software in a single engineering environment. A security vulnerability exists in the Siemens SIMATIC WinCC HMI web server. Social engineering is required to enable administrators to download files and execute them. SIMATIC Wincc Runtime Advanced is prone to a remote security vulnerability. Vulnerabilities exist in several versions of Siemens SIMATIC WinCC",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4513"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001315"
},
{
"db": "CNVD",
"id": "CNVD-2012-0463"
},
{
"db": "BID",
"id": "78355"
},
{
"db": "IVD",
"id": "28dd62b0-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52458"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4513",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01",
"trust": 3.4
},
{
"db": "SIEMENS",
"id": "SSA-345442",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2012-0463",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201202-088",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001315",
"trust": 0.8
},
{
"db": "BID",
"id": "78355",
"trust": 0.4
},
{
"db": "IVD",
"id": "28DD62B0-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52458",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "28dd62b0-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0463"
},
{
"db": "VULHUB",
"id": "VHN-52458"
},
{
"db": "BID",
"id": "78355"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001315"
},
{
"db": "NVD",
"id": "CVE-2011-4513"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-088"
}
]
},
"id": "VAR-201202-0048",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "28dd62b0-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0463"
},
{
"db": "VULHUB",
"id": "VHN-52458"
}
],
"trust": 1.4902383314285714
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "28dd62b0-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0463"
}
]
},
"last_update_date": "2023-12-18T12:22:07.747000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-345442",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"title": "\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens SIMATIC WinCC HMI Vulnerability (CNVD-2012-0463)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/9061"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0463"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001315"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4513"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01.pdf"
},
{
"trust": 2.0,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4513"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4513"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0463"
},
{
"db": "VULHUB",
"id": "VHN-52458"
},
{
"db": "BID",
"id": "78355"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001315"
},
{
"db": "NVD",
"id": "CVE-2011-4513"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-088"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "28dd62b0-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0463"
},
{
"db": "VULHUB",
"id": "VHN-52458"
},
{
"db": "BID",
"id": "78355"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001315"
},
{
"db": "NVD",
"id": "CVE-2011-4513"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-088"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-07T00:00:00",
"db": "IVD",
"id": "28dd62b0-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0463"
},
{
"date": "2012-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-52458"
},
{
"date": "2012-02-03T00:00:00",
"db": "BID",
"id": "78355"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001315"
},
{
"date": "2012-02-03T20:55:01.513000",
"db": "NVD",
"id": "CVE-2011-4513"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-088"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0463"
},
{
"date": "2012-02-06T00:00:00",
"db": "VULHUB",
"id": "VHN-52458"
},
{
"date": "2012-02-03T00:00:00",
"db": "BID",
"id": "78355"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001315"
},
{
"date": "2012-02-06T05:00:00",
"db": "NVD",
"id": "CVE-2011-4513"
},
{
"date": "2012-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-088"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-088"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens Vulnerabilities in products that allow arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001315"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-088"
}
],
"trust": 0.6
}
}
var-201903-1631
Vulnerability from variot
Siemens Wincc v7.3 is a process monitoring system. There is a file upload vulnerability in Siemens Wincc v7.3, which can be exploited by an attacker to perform arbitrary programs
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1631",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "v7.3"
}
],
"sources": [
{
"db": "IVD",
"id": "0fbf5a96-66c5-4026-a901-aff2e7ef5d0d"
},
{
"db": "CNVD",
"id": "CNVD-2019-07710"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.5,
"id": "CNVD-2019-07710",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.5,
"id": "0fbf5a96-66c5-4026-a901-aff2e7ef5d0d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2019-07710",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "0fbf5a96-66c5-4026-a901-aff2e7ef5d0d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0fbf5a96-66c5-4026-a901-aff2e7ef5d0d"
},
{
"db": "CNVD",
"id": "CNVD-2019-07710"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens Wincc v7.3 is a process monitoring system. There is a file upload vulnerability in Siemens Wincc v7.3, which can be exploited by an attacker to perform arbitrary programs",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07710"
},
{
"db": "IVD",
"id": "0fbf5a96-66c5-4026-a901-aff2e7ef5d0d"
}
],
"trust": 0.72
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-07710",
"trust": 0.8
},
{
"db": "IVD",
"id": "0FBF5A96-66C5-4026-A901-AFF2E7EF5D0D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "0fbf5a96-66c5-4026-a901-aff2e7ef5d0d"
},
{
"db": "CNVD",
"id": "CNVD-2019-07710"
}
]
},
"id": "VAR-201903-1631",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0fbf5a96-66c5-4026-a901-aff2e7ef5d0d"
},
{
"db": "CNVD",
"id": "CNVD-2019-07710"
}
],
"trust": 1.3531914999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0fbf5a96-66c5-4026-a901-aff2e7ef5d0d"
},
{
"db": "CNVD",
"id": "CNVD-2019-07710"
}
]
},
"last_update_date": "2022-05-17T02:04:29.005000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "File upload vulnerability exists in WebNavigator component in Wincc",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/156611"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07710"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.siemens.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07710"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0fbf5a96-66c5-4026-a901-aff2e7ef5d0d"
},
{
"db": "CNVD",
"id": "CNVD-2019-07710"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-21T00:00:00",
"db": "IVD",
"id": "0fbf5a96-66c5-4026-a901-aff2e7ef5d0d"
},
{
"date": "2019-05-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-07710"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-07710"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is a file upload vulnerability in Siemens Wincc v7.3",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07710"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Permission permission and access control",
"sources": [
{
"db": "IVD",
"id": "0fbf5a96-66c5-4026-a901-aff2e7ef5d0d"
}
],
"trust": 0.2
}
}
var-202306-0965
Vulnerability from variot
A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). Affected applications fail to set proper access rights for their installation folder if a non-default installation path was chosen during installation.
This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. SIMATIC WinCC is a supervisory control and data acquisition (SCADA) system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202306-0965",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.5.2.13"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "7.5.2.13"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-48549"
},
{
"db": "NVD",
"id": "CVE-2023-30897"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.5.2.13",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-30897"
}
]
},
"cve": "CVE-2023-30897",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "CNVD-2023-48549",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-30897",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2023-30897",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2023-48549",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202306-880",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-48549"
},
{
"db": "NVD",
"id": "CVE-2023-30897"
},
{
"db": "NVD",
"id": "CVE-2023-30897"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-880"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC WinCC (All versions \u003c V7.5.2.13). Affected applications fail to set proper access rights for their installation folder if a non-default installation path was chosen during installation. \r\n\r\nThis could allow an authenticated local attacker to inject arbitrary code and escalate privileges. SIMATIC WinCC is a supervisory control and data acquisition (SCADA) system",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-30897"
},
{
"db": "CNVD",
"id": "CNVD-2023-48549"
},
{
"db": "VULMON",
"id": "CVE-2023-30897"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-30897",
"trust": 2.3
},
{
"db": "SIEMENS",
"id": "SSA-914026",
"trust": 2.3
},
{
"db": "CNVD",
"id": "CNVD-2023-48549",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202306-880",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-30897",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-48549"
},
{
"db": "VULMON",
"id": "CVE-2023-30897"
},
{
"db": "NVD",
"id": "CVE-2023-30897"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-880"
}
]
},
"id": "VAR-202306-0965",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-48549"
}
],
"trust": 1.181947215
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-48549"
}
]
},
"last_update_date": "2023-12-18T13:16:38.895000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens SIMATIC WinCC Native Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/433506"
},
{
"title": "Siemens SIMATIC WinCC Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=243027"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-48549"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-880"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-30897"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-914026.pdf"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-914026.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-30897/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-48549"
},
{
"db": "VULMON",
"id": "CVE-2023-30897"
},
{
"db": "NVD",
"id": "CVE-2023-30897"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-880"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-48549"
},
{
"db": "VULMON",
"id": "CVE-2023-30897"
},
{
"db": "NVD",
"id": "CVE-2023-30897"
},
{
"db": "CNNVD",
"id": "CNNVD-202306-880"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-48549"
},
{
"date": "2023-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-30897"
},
{
"date": "2023-06-13T09:15:17.703000",
"db": "NVD",
"id": "CVE-2023-30897"
},
{
"date": "2023-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202306-880"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-06-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-48549"
},
{
"date": "2023-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-30897"
},
{
"date": "2023-06-26T17:41:04.607000",
"db": "NVD",
"id": "CVE-2023-30897"
},
{
"date": "2023-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202306-880"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-880"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC Native Code Execution Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-48549"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202306-880"
}
],
"trust": 0.6
}
}
var-201502-0370
Vulnerability from variot
The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. An information disclosure vulnerability exists in Siemens SIMATIC WinCC V13 SP1 that could allow an attacker to obtain sensitive information through man-in-the-middle attacks. Versions prior to Siemens SIMATIC WinCC TIA Portal V13 SP1 are vulnerable. The vulnerability stems from the fact that the program does not properly encrypt the certificate in transmission. A remote attacker could exploit this vulnerability by sniffing the network and performing a decryption attack to obtain clear text certificates
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0370",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "13.0"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "13 sp1"
},
{
"model": "simatic wincc tia portal sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v13"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "13.0"
},
{
"model": "simatic wincc flexible runtime",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc flexible sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2007"
},
{
"model": "simatic wincc flexible sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2005"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2005"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2004"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
}
],
"sources": [
{
"db": "IVD",
"id": "6c5f6ee2-c09b-4c78-a362-83203bbfe346"
},
{
"db": "IVD",
"id": "a11e037c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01296"
},
{
"db": "BID",
"id": "72625"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001537"
},
{
"db": "NVD",
"id": "CVE-2015-1358"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-420"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1358"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gleb Gritsai, Roman Ilin, Aleksandr Tlyapov, and Sergey Gordeychik.",
"sources": [
{
"db": "BID",
"id": "72625"
}
],
"trust": 0.3
},
"cve": "CVE-2015-1358",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-1358",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-01296",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "6c5f6ee2-c09b-4c78-a362-83203bbfe346",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "a11e037c-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-79319",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-1358",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-01296",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-420",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "6c5f6ee2-c09b-4c78-a362-83203bbfe346",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a11e037c-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-79319",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "6c5f6ee2-c09b-4c78-a362-83203bbfe346"
},
{
"db": "IVD",
"id": "a11e037c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01296"
},
{
"db": "VULHUB",
"id": "VHN-79319"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001537"
},
{
"db": "NVD",
"id": "CVE-2015-1358"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-420"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. An information disclosure vulnerability exists in Siemens SIMATIC WinCC V13 SP1 that could allow an attacker to obtain sensitive information through man-in-the-middle attacks. \nVersions prior to Siemens SIMATIC WinCC TIA Portal V13 SP1 are vulnerable. The vulnerability stems from the fact that the program does not properly encrypt the certificate in transmission. A remote attacker could exploit this vulnerability by sniffing the network and performing a decryption attack to obtain clear text certificates",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1358"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001537"
},
{
"db": "CNVD",
"id": "CNVD-2015-01296"
},
{
"db": "BID",
"id": "72625"
},
{
"db": "IVD",
"id": "6c5f6ee2-c09b-4c78-a362-83203bbfe346"
},
{
"db": "IVD",
"id": "a11e037c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-79319"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-1358",
"trust": 3.9
},
{
"db": "SIEMENS",
"id": "SSA-543623",
"trust": 2.3
},
{
"db": "BID",
"id": "72625",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-16-161-02",
"trust": 1.9
},
{
"db": "SIEMENS",
"id": "SSA-526760",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201502-420",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036090",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2015-01296",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001537",
"trust": 0.8
},
{
"db": "IVD",
"id": "6C5F6EE2-C09B-4C78-A362-83203BBFE346",
"trust": 0.2
},
{
"db": "IVD",
"id": "A11E037C-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-79319",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130406",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "6c5f6ee2-c09b-4c78-a362-83203bbfe346"
},
{
"db": "IVD",
"id": "a11e037c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01296"
},
{
"db": "VULHUB",
"id": "VHN-79319"
},
{
"db": "BID",
"id": "72625"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001537"
},
{
"db": "PACKETSTORM",
"id": "130406"
},
{
"db": "NVD",
"id": "CVE-2015-1358"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-420"
}
]
},
"id": "VAR-201502-0370",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "6c5f6ee2-c09b-4c78-a362-83203bbfe346"
},
{
"db": "IVD",
"id": "a11e037c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01296"
},
{
"db": "VULHUB",
"id": "VHN-79319"
}
],
"trust": 1.7525570957142858
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "6c5f6ee2-c09b-4c78-a362-83203bbfe346"
},
{
"db": "IVD",
"id": "a11e037c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01296"
}
]
},
"last_update_date": "2023-12-18T12:30:37.714000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-543623",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-543623.pdf"
},
{
"title": "Patch for Siemens SIMATIC WinCC TIA Portal Man-in-the-Middle Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/55531"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01296"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001537"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79319"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001537"
},
{
"db": "NVD",
"id": "CVE-2015-1358"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-543623.pdf"
},
{
"trust": 1.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-161-02"
},
{
"trust": 1.7,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-526760.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/72625"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036090"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1358"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4686"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01296"
},
{
"db": "VULHUB",
"id": "VHN-79319"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001537"
},
{
"db": "PACKETSTORM",
"id": "130406"
},
{
"db": "NVD",
"id": "CVE-2015-1358"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-420"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "6c5f6ee2-c09b-4c78-a362-83203bbfe346"
},
{
"db": "IVD",
"id": "a11e037c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01296"
},
{
"db": "VULHUB",
"id": "VHN-79319"
},
{
"db": "BID",
"id": "72625"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001537"
},
{
"db": "PACKETSTORM",
"id": "130406"
},
{
"db": "NVD",
"id": "CVE-2015-1358"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-420"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-27T00:00:00",
"db": "IVD",
"id": "6c5f6ee2-c09b-4c78-a362-83203bbfe346"
},
{
"date": "2015-02-27T00:00:00",
"db": "IVD",
"id": "a11e037c-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01296"
},
{
"date": "2015-02-18T00:00:00",
"db": "VULHUB",
"id": "VHN-79319"
},
{
"date": "2015-02-13T00:00:00",
"db": "BID",
"id": "72625"
},
{
"date": "2015-02-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001537"
},
{
"date": "2015-02-16T17:36:59",
"db": "PACKETSTORM",
"id": "130406"
},
{
"date": "2015-02-18T02:59:07.813000",
"db": "NVD",
"id": "CVE-2015-1358"
},
{
"date": "2015-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-420"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01296"
},
{
"date": "2016-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-79319"
},
{
"date": "2016-07-06T14:57:00",
"db": "BID",
"id": "72625"
},
{
"date": "2016-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001537"
},
{
"date": "2016-11-30T02:59:19.423000",
"db": "NVD",
"id": "CVE-2015-1358"
},
{
"date": "2015-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-420"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "130406"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-420"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC TIA Portal Man-in-the-middle information disclosure vulnerability",
"sources": [
{
"db": "IVD",
"id": "6c5f6ee2-c09b-4c78-a362-83203bbfe346"
},
{
"db": "IVD",
"id": "a11e037c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01296"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-420"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2013-03-21 15:55
Modified
2024-11-21 01:47
Severity ?
Summary
Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EFF12A0-B105-4225-B818-F858C75047B0",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "33FA164B-E269-4140-AC85-2623356AF636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B34F3397-62D2-4D9C-A3DA-1BEE4A2A69FC",
"versionEndIncluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CB277F-7ECB-4F44-8BB5-A3D350486EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "616535F1-F609-408B-AE48-61ACF48748A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F322FCB-32F4-4C5A-A7F5-F7EF41188C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "69822DB4-DC79-4F88-A470-5AC512C77377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "996DE8BD-DD51-41EF-9882-C2BD2CC5FE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "945C8B46-4CDA-4143-889C-30E30E93DB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33F9015-7058-419A-8762-CB2AE4ACF1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E6271FCC-CCF6-4D31-801A-B4B0DC4639DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DF7A6B2B-D573-4285-B3B4-136F2BE7E710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "111D0F4D-2B67-46E8-BF8D-5D30EFE561EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query."
},
{
"lang": "es",
"value": "Siemens WinCC anterior a v7.2, usado en SIMATIC PCS7 anterior a v8.0 SP1 y otros productos, no asigna correctamente los privilegios de la base de datos que contiene las credenciales WebNavigator, lo que permite a usuarios autenticados obtener informaci\u00f3n a trav\u00e9s de consultas SQL."
}
],
"id": "CVE-2013-0676",
"lastModified": "2024-11-21T01:47:59.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-21T15:55:01.567",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-03 20:55
Modified
2024-11-21 01:32
Severity ?
Summary
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | wincc_flexible | 2004 | |
| siemens | wincc_flexible | 2005 | |
| siemens | wincc_flexible | 2007 | |
| siemens | wincc_flexible | 2008 | |
| siemens | wincc_flexible | 2008 | |
| siemens | wincc_flexible | 2008 | |
| siemens | wincc | * | |
| siemens | wincc | v11 | |
| siemens | wincc | v11 | |
| siemens | simatic_hmi_panels | comfort_panels | |
| siemens | simatic_hmi_panels | mobile_panels | |
| siemens | simatic_hmi_panels | mp | |
| siemens | simatic_hmi_panels | op | |
| siemens | simatic_hmi_panels | tp | |
| siemens | wincc_runtime_advanced | v11 | |
| siemens | wincc_flexible_runtime | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "7D596C29-36F8-44F2-897D-FD107769E5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "2D84E29A-4BC2-4229-83C3-D9F7A641D19C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3ADDE1-1F91-43E7-A3C3-3069916F4B23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "1432EC7A-47B2-41D1-B90B-72DBB79AC266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1A4B1323-9AF3-424F-925A-A62F35E575E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E454C72B-7804-402B-9C6A-687BF2C45D39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9FE44373-06BD-4AA0-8778-06F2A150510C",
"versionEndIncluding": "v11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"matchCriteriaId": "18A9883B-80E1-4B2E-88DA-D2326AE3DC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:v11:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F53FDA20-FE97-4BA3-9165-F0BD7A25FA5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"matchCriteriaId": "DC593746-B329-43EA-8CA1-AA56AC5A3B10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF877E8-A0D1-4444-99F2-8A3E8ED4D31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"matchCriteriaId": "442AC914-BDD5-4D0C-9E04-88F60EE2B730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"matchCriteriaId": "D9749966-1666-4F7D-90D0-17AFBB88AE83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"matchCriteriaId": "9471D239-08B1-4076-82F7-2B73F4E343CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE3AE80-C7A2-4581-993A-536936F6D315",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F785262-BBFB-4A0C-A7DC-97F5D6B94BB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie."
},
{
"lang": "es",
"value": "El servidor web HMI de Siemens WinCC flexible v2004, v2005, v2007 y v2008 antes de SP3, WinCC V11 (tambi\u00e9n conocido como TIA Portal) antes de SP2 Update 1, TP, OP, MP, Comfort Panels, y de los paneles de Mobile Panels SIMATIC HMI, WinCC V11 Advanced Runtime, y WinCC flexible Runtime genera tokens de autenticaci\u00f3n para cookies, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos a la hora de evitar la autenticaci\u00f3n usando una cookie manipulada."
}
],
"id": "CVE-2011-4508",
"lastModified": "2024-11-21T01:32:26.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-03T20:55:01.250",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-21 15:55
Modified
2024-11-21 01:47
Severity ?
Summary
The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a crafted project file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EFF12A0-B105-4225-B818-F858C75047B0",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "33FA164B-E269-4140-AC85-2623356AF636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B34F3397-62D2-4D9C-A3DA-1BEE4A2A69FC",
"versionEndIncluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CB277F-7ECB-4F44-8BB5-A3D350486EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "616535F1-F609-408B-AE48-61ACF48748A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F322FCB-32F4-4C5A-A7F5-F7EF41188C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "69822DB4-DC79-4F88-A470-5AC512C77377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "996DE8BD-DD51-41EF-9882-C2BD2CC5FE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "945C8B46-4CDA-4143-889C-30E30E93DB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33F9015-7058-419A-8762-CB2AE4ACF1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E6271FCC-CCF6-4D31-801A-B4B0DC4639DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DF7A6B2B-D573-4285-B3B4-136F2BE7E710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "111D0F4D-2B67-46E8-BF8D-5D30EFE561EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a crafted project file."
},
{
"lang": "es",
"value": "El servidor web en Siemens WinCC antes de v7,2, tal como se utiliza en SIMATIC PCS v7 antes de v8,0 SP1 y otros productos, permite a atacantes remotos obtener informaci\u00f3n sensible o causar una denegaci\u00f3n de servicio a trav\u00e9s de un archivo de proyecto elaborado."
}
],
"id": "CVE-2013-0677",
"lastModified": "2024-11-21T01:47:59.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-03-21T15:55:01.583",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-06-14 19:55
Modified
2024-11-21 01:54
Severity ?
Summary
The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account names via crafted URL parameters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0165209F-7378-4C05-9373-ECA6EA57697D",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B894F4-9635-4436-BC0A-E43280426017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74484B5D-121B-4838-9072-019532E78A03",
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33F9015-7058-419A-8762-CB2AE4ACF1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E6271FCC-CCF6-4D31-801A-B4B0DC4639DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DF7A6B2B-D573-4285-B3B4-136F2BE7E710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "111D0F4D-2B67-46E8-BF8D-5D30EFE561EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B16BB99-49E0-443E-BEE0-C7694D2C54E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A4115260-50FC-40C9-81CF-4D9F97394627",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account names via crafted URL parameters."
},
{
"lang": "es",
"value": "El navegador Web de Siemens WinCC antes de v7.2 Update 1, tal y como se utiliza en SIMATIC PCS7 v8.0 SP1 y anteriores y otros productos, muestra un comportamiento diferente para los nombres de usuario de NetBIOS en funci\u00f3n de si existe o no la cuenta de usuario, lo que permite a usuarios remotos autenticados enumerar nombres de cuenta a trav\u00e9s de par\u00e1metros de la URL modificados a mano."
}
],
"id": "CVE-2013-3959",
"lastModified": "2024-11-21T01:54:37.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-14T19:55:01.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-03 20:55
Modified
2024-11-21 01:33
Severity ?
Summary
miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | wincc_flexible | 2004 | |
| siemens | wincc_flexible | 2005 | |
| siemens | wincc_flexible | 2007 | |
| siemens | wincc_flexible | 2008 | |
| siemens | wincc_flexible | 2008 | |
| siemens | wincc_flexible | 2008 | |
| siemens | wincc | * | |
| siemens | wincc | v11 | |
| siemens | wincc | v11 | |
| siemens | simatic_hmi_panels | comfort_panels | |
| siemens | simatic_hmi_panels | mobile_panels | |
| siemens | simatic_hmi_panels | mp | |
| siemens | simatic_hmi_panels | op | |
| siemens | simatic_hmi_panels | tp | |
| siemens | wincc_runtime_advanced | v11 | |
| siemens | wincc_flexible_runtime | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "7D596C29-36F8-44F2-897D-FD107769E5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "2D84E29A-4BC2-4229-83C3-D9F7A641D19C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3ADDE1-1F91-43E7-A3C3-3069916F4B23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "1432EC7A-47B2-41D1-B90B-72DBB79AC266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1A4B1323-9AF3-424F-925A-A62F35E575E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E454C72B-7804-402B-9C6A-687BF2C45D39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9FE44373-06BD-4AA0-8778-06F2A150510C",
"versionEndIncluding": "v11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"matchCriteriaId": "18A9883B-80E1-4B2E-88DA-D2326AE3DC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:v11:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F53FDA20-FE97-4BA3-9165-F0BD7A25FA5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"matchCriteriaId": "DC593746-B329-43EA-8CA1-AA56AC5A3B10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF877E8-A0D1-4444-99F2-8A3E8ED4D31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"matchCriteriaId": "442AC914-BDD5-4D0C-9E04-88F60EE2B730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"matchCriteriaId": "D9749966-1666-4F7D-90D0-17AFBB88AE83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"matchCriteriaId": "9471D239-08B1-4076-82F7-2B73F4E343CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE3AE80-C7A2-4581-993A-536936F6D315",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F785262-BBFB-4A0C-A7DC-97F5D6B94BB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request."
},
{
"lang": "es",
"value": "miniweb.exe del servidor web HMI de Siemens WinCC flexible 2004, 2005, 2007 y 2008 anteriores a SP3; WinCC V11 (portal TIA) anteriores a SP2 Update 1; los TP, OP, MP, Comfort Panels y Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; y WinCC flexible Runtime no manejan apropiadamente URIs que comienzan con un caracter 0xfa, lo que permite a atacantes remotos leer localizaciones de memoria arbitrarias o provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de una petici\u00f3n POST."
}
],
"id": "CVE-2011-4879",
"lastModified": "2024-11-21T01:33:12.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-03T20:55:02.077",
"references": [
{
"source": "cret@cert.org",
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"source": "cret@cert.org",
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"source": "cret@cert.org",
"url": "http://www.osvdb.org/77384"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"source": "cret@cert.org",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"source": "cret@cert.org",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/77384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71453"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-18 14:55
Modified
2024-11-21 01:40
Severity ?
Summary
SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B894F4-9635-4436-BC0A-E43280426017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "5AC094B0-B1BE-436D-A8D3-2008D0CDE070",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CB277F-7ECB-4F44-8BB5-A3D350486EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "616535F1-F609-408B-AE48-61ACF48748A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F322FCB-32F4-4C5A-A7F5-F7EF41188C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "69822DB4-DC79-4F88-A470-5AC512C77377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "996DE8BD-DD51-41EF-9882-C2BD2CC5FE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "945C8B46-4CDA-4143-889C-30E30E93DB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33F9015-7058-419A-8762-CB2AE4ACF1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E6271FCC-CCF6-4D31-801A-B4B0DC4639DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DF7A6B2B-D573-4285-B3B4-136F2BE7E710",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Siemens WinCC v7.0 SP3 y anteriores, como se usa en SIMATIC PCS7 y otros productos, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de un mensaje SOAP modificado."
}
],
"id": "CVE-2012-3032",
"lastModified": "2024-11-21T01:40:09.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-18T14:55:01.537",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://en.securitylab.ru/lab/PT-2012-44"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://en.securitylab.ru/lab/PT-2012-44"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-03 20:55
Modified
2024-11-21 01:32
Severity ?
Summary
Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | wincc_flexible | 2004 | |
| siemens | wincc_flexible | 2005 | |
| siemens | wincc_flexible | 2007 | |
| siemens | wincc_flexible | 2008 | |
| siemens | wincc | v11 | |
| siemens | simatic_hmi_panels | comfort_panels | |
| siemens | simatic_hmi_panels | mobile_panels | |
| siemens | simatic_hmi_panels | mp | |
| siemens | simatic_hmi_panels | op | |
| siemens | simatic_hmi_panels | tp | |
| siemens | wincc_runtime_advanced | v11 | |
| siemens | wincc_flexible_runtime | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "7D596C29-36F8-44F2-897D-FD107769E5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "2D84E29A-4BC2-4229-83C3-D9F7A641D19C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3ADDE1-1F91-43E7-A3C3-3069916F4B23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "1432EC7A-47B2-41D1-B90B-72DBB79AC266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"matchCriteriaId": "18A9883B-80E1-4B2E-88DA-D2326AE3DC08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"matchCriteriaId": "DC593746-B329-43EA-8CA1-AA56AC5A3B10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF877E8-A0D1-4444-99F2-8A3E8ED4D31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"matchCriteriaId": "442AC914-BDD5-4D0C-9E04-88F60EE2B730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"matchCriteriaId": "D9749966-1666-4F7D-90D0-17AFBB88AE83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"matchCriteriaId": "9471D239-08B1-4076-82F7-2B73F4E343CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE3AE80-C7A2-4581-993A-536936F6D315",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F785262-BBFB-4A0C-A7DC-97F5D6B94BB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader."
},
{
"lang": "es",
"value": "Siemens WinCC flexible 2004, 2005, 2007 y 2008; WinCC V11 (TIA portal); TP, OP, MP, Comfort Panels y Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced y WinCC flexible Runtime permiten a atacantes remotos asistidos por el usuario ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo de proyecto, relacionado con un servidor web y el cargador de tiempo de ejecuci\u00f3n (\"runtime loader\")."
}
],
"id": "CVE-2011-4513",
"lastModified": "2024-11-21T01:32:27.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-03T20:55:01.513",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-08 18:55
Modified
2024-11-21 01:39
Severity ?
Summary
Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "111D0F4D-2B67-46E8-BF8D-5D30EFE561EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp3:update_1:*:*:*:*:*",
"matchCriteriaId": "BA8B4A08-C07D-46C6-BD30-477F54A02C98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de salto de directorio en Siemens WinCC v7.0 SP3 anteriores a Update 2, permite a atacantes remotos leer ficheros locales mediante un par\u00e1metro manipulado en una URL."
}
],
"id": "CVE-2012-2597",
"lastModified": "2024-11-21T01:39:17.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-08T18:55:02.267",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-21 15:55
Modified
2024-11-21 01:47
Severity ?
Summary
Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated users to obtain sensitive information via a SQL query.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EFF12A0-B105-4225-B818-F858C75047B0",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "5AC094B0-B1BE-436D-A8D3-2008D0CDE070",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33F9015-7058-419A-8762-CB2AE4ACF1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E6271FCC-CCF6-4D31-801A-B4B0DC4639DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DF7A6B2B-D573-4285-B3B4-136F2BE7E710",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated users to obtain sensitive information via a SQL query."
},
{
"lang": "es",
"value": "Siemens WinCC antes de v7,2, tal como se utiliza en SIMATIC PCS 7 antes de v8,0 SP1 y otros productos, no representa correctamente las credenciales WebNavigator en una base de datos, lo que hace que sea m\u00e1s f\u00e1cil para los usuarios remotos autenticados para obtener informaci\u00f3n sensible a trav\u00e9s de una consulta SQL."
}
],
"id": "CVE-2013-0678",
"lastModified": "2024-11-21T01:47:59.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-21T15:55:01.600",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-18 14:55
Modified
2024-11-21 01:40
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a (1) GET parameter, (2) POST parameter, or (3) Referer HTTP header.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B894F4-9635-4436-BC0A-E43280426017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "5AC094B0-B1BE-436D-A8D3-2008D0CDE070",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CB277F-7ECB-4F44-8BB5-A3D350486EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "616535F1-F609-408B-AE48-61ACF48748A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F322FCB-32F4-4C5A-A7F5-F7EF41188C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "69822DB4-DC79-4F88-A470-5AC512C77377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "996DE8BD-DD51-41EF-9882-C2BD2CC5FE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "945C8B46-4CDA-4143-889C-30E30E93DB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33F9015-7058-419A-8762-CB2AE4ACF1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E6271FCC-CCF6-4D31-801A-B4B0DC4639DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DF7A6B2B-D573-4285-B3B4-136F2BE7E710",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a (1) GET parameter, (2) POST parameter, or (3) Referer HTTP header."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en Web Navigator en Siemens WinCC v7.0 SP3 y versiones anteriores, tal y como se usan en SIMATIC PCS v7 y otros productos, permiten a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un par\u00e1metro (1) GET, (2) POST, o (3) una cabecera HTTP Referer.\r\n"
}
],
"id": "CVE-2012-3031",
"lastModified": "2024-11-21T01:40:09.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-18T14:55:01.490",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://en.securitylab.ru/lab/PT-2012-42"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://en.securitylab.ru/lab/PT-2012-42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-30 19:29
Modified
2024-11-21 03:08
Severity ?
Summary
An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions < V7.4 SP1), SIMATIC WinCC Runtime Professional (All versions < V14 SP1), SIMATIC NET PC Software, and SIMATIC IT Production Suite. By sending specially crafted packets to the OPC Discovery Server at port 4840/tcp, an attacker might cause the system to access various resources chosen by the attacker.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | simatic_pcs7 | * | |
| siemens | wincc | * | |
| ocpfoundation | local_discovery_server | * | |
| ocpfoundation | ua_.net | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D19542-FDC9-4CBC-A75A-370DE4B4C929",
"versionEndIncluding": "8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C4AD3A6-D8F1-4DE0-9B08-25F95753F666",
"versionEndIncluding": "7.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ocpfoundation:local_discovery_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A47D3C-FE15-48DC-9A2B-C2F4A1B74AD6",
"versionEndIncluding": "1.01.333.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ocpfoundation:ua_.net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE0DC426-A197-41CF-A2D3-C2A959736F80",
"versionEndIncluding": "2017-03-21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions \u003c V7.4 SP1), SIMATIC WinCC Runtime Professional (All versions \u003c V14 SP1), SIMATIC NET PC Software, and SIMATIC IT Production Suite. By sending specially crafted packets to the OPC Discovery Server at port 4840/tcp, an attacker might cause the system to access various resources chosen by the attacker."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad XXE en OPC Foundation UA .NET Sample Code antes del 21-03-2017 y Local Discovery Server (LDS) antes de la versi\u00f3n 1.03.367. Los siguientes productos se han visto afectados por esta vulnerabilidad, entre otros: Siemens SIMATIC PCS7 (todas las versiones V8.1 y anteriores), SIMATIC WinCC (todas las versiones anteriores a V7.4 SP1), SIMATIC WinCC Runtime Professional (todas las versiones anteriores a V14 SP1), SIMATIC NET PC Software y SIMATIC IT Production Suite. Un atacante podr\u00eda hacer que el sistema acceda a varios recursos escogidos por el atacante mediante el env\u00edo de paquetes especialmente manipulados a OPC Discovery Server en el puerto 4840/tcp."
}
],
"id": "CVE-2017-12069",
"lastModified": "2024-11-21T03:08:46.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-30T19:29:00.210",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100559"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1039510"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-12069.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-535640.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1039510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-12069.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-535640.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-01 13:32
Modified
2024-11-21 01:56
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging improper configuration of SIMATIC HMI panels by the WinCC product.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D8575F81-50D2-4879-AA97-232257913BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:11.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "8730C7C7-D7C7-4094-99AB-6FD06D7AAB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:11.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "F9B98FB4-A080-41DC-8B1C-DA703C8975E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30A9D051-1796-4736-97F7-3F07917E9873",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging improper configuration of SIMATIC HMI panels by the WinCC product."
},
{
"lang": "es",
"value": "Vulnerabilidad CSRF en Siemens WinCC (TIA Portal) 11 y 12 anterior a 12 SP1, permite a atacantes remotos secuestrar la autenticaci\u00f3n de v\u00edctimas sin especificar aprovechando una configuraci\u00f3n incorrecta de los paneles SIMATIC HMI del producto WinCC."
}
],
"id": "CVE-2013-4911",
"lastModified": "2024-11-21T01:56:40.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-01T13:32:26.113",
"references": [
{
"source": "cve@mitre.org",
"url": "http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/54051"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/54252"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/61536"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86099"
},
{
"source": "cve@mitre.org",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/54051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/54252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-21 15:55
Modified
2024-11-21 01:47
Severity ?
Summary
Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EFF12A0-B105-4225-B818-F858C75047B0",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "33FA164B-E269-4140-AC85-2623356AF636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B34F3397-62D2-4D9C-A3DA-1BEE4A2A69FC",
"versionEndIncluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CB277F-7ECB-4F44-8BB5-A3D350486EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "616535F1-F609-408B-AE48-61ACF48748A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F322FCB-32F4-4C5A-A7F5-F7EF41188C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "69822DB4-DC79-4F88-A470-5AC512C77377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "996DE8BD-DD51-41EF-9882-C2BD2CC5FE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "945C8B46-4CDA-4143-889C-30E30E93DB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33F9015-7058-419A-8762-CB2AE4ACF1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E6271FCC-CCF6-4D31-801A-B4B0DC4639DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DF7A6B2B-D573-4285-B3B4-136F2BE7E710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "111D0F4D-2B67-46E8-BF8D-5D30EFE561EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long parameter."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el control ActiveX RegReader en Siemens WinCC antes de v7,2, tal como se utiliza en SIMATIC PCS v7 antes de v8,0 SP1 y otros productos, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un par\u00e1metro largo."
}
],
"id": "CVE-2013-0674",
"lastModified": "2024-11-21T01:47:59.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-21T15:55:01.533",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-08 18:55
Modified
2024-11-21 01:39
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors involving special characters in parameters.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "111D0F4D-2B67-46E8-BF8D-5D30EFE561EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp3:update_1:*:*:*:*:*",
"matchCriteriaId": "BA8B4A08-C07D-46C6-BD30-477F54A02C98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors involving special characters in parameters."
},
{
"lang": "es",
"value": "Multiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Siemens WinCC v7.0 SP3 anteriores a Update 2, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores que implicar caracteres especiales en par\u00e1metros."
}
],
"id": "CVE-2012-2595",
"lastModified": "2024-11-21T01:39:17.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-06-08T18:55:02.173",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-08 18:55
Modified
2024-11-21 01:39
Severity ?
Summary
The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML injection" attack.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "111D0F4D-2B67-46E8-BF8D-5D30EFE561EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp3:update_1:*:*:*:*:*",
"matchCriteriaId": "BA8B4A08-C07D-46C6-BD30-477F54A02C98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an \"XML injection\" attack."
},
{
"lang": "es",
"value": "La funcionalidad XPAth en aplicaciones web no especificados en Siemens WinCC v7.0 SP3 anteriores a Update 2 no gestiona de forma adecuada los caracteres especiales en par\u00e1metros, lo que permite a usuarios remotos autenticados, leer y modificar par\u00e1metros mediante una URL modificada, relacionado con un ataque \"XML Injection\"."
}
],
"id": "CVE-2012-2596",
"lastModified": "2024-11-21T01:39:17.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-08T18:55:02.220",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-06-14 19:55
Modified
2024-11-21 01:54
Severity ?
Summary
The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0165209F-7378-4C05-9373-ECA6EA57697D",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B894F4-9635-4436-BC0A-E43280426017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74484B5D-121B-4838-9072-019532E78A03",
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33F9015-7058-419A-8762-CB2AE4ACF1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E6271FCC-CCF6-4D31-801A-B4B0DC4639DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DF7A6B2B-D573-4285-B3B4-136F2BE7E710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "111D0F4D-2B67-46E8-BF8D-5D30EFE561EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B16BB99-49E0-443E-BEE0-C7694D2C54E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A4115260-50FC-40C9-81CF-4D9F97394627",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de inicio de sesi\u00f3n en Web Navigator en Siemens WinCC anterior 7.2 Update 1, utilizado en SIMATIC PCS7 8.0 SP1 y anteriores y otros productos, tienen una cuenta embebida en el c\u00f3digo (hardcoded), lo que facilita a atacantes remotos obtener acceso a trav\u00e9s de una petici\u00f3n no especificada."
}
],
"id": "CVE-2013-3958",
"lastModified": "2024-11-21T01:54:37.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-14T19:55:01.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-18 14:55
Modified
2024-11-21 01:40
Severity ?
Summary
WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote attackers to read a (1) log file or (2) configuration file via a direct request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B894F4-9635-4436-BC0A-E43280426017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "5AC094B0-B1BE-436D-A8D3-2008D0CDE070",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CB277F-7ECB-4F44-8BB5-A3D350486EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "616535F1-F609-408B-AE48-61ACF48748A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F322FCB-32F4-4C5A-A7F5-F7EF41188C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "69822DB4-DC79-4F88-A470-5AC512C77377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "996DE8BD-DD51-41EF-9882-C2BD2CC5FE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "945C8B46-4CDA-4143-889C-30E30E93DB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33F9015-7058-419A-8762-CB2AE4ACF1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E6271FCC-CCF6-4D31-801A-B4B0DC4639DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DF7A6B2B-D573-4285-B3B4-136F2BE7E710",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote attackers to read a (1) log file or (2) configuration file via a direct request."
},
{
"lang": "es",
"value": "WebNavigator en Siemens WinCC v7.0 SP3 y anteriores, como las usadas en SIMATIC PCS7 y otros productos, almacena informaci\u00f3n sensible bajo l directorio web raiz con un control de acceso no suficiente, lo que permite a atacantes remotos a leer (1) ficheros de registro o (2) ficheros de configuraci\u00f3n a trav\u00e9s de una petici\u00f3n directa."
}
],
"id": "CVE-2012-3030",
"lastModified": "2024-11-21T01:40:08.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-18T14:55:01.443",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://en.securitylab.ru/lab/PT-2012-43"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://en.securitylab.ru/lab/PT-2012-43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-08 16:59
Modified
2024-11-21 02:28
Severity ?
Summary
Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | wincc | 7.0 | |
| siemens | wincc | 7.1 | |
| siemens | wincc | 7.2 | |
| siemens | wincc | 7.3 | |
| siemens | wincc | * | |
| siemens | wincc | * | |
| siemens | simatic_hmi_basic_panels_generation_1 | * | |
| siemens | simatic_hmi_basic_panels_generation_2 | * | |
| siemens | simatic_hmi_comfort_panels | * | |
| siemens | simatic_hmi_mobile_panel_277 | * | |
| siemens | simatic_hmi_multi_panels | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33F9015-7058-419A-8762-CB2AE4ACF1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B16BB99-49E0-443E-BEE0-C7694D2C54E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3788F5-FBE9-4BA8-910B-B3B216C544E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B22136E0-9DEE-4F5A-BD5C-D0AE9E30A086",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76613CE7-E3DB-4E11-8F87-5DB5A67CB6E3",
"versionEndIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:*:sp1:*:*:advanced:*:*:*",
"matchCriteriaId": "6C5C15E0-ADB8-4DAE-8D7C-B606FC544CE5",
"versionEndIncluding": "13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_hmi_basic_panels_generation_1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF50B5E3-9457-4BE2-A83B-A5936B1C453C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:simatic_hmi_basic_panels_generation_2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADB8F11-4C36-41BA-BBF5-0F1F60F6FC4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:simatic_hmi_comfort_panels:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30B2BFDE-5FB0-481F-98ED-8C30FBC8F565",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:simatic_hmi_mobile_panel_277:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4698AC-4347-4047-B976-9F3F822E7B7B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:siemens:simatic_hmi_multi_panels:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD775BB6-1801-4CD9-9F18-250287BA006E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password."
},
{
"lang": "es",
"value": "Siemens SIMATIC HMI Basic Panels 2nd Generation anterior a WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels anterior a WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced anterior a WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional anterior a WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), y SIMATIC WinCC 7.x anterior a 7.3 Upd4 permiten a atacantes remotos completar la autenticaci\u00f3n mediante el aprovechamiento de conocimiento de un hash de contrase\u00f1as sin conocer la contrase\u00f1a asociada."
}
],
"id": "CVE-2015-2823",
"lastModified": "2024-11-21T02:28:09.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-08T16:59:01.270",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/74040"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-08 18:55
Modified
2024-11-21 01:40
Severity ?
Summary
Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "111D0F4D-2B67-46E8-BF8D-5D30EFE561EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp3:update_1:*:*:*:*:*",
"matchCriteriaId": "BA8B4A08-C07D-46C6-BD30-477F54A02C98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en un aplicaci\u00f3n Web no especificada en Siemens WinCC v7.0 SP3 anterior a Update 2 permite a atacantes remotos redireccionar usuarios a otras webs y conducir ataques de phising a trav\u00e9s de una URL en una petici\u00f3n GET"
}
],
"id": "CVE-2012-3003",
"lastModified": "2024-11-21T01:40:06.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-06-08T18:55:02.347",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-24 14:55
Modified
2024-11-21 02:10
Severity ?
Summary
The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | simatic_pcs7 | * | |
| siemens | simatic_pcs7 | 7.1 | |
| siemens | simatic_pcs7 | 8.0 | |
| siemens | wincc | * | |
| siemens | wincc | 5.0 | |
| siemens | wincc | 5.0 | |
| siemens | wincc | 6.0 | |
| siemens | wincc | 6.0 | |
| siemens | wincc | 6.0 | |
| siemens | wincc | 6.0 | |
| siemens | wincc | 7.0 | |
| siemens | wincc | 7.0 | |
| siemens | wincc | 7.0 | |
| siemens | wincc | 7.0 | |
| siemens | wincc | 7.1 | |
| siemens | wincc | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0165209F-7378-4C05-9373-ECA6EA57697D",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "33FA164B-E269-4140-AC85-2623356AF636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B894F4-9635-4436-BC0A-E43280426017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74484B5D-121B-4838-9072-019532E78A03",
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CB277F-7ECB-4F44-8BB5-A3D350486EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "616535F1-F609-408B-AE48-61ACF48748A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F322FCB-32F4-4C5A-A7F5-F7EF41188C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "69822DB4-DC79-4F88-A470-5AC512C77377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "996DE8BD-DD51-41EF-9882-C2BD2CC5FE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "945C8B46-4CDA-4143-889C-30E30E93DB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33F9015-7058-419A-8762-CB2AE4ACF1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E6271FCC-CCF6-4D31-801A-B4B0DC4639DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DF7A6B2B-D573-4285-B3B4-136F2BE7E710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "111D0F4D-2B67-46E8-BF8D-5D30EFE561EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B16BB99-49E0-443E-BEE0-C7694D2C54E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A4115260-50FC-40C9-81CF-4D9F97394627",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request."
},
{
"lang": "es",
"value": "El servidor WebNavigator en Siemens SIMATIC WinCC anterior a 7.3, utilizado en PCS7 y otros productos, permite a usuarios remotos autenticados ganar privilegios a trav\u00e9s de una solicitud (1) HTTP o (2) HTTPS."
}
],
"id": "CVE-2014-4683",
"lastModified": "2024-11-21T02:10:41.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-24T14:55:08.050",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-24 14:55
Modified
2024-11-21 02:10
Severity ?
Summary
The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | simatic_pcs7 | * | |
| siemens | simatic_pcs7 | 7.1 | |
| siemens | simatic_pcs7 | 8.0 | |
| siemens | wincc | * | |
| siemens | wincc | 5.0 | |
| siemens | wincc | 5.0 | |
| siemens | wincc | 6.0 | |
| siemens | wincc | 6.0 | |
| siemens | wincc | 6.0 | |
| siemens | wincc | 6.0 | |
| siemens | wincc | 7.0 | |
| siemens | wincc | 7.0 | |
| siemens | wincc | 7.0 | |
| siemens | wincc | 7.0 | |
| siemens | wincc | 7.1 | |
| siemens | wincc | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0165209F-7378-4C05-9373-ECA6EA57697D",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "33FA164B-E269-4140-AC85-2623356AF636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B894F4-9635-4436-BC0A-E43280426017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74484B5D-121B-4838-9072-019532E78A03",
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CB277F-7ECB-4F44-8BB5-A3D350486EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "616535F1-F609-408B-AE48-61ACF48748A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F322FCB-32F4-4C5A-A7F5-F7EF41188C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "69822DB4-DC79-4F88-A470-5AC512C77377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "996DE8BD-DD51-41EF-9882-C2BD2CC5FE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "945C8B46-4CDA-4143-889C-30E30E93DB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33F9015-7058-419A-8762-CB2AE4ACF1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E6271FCC-CCF6-4D31-801A-B4B0DC4639DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DF7A6B2B-D573-4285-B3B4-136F2BE7E710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "111D0F4D-2B67-46E8-BF8D-5D30EFE561EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B16BB99-49E0-443E-BEE0-C7694D2C54E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A4115260-50FC-40C9-81CF-4D9F97394627",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request."
},
{
"lang": "es",
"value": "El servidor WebNavigator en Siemens SIMATIC WinCC anterior a 7.3, utilizado en PCS7 y otros productos, permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una solicitud HTTP."
}
],
"id": "CVE-2014-4682",
"lastModified": "2024-11-21T02:10:41.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-24T14:55:08.020",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-21 15:55
Modified
2024-11-21 01:47
Severity ?
Summary
Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EFF12A0-B105-4225-B818-F858C75047B0",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "33FA164B-E269-4140-AC85-2623356AF636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B34F3397-62D2-4D9C-A3DA-1BEE4A2A69FC",
"versionEndIncluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CB277F-7ECB-4F44-8BB5-A3D350486EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "616535F1-F609-408B-AE48-61ACF48748A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F322FCB-32F4-4C5A-A7F5-F7EF41188C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "69822DB4-DC79-4F88-A470-5AC512C77377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "996DE8BD-DD51-41EF-9882-C2BD2CC5FE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "945C8B46-4CDA-4143-889C-30E30E93DB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33F9015-7058-419A-8762-CB2AE4ACF1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E6271FCC-CCF6-4D31-801A-B4B0DC4639DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DF7A6B2B-D573-4285-B3B4-136F2BE7E710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "111D0F4D-2B67-46E8-BF8D-5D30EFE561EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el servidor web en Siemens WinCC anterior a v7.2, como se usa en SIMATIC PCS7 anterior a v8.0 SP1 y otros productos, permite a usuarios remotamente autenticados leer ficheros a trav\u00e9s de vectores que implican una consulta al pathname."
}
],
"id": "CVE-2013-0679",
"lastModified": "2024-11-21T01:47:59.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-21T15:55:01.613",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-03 20:55
Modified
2024-11-21 01:32
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4511.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | wincc_flexible | 2004 | |
| siemens | wincc_flexible | 2005 | |
| siemens | wincc_flexible | 2007 | |
| siemens | wincc_flexible | 2008 | |
| siemens | wincc_flexible | 2008 | |
| siemens | wincc_flexible | 2008 | |
| siemens | wincc | * | |
| siemens | wincc | v11 | |
| siemens | wincc | v11 | |
| siemens | simatic_hmi_panels | comfort_panels | |
| siemens | simatic_hmi_panels | mobile_panels | |
| siemens | simatic_hmi_panels | mp | |
| siemens | simatic_hmi_panels | op | |
| siemens | simatic_hmi_panels | tp | |
| siemens | wincc_runtime_advanced | v11 | |
| siemens | wincc_flexible_runtime | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "7D596C29-36F8-44F2-897D-FD107769E5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "2D84E29A-4BC2-4229-83C3-D9F7A641D19C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3ADDE1-1F91-43E7-A3C3-3069916F4B23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "1432EC7A-47B2-41D1-B90B-72DBB79AC266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1A4B1323-9AF3-424F-925A-A62F35E575E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E454C72B-7804-402B-9C6A-687BF2C45D39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9FE44373-06BD-4AA0-8778-06F2A150510C",
"versionEndIncluding": "v11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"matchCriteriaId": "18A9883B-80E1-4B2E-88DA-D2326AE3DC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:v11:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F53FDA20-FE97-4BA3-9165-F0BD7A25FA5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"matchCriteriaId": "DC593746-B329-43EA-8CA1-AA56AC5A3B10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF877E8-A0D1-4444-99F2-8A3E8ED4D31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"matchCriteriaId": "442AC914-BDD5-4D0C-9E04-88F60EE2B730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"matchCriteriaId": "D9749966-1666-4F7D-90D0-17AFBB88AE83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"matchCriteriaId": "9471D239-08B1-4076-82F7-2B73F4E343CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE3AE80-C7A2-4581-993A-536936F6D315",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F785262-BBFB-4A0C-A7DC-97F5D6B94BB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4511."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en el servidor web HMI en Siemens WinCC flexible v2004, v2005, v2007 y v2008 antes de SP3, WinCC V11 (tambi\u00e9n conocido como TIA Portal) antes de SP2 Update 1, el TP, OP, MP, Comfort Panels, y los paneles de Mobile Panels SIMATIC HMI, WinCC V11 Runtime Advanced, y WinCC flexible Runtime, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados. Se trata de una vulnerabilidad diferente a CVE-2011-4511."
}
],
"id": "CVE-2011-4510",
"lastModified": "2024-11-21T01:32:27.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-03T20:55:01.343",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-24 14:55
Modified
2024-11-21 02:10
Severity ?
Summary
The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | simatic_pcs7 | * | |
| siemens | simatic_pcs7 | 7.1 | |
| siemens | simatic_pcs7 | 8.0 | |
| siemens | wincc | * | |
| siemens | wincc | 5.0 | |
| siemens | wincc | 5.0 | |
| siemens | wincc | 6.0 | |
| siemens | wincc | 6.0 | |
| siemens | wincc | 6.0 | |
| siemens | wincc | 6.0 | |
| siemens | wincc | 7.0 | |
| siemens | wincc | 7.0 | |
| siemens | wincc | 7.0 | |
| siemens | wincc | 7.0 | |
| siemens | wincc | 7.1 | |
| siemens | wincc | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0165209F-7378-4C05-9373-ECA6EA57697D",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "33FA164B-E269-4140-AC85-2623356AF636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B894F4-9635-4436-BC0A-E43280426017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74484B5D-121B-4838-9072-019532E78A03",
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CB277F-7ECB-4F44-8BB5-A3D350486EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "616535F1-F609-408B-AE48-61ACF48748A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F322FCB-32F4-4C5A-A7F5-F7EF41188C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "69822DB4-DC79-4F88-A470-5AC512C77377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "996DE8BD-DD51-41EF-9882-C2BD2CC5FE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "945C8B46-4CDA-4143-889C-30E30E93DB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33F9015-7058-419A-8762-CB2AE4ACF1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E6271FCC-CCF6-4D31-801A-B4B0DC4639DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DF7A6B2B-D573-4285-B3B4-136F2BE7E710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "111D0F4D-2B67-46E8-BF8D-5D30EFE561EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B16BB99-49E0-443E-BEE0-C7694D2C54E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A4115260-50FC-40C9-81CF-4D9F97394627",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433."
},
{
"lang": "es",
"value": "El servidor de la base de datos en Siemens SIMATIC WinCC anterior a 7.3, utilizado en PCS7 y otros productos, permite a usuarios remotos autenticados ganar privilegios a trav\u00e9s de una solicitud en el puerto TCP 1433."
}
],
"id": "CVE-2014-4684",
"lastModified": "2024-11-21T02:10:41.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-24T14:55:08.097",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-18 02:59
Modified
2024-11-21 02:25
Severity ?
Summary
The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70794E93-2FF5-4585-BC14-D2BB1357F361",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack."
},
{
"lang": "es",
"value": "El m\u00f3dulo de administraci\u00f3n remota en la funcionalidad (1) Multi Panels (2) Comfort Panels y (3) RT Advanced en Siemens SIMATIC WinCC (TIA Portal) en versiones anteriores a 13 SP1 y en la funcionalidad (4) panels y (5) runtime en SIMATIC WinCC flexible en versiones anteriores a 2008 SP3 Up7 no cifra correctamente las credenciales en tr\u00e1nsito, lo que hace que sea m\u00e1s f\u00e1cil a atacantes remotos determinar las credenciales en texto plano rastreando la red y llevando a cabo un ataque de descifrado."
}
],
"id": "CVE-2015-1358",
"lastModified": "2024-11-21T02:25:14.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-18T02:59:07.813",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/72625"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036090"
},
{
"source": "cve@mitre.org",
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-526760.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-543623.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-161-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/72625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-526760.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-543623.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-161-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-03 20:55
Modified
2024-11-21 01:32
Severity ?
Summary
The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | wincc_flexible | 2004 | |
| siemens | wincc_flexible | 2005 | |
| siemens | wincc_flexible | 2007 | |
| siemens | wincc_flexible | 2008 | |
| siemens | wincc | v11 | |
| siemens | simatic_hmi_panels | comfort_panels | |
| siemens | simatic_hmi_panels | mobile_panels | |
| siemens | simatic_hmi_panels | mp | |
| siemens | simatic_hmi_panels | op | |
| siemens | simatic_hmi_panels | tp | |
| siemens | wincc_runtime_advanced | v11 | |
| siemens | wincc_flexible_runtime | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "7D596C29-36F8-44F2-897D-FD107769E5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "2D84E29A-4BC2-4229-83C3-D9F7A641D19C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3ADDE1-1F91-43E7-A3C3-3069916F4B23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "1432EC7A-47B2-41D1-B90B-72DBB79AC266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"matchCriteriaId": "18A9883B-80E1-4B2E-88DA-D2326AE3DC08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"matchCriteriaId": "DC593746-B329-43EA-8CA1-AA56AC5A3B10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF877E8-A0D1-4444-99F2-8A3E8ED4D31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"matchCriteriaId": "442AC914-BDD5-4D0C-9E04-88F60EE2B730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"matchCriteriaId": "D9749966-1666-4F7D-90D0-17AFBB88AE83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"matchCriteriaId": "9471D239-08B1-4076-82F7-2B73F4E343CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE3AE80-C7A2-4581-993A-536936F6D315",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F785262-BBFB-4A0C-A7DC-97F5D6B94BB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session."
},
{
"lang": "es",
"value": "El demonio TELNET de Siemens WinCC flexible 2004, 2005, 2007 y 2008; WinCC V11 (TIA portal); TP, OP, MP, Comfort Panels y Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; y WinCC flexible Runtime no realiza autenticaci\u00f3n, lo que facilita a atacantes remotos obtener acceso obtener acceso a trav\u00e9s de una sesi\u00f3n TCP."
}
],
"id": "CVE-2011-4514",
"lastModified": "2024-11-21T01:32:27.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-03T20:55:01.577",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-18 14:55
Modified
2024-11-21 01:40
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B894F4-9635-4436-BC0A-E43280426017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "5AC094B0-B1BE-436D-A8D3-2008D0CDE070",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CB277F-7ECB-4F44-8BB5-A3D350486EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "616535F1-F609-408B-AE48-61ACF48748A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F322FCB-32F4-4C5A-A7F5-F7EF41188C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "69822DB4-DC79-4F88-A470-5AC512C77377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "996DE8BD-DD51-41EF-9882-C2BD2CC5FE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "945C8B46-4CDA-4143-889C-30E30E93DB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33F9015-7058-419A-8762-CB2AE4ACF1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E6271FCC-CCF6-4D31-801A-B4B0DC4639DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DF7A6B2B-D573-4285-B3B4-136F2BE7E710",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service."
},
{
"lang": "es",
"value": "Una vulnerabilidad de falsificaci\u00f3n de peticiones en sitios cruzados (CSRF) en WebNavigator en Siemens WinCC v7.0 SP3 y versiones anteriores, tal como se utiliza en SIMATIC PCS v7 y otros productos, permite a atacantes remotos provocar una denegaci\u00f3n de servicio o secuestrar la autenticaci\u00f3n de usuarios de su elecci\u00f3n para las peticiones que modifican datos."
}
],
"id": "CVE-2012-3028",
"lastModified": "2024-11-21T01:40:08.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-18T14:55:01.397",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://en.securitylab.ru/lab/PT-2012-42"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://en.securitylab.ru/lab/PT-2012-42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-01 13:32
Modified
2024-11-21 01:56
Severity ?
Summary
Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D8575F81-50D2-4879-AA97-232257913BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:11.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "8730C7C7-D7C7-4094-99AB-6FD06D7AAB90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:11.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "F9B98FB4-A080-41DC-8B1C-DA703C8975E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30A9D051-1796-4736-97F7-3F07917E9873",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n en Siemens WinCC (TIA Portal) 11 y 12 anterior a 12 SP1, permite a atacantes remotos redireccionar a usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing aprovechando una configuraci\u00f3n inapropiada del panel SIMANTIC HMI del producto WinCC."
}
],
"id": "CVE-2013-4912",
"lastModified": "2024-11-21T01:56:40.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-01T13:32:26.127",
"references": [
{
"source": "cve@mitre.org",
"url": "http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/54051"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/54252"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/61535"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86100"
},
{
"source": "cve@mitre.org",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/54051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/54252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-03 20:55
Modified
2024-11-21 01:33
Severity ?
Summary
Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | wincc_flexible | 2004 | |
| siemens | wincc_flexible | 2005 | |
| siemens | wincc_flexible | 2007 | |
| siemens | wincc_flexible | 2008 | |
| siemens | wincc | v11 | |
| siemens | simatic_hmi_panels | comfort_panels | |
| siemens | simatic_hmi_panels | mobile_panels | |
| siemens | simatic_hmi_panels | mp | |
| siemens | simatic_hmi_panels | op | |
| siemens | simatic_hmi_panels | tp | |
| siemens | wincc_runtime_advanced | v11 | |
| siemens | wincc_flexible_runtime | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "7D596C29-36F8-44F2-897D-FD107769E5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "2D84E29A-4BC2-4229-83C3-D9F7A641D19C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3ADDE1-1F91-43E7-A3C3-3069916F4B23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "1432EC7A-47B2-41D1-B90B-72DBB79AC266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"matchCriteriaId": "18A9883B-80E1-4B2E-88DA-D2326AE3DC08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"matchCriteriaId": "DC593746-B329-43EA-8CA1-AA56AC5A3B10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF877E8-A0D1-4444-99F2-8A3E8ED4D31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"matchCriteriaId": "442AC914-BDD5-4D0C-9E04-88F60EE2B730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"matchCriteriaId": "D9749966-1666-4F7D-90D0-17AFBB88AE83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"matchCriteriaId": "9471D239-08B1-4076-82F7-2B73F4E343CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE3AE80-C7A2-4581-993A-536936F6D315",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F785262-BBFB-4A0C-A7DC-97F5D6B94BB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings."
},
{
"lang": "es",
"value": "Desbordamiento de buffer de pila en HmiLoad del cargador de tiempo de ejecuci\u00f3n de Siemens WinCC flexible 2004, 2005, 2007, y 2008; WinCC V11 (TIA portal); TP, OP, MP, Comfort Panels y Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; y WinCC flexible Runtime, cuando el modo de transferencia (\"Transfer Mode\") est\u00e1 habilitado, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores relacionados con cadenas de texto Unicode."
}
],
"id": "CVE-2011-4875",
"lastModified": "2024-11-21T01:33:10.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-03T20:55:01.907",
"references": [
{
"source": "cret@cert.org",
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"source": "cret@cert.org",
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"source": "cret@cert.org",
"url": "http://www.osvdb.org/77380"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"source": "cret@cert.org",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"source": "cret@cert.org",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/77380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71449"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-13 09:15
Modified
2024-11-21 08:01
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). Affected applications fail to set proper access rights for their installation folder if a non-default installation path was chosen during installation.
This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-914026.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-914026.pdf | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AEA3E3F-6C11-4707-83CC-9A198564B222",
"versionEndExcluding": "7.5.2.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC WinCC (All versions \u003c V7.5.2.13). Affected applications fail to set proper access rights for their installation folder if a non-default installation path was chosen during installation.\r\n\r\nThis could allow an authenticated local attacker to inject arbitrary code and escalate privileges."
}
],
"id": "CVE-2023-30897",
"lastModified": "2024-11-21T08:01:01.513",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-13T09:15:17.703",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-914026.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-914026.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-03 20:55
Modified
2024-11-21 01:32
Severity ?
Summary
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | wincc_flexible | 2004 | |
| siemens | wincc_flexible | 2005 | |
| siemens | wincc_flexible | 2007 | |
| siemens | wincc_flexible | 2008 | |
| siemens | wincc | v11 | |
| siemens | simatic_hmi_panels | comfort_panels | |
| siemens | simatic_hmi_panels | mobile_panels | |
| siemens | simatic_hmi_panels | mp | |
| siemens | simatic_hmi_panels | op | |
| siemens | simatic_hmi_panels | tp | |
| siemens | wincc_runtime_advanced | v11 | |
| siemens | wincc_flexible_runtime | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "7D596C29-36F8-44F2-897D-FD107769E5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "2D84E29A-4BC2-4229-83C3-D9F7A641D19C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3ADDE1-1F91-43E7-A3C3-3069916F4B23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "1432EC7A-47B2-41D1-B90B-72DBB79AC266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"matchCriteriaId": "18A9883B-80E1-4B2E-88DA-D2326AE3DC08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"matchCriteriaId": "DC593746-B329-43EA-8CA1-AA56AC5A3B10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF877E8-A0D1-4444-99F2-8A3E8ED4D31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"matchCriteriaId": "442AC914-BDD5-4D0C-9E04-88F60EE2B730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"matchCriteriaId": "D9749966-1666-4F7D-90D0-17AFBB88AE83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"matchCriteriaId": "9471D239-08B1-4076-82F7-2B73F4E343CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE3AE80-C7A2-4581-993A-536936F6D315",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F785262-BBFB-4A0C-A7DC-97F5D6B94BB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests."
},
{
"lang": "es",
"value": "El servidor web HMI en Siemens WinCC flexible v2004, v2005, v2007 y v2008; WinCC V11 (tambi\u00e9n conocido como TIA Portal), el TP, OP, MP, Comfort Panels, y los paneles de Mobile Panels SIMATIC HMI, WinCC V11 Runtime Advanced, y WinCC Runtime, tiene una contrase\u00f1a por defecto mal seleccionado para la cuenta de administrador, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos obtener acceso usando fuerza bruta mediante el uso de gran cantidad de peticiones HTTP."
}
],
"id": "CVE-2011-4509",
"lastModified": "2024-11-21T01:32:26.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-03T20:55:01.297",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-03 20:55
Modified
2024-11-21 01:32
Severity ?
Summary
CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | wincc_flexible | 2004 | |
| siemens | wincc_flexible | 2005 | |
| siemens | wincc_flexible | 2007 | |
| siemens | wincc_flexible | 2008 | |
| siemens | wincc_flexible | 2008 | |
| siemens | wincc_flexible | 2008 | |
| siemens | wincc | * | |
| siemens | wincc | v11 | |
| siemens | wincc | v11 | |
| siemens | simatic_hmi_panels | comfort_panels | |
| siemens | simatic_hmi_panels | mobile_panels | |
| siemens | simatic_hmi_panels | mp | |
| siemens | simatic_hmi_panels | op | |
| siemens | simatic_hmi_panels | tp | |
| siemens | wincc_runtime_advanced | v11 | |
| siemens | wincc_flexible_runtime | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "7D596C29-36F8-44F2-897D-FD107769E5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "2D84E29A-4BC2-4229-83C3-D9F7A641D19C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3ADDE1-1F91-43E7-A3C3-3069916F4B23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "1432EC7A-47B2-41D1-B90B-72DBB79AC266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1A4B1323-9AF3-424F-925A-A62F35E575E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E454C72B-7804-402B-9C6A-687BF2C45D39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9FE44373-06BD-4AA0-8778-06F2A150510C",
"versionEndIncluding": "v11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"matchCriteriaId": "18A9883B-80E1-4B2E-88DA-D2326AE3DC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:v11:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F53FDA20-FE97-4BA3-9165-F0BD7A25FA5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"matchCriteriaId": "DC593746-B329-43EA-8CA1-AA56AC5A3B10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF877E8-A0D1-4444-99F2-8A3E8ED4D31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"matchCriteriaId": "442AC914-BDD5-4D0C-9E04-88F60EE2B730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"matchCriteriaId": "D9749966-1666-4F7D-90D0-17AFBB88AE83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"matchCriteriaId": "9471D239-08B1-4076-82F7-2B73F4E343CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE3AE80-C7A2-4581-993A-536936F6D315",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F785262-BBFB-4A0C-A7DC-97F5D6B94BB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CRLF en el servidor web HMI de Siemens WinCC flexible 2004, 2005, 2007 y 2008 anteriores a SP3; WinCC V11 (TIA portal) anteriores a SP2 Update 1; TP, OP, MP, Comfort Panels y Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; y WinCC flexible Runtime permite a atacantes remotos inyectar cabeceras HTTP arbitrarios y realizar ataques de divisi\u00f3n de respuesta HTTP a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2011-4512",
"lastModified": "2024-11-21T01:32:27.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-03T20:55:01.453",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-03 20:55
Modified
2024-11-21 01:33
Severity ?
Summary
HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to cause a denial of service (application crash) by sending crafted data over TCP.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | wincc_flexible | 2004 | |
| siemens | wincc_flexible | 2005 | |
| siemens | wincc_flexible | 2007 | |
| siemens | wincc_flexible | 2008 | |
| siemens | wincc | v11 | |
| siemens | simatic_hmi_panels | comfort_panels | |
| siemens | simatic_hmi_panels | mobile_panels | |
| siemens | simatic_hmi_panels | mp | |
| siemens | simatic_hmi_panels | op | |
| siemens | simatic_hmi_panels | tp | |
| siemens | wincc_runtime_advanced | v11 | |
| siemens | wincc_flexible_runtime | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "7D596C29-36F8-44F2-897D-FD107769E5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "2D84E29A-4BC2-4229-83C3-D9F7A641D19C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3ADDE1-1F91-43E7-A3C3-3069916F4B23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "1432EC7A-47B2-41D1-B90B-72DBB79AC266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"matchCriteriaId": "18A9883B-80E1-4B2E-88DA-D2326AE3DC08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"matchCriteriaId": "DC593746-B329-43EA-8CA1-AA56AC5A3B10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF877E8-A0D1-4444-99F2-8A3E8ED4D31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"matchCriteriaId": "442AC914-BDD5-4D0C-9E04-88F60EE2B730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"matchCriteriaId": "D9749966-1666-4F7D-90D0-17AFBB88AE83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"matchCriteriaId": "9471D239-08B1-4076-82F7-2B73F4E343CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE3AE80-C7A2-4581-993A-536936F6D315",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F785262-BBFB-4A0C-A7DC-97F5D6B94BB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to cause a denial of service (application crash) by sending crafted data over TCP."
},
{
"lang": "es",
"value": "HmiLoad del cargador en tiempo de ejecuci\u00f3n (\"runtime loader\") de Siemens WinCC flexible 2004, 2005, 2007 y 2008; WinCC V11 (TIA portal); the TP, OP, MP, Comfort Panels y Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced y WinCC flexible Runtime, cuando el modo de transferencia (\"Transfer Mode\") est\u00e1 habilitado, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) enviando datos modificados sobre TCP."
}
],
"id": "CVE-2011-4877",
"lastModified": "2024-11-21T01:33:11.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-03T20:55:01.983",
"references": [
{
"source": "cret@cert.org",
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"source": "cret@cert.org",
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"source": "cret@cert.org",
"url": "http://www.osvdb.org/77382"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"source": "cret@cert.org",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"source": "cret@cert.org",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/77382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71451"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-03 20:55
Modified
2024-11-21 01:33
Severity ?
Summary
Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | wincc_flexible | 2004 | |
| siemens | wincc_flexible | 2005 | |
| siemens | wincc_flexible | 2007 | |
| siemens | wincc_flexible | 2008 | |
| siemens | wincc_flexible | 2008 | |
| siemens | wincc_flexible | 2008 | |
| siemens | wincc | * | |
| siemens | wincc | v11 | |
| siemens | wincc | v11 | |
| siemens | simatic_hmi_panels | comfort_panels | |
| siemens | simatic_hmi_panels | mobile_panels | |
| siemens | simatic_hmi_panels | mp | |
| siemens | simatic_hmi_panels | op | |
| siemens | simatic_hmi_panels | tp | |
| siemens | wincc_runtime_advanced | v11 | |
| siemens | wincc_flexible_runtime | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "7D596C29-36F8-44F2-897D-FD107769E5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "2D84E29A-4BC2-4229-83C3-D9F7A641D19C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3ADDE1-1F91-43E7-A3C3-3069916F4B23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "1432EC7A-47B2-41D1-B90B-72DBB79AC266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1A4B1323-9AF3-424F-925A-A62F35E575E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E454C72B-7804-402B-9C6A-687BF2C45D39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9FE44373-06BD-4AA0-8778-06F2A150510C",
"versionEndIncluding": "v11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"matchCriteriaId": "18A9883B-80E1-4B2E-88DA-D2326AE3DC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:v11:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F53FDA20-FE97-4BA3-9165-F0BD7A25FA5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"matchCriteriaId": "DC593746-B329-43EA-8CA1-AA56AC5A3B10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF877E8-A0D1-4444-99F2-8A3E8ED4D31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"matchCriteriaId": "442AC914-BDD5-4D0C-9E04-88F60EE2B730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"matchCriteriaId": "D9749966-1666-4F7D-90D0-17AFBB88AE83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"matchCriteriaId": "9471D239-08B1-4076-82F7-2B73F4E343CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE3AE80-C7A2-4581-993A-536936F6D315",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F785262-BBFB-4A0C-A7DC-97F5D6B94BB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en miniweb.exe de servidor web HMI de Siemens WinCC flexible 2004, 2005, 2007, y 2008 anteriores a SP3; WinCC V11 (TIA portal) anteriores a SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de los caracteres ..%5c (punto punto barra invertida) en una URI."
}
],
"id": "CVE-2011-4878",
"lastModified": "2024-11-21T01:33:11.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-03T20:55:02.030",
"references": [
{
"source": "cret@cert.org",
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"source": "cret@cert.org",
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"source": "cret@cert.org",
"url": "http://www.osvdb.org/77383"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"source": "cret@cert.org",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"source": "cret@cert.org",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/77383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71452"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-24 14:55
Modified
2024-11-21 02:10
Severity ?
Summary
Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | simatic_pcs7 | * | |
| siemens | simatic_pcs7 | 7.1 | |
| siemens | simatic_pcs7 | 8.0 | |
| siemens | wincc | * | |
| siemens | wincc | 5.0 | |
| siemens | wincc | 5.0 | |
| siemens | wincc | 6.0 | |
| siemens | wincc | 6.0 | |
| siemens | wincc | 6.0 | |
| siemens | wincc | 6.0 | |
| siemens | wincc | 7.0 | |
| siemens | wincc | 7.0 | |
| siemens | wincc | 7.0 | |
| siemens | wincc | 7.0 | |
| siemens | wincc | 7.1 | |
| siemens | wincc | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0165209F-7378-4C05-9373-ECA6EA57697D",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "33FA164B-E269-4140-AC85-2623356AF636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B894F4-9635-4436-BC0A-E43280426017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74484B5D-121B-4838-9072-019532E78A03",
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CB277F-7ECB-4F44-8BB5-A3D350486EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "616535F1-F609-408B-AE48-61ACF48748A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F322FCB-32F4-4C5A-A7F5-F7EF41188C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "69822DB4-DC79-4F88-A470-5AC512C77377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "996DE8BD-DD51-41EF-9882-C2BD2CC5FE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "945C8B46-4CDA-4143-889C-30E30E93DB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33F9015-7058-419A-8762-CB2AE4ACF1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E6271FCC-CCF6-4D31-801A-B4B0DC4639DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DF7A6B2B-D573-4285-B3B4-136F2BE7E710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "111D0F4D-2B67-46E8-BF8D-5D30EFE561EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B16BB99-49E0-443E-BEE0-C7694D2C54E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A4115260-50FC-40C9-81CF-4D9F97394627",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control."
},
{
"lang": "es",
"value": "Siemens SIMATIC WinCC anterior a 7.3, utilizado en PCS7 y otros productos, permite a usuarios locales ganar privilegios mediante el aprovechamiento de controles d\u00e9biles del acceso a objetos de sistema."
}
],
"id": "CVE-2014-4685",
"lastModified": "2024-11-21T02:10:42.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-24T14:55:08.143",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-08 16:59
Modified
2024-11-21 02:28
Severity ?
Summary
Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "76613CE7-E3DB-4E11-8F87-5DB5A67CB6E3",
"versionEndIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:*:sp1:*:*:advanced:*:*:*",
"matchCriteriaId": "6C5C15E0-ADB8-4DAE-8D7C-B606FC544CE5",
"versionEndIncluding": "13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102."
},
{
"lang": "es",
"value": "Siemens SIMATIC HMI Comfort Panels anterior a WinCC (TIA Portal) 13 SP1 Upd2 y SIMATIC WinCC Runtime Advanced anterior a WinCC (TIA Portal) 13 SP1 Upd2 permiten a atacantes man-in-the-middle causar una denegaci\u00f3n de servicio a trav\u00e9s de paquetes manipulados en el puerto TCP 102."
}
],
"id": "CVE-2015-2822",
"lastModified": "2024-11-21T02:28:09.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-08T16:59:00.067",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/74028"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-03 20:55
Modified
2024-11-21 01:33
Severity ?
Summary
Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | wincc_flexible | 2004 | |
| siemens | wincc_flexible | 2005 | |
| siemens | wincc_flexible | 2007 | |
| siemens | wincc_flexible | 2008 | |
| siemens | wincc | v11 | |
| siemens | simatic_hmi_panels | comfort_panels | |
| siemens | simatic_hmi_panels | mobile_panels | |
| siemens | simatic_hmi_panels | mp | |
| siemens | simatic_hmi_panels | op | |
| siemens | simatic_hmi_panels | tp | |
| siemens | wincc_runtime_advanced | v11 | |
| siemens | wincc_flexible_runtime | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "7D596C29-36F8-44F2-897D-FD107769E5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "2D84E29A-4BC2-4229-83C3-D9F7A641D19C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3ADDE1-1F91-43E7-A3C3-3069916F4B23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "1432EC7A-47B2-41D1-B90B-72DBB79AC266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"matchCriteriaId": "18A9883B-80E1-4B2E-88DA-D2326AE3DC08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"matchCriteriaId": "DC593746-B329-43EA-8CA1-AA56AC5A3B10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF877E8-A0D1-4444-99F2-8A3E8ED4D31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"matchCriteriaId": "442AC914-BDD5-4D0C-9E04-88F60EE2B730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"matchCriteriaId": "D9749966-1666-4F7D-90D0-17AFBB88AE83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"matchCriteriaId": "9471D239-08B1-4076-82F7-2B73F4E343CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE3AE80-C7A2-4581-993A-536936F6D315",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F785262-BBFB-4A0C-A7DC-97F5D6B94BB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en HmiLoad del cargador de tiempo de ejecuci\u00f3n (\"runtime loader\") de Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; y WinCC flexible Runtime, si el modo de transferencia (\"Transfer Mode\") est\u00e1 habilitado, permite a atacantes remotos ejecutar, leer, crear, modificar o borrar archivos arbitrarios a trav\u00e9s de los caracteres .. (punto punto) en una cadena."
}
],
"id": "CVE-2011-4876",
"lastModified": "2024-11-21T01:33:10.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-03T20:55:01.937",
"references": [
{
"source": "cret@cert.org",
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/46997"
},
{
"source": "cret@cert.org",
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"source": "cret@cert.org",
"url": "http://www.osvdb.org/77381"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"source": "cret@cert.org",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"source": "cret@cert.org",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/77381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71450"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-08 18:55
Modified
2024-11-21 01:39
Severity ?
Summary
Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "111D0F4D-2B67-46E8-BF8D-5D30EFE561EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp3:update_1:*:*:*:*:*",
"matchCriteriaId": "BA8B4A08-C07D-46C6-BD30-477F54A02C98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp3:update_2:*:*:*:*:*",
"matchCriteriaId": "02711FB5-B13E-4F7F-AD5A-47FEF0A996A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el servidor Web DiagAgent en Siemens WinCC 7.0 SP3 hasta la actualizaci\u00f3n Update 2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corte del agente) a trav\u00e9s de una entrada manipulada."
}
],
"id": "CVE-2012-2598",
"lastModified": "2024-11-21T01:39:17.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-08T18:55:02.317",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-06-14 19:55
Modified
2024-11-21 01:54
Severity ?
Summary
SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0165209F-7378-4C05-9373-ECA6EA57697D",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B894F4-9635-4436-BC0A-E43280426017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74484B5D-121B-4838-9072-019532E78A03",
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33F9015-7058-419A-8762-CB2AE4ACF1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E6271FCC-CCF6-4D31-801A-B4B0DC4639DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DF7A6B2B-D573-4285-B3B4-136F2BE7E710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "111D0F4D-2B67-46E8-BF8D-5D30EFE561EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B16BB99-49E0-443E-BEE0-C7694D2C54E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A4115260-50FC-40C9-81CF-4D9F97394627",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la pantalla de login en el Web Navigator en Siemens WinCC anterior a 7.2 Update 1, utilizado en SIMATIC PCS7 8.0 SP1 y anteriores y sobre otros productos, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-3957",
"lastModified": "2024-11-21T01:54:37.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-06-14T19:55:01.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-24 14:55
Modified
2024-11-21 02:10
Severity ?
Summary
The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during the sniffing of network traffic on TCP port 1030.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | simatic_pcs7 | * | |
| siemens | simatic_pcs7 | 7.1 | |
| siemens | simatic_pcs7 | 8.0 | |
| siemens | wincc | * | |
| siemens | wincc | 5.0 | |
| siemens | wincc | 5.0 | |
| siemens | wincc | 6.0 | |
| siemens | wincc | 6.0 | |
| siemens | wincc | 6.0 | |
| siemens | wincc | 6.0 | |
| siemens | wincc | 7.0 | |
| siemens | wincc | 7.0 | |
| siemens | wincc | 7.0 | |
| siemens | wincc | 7.0 | |
| siemens | wincc | 7.1 | |
| siemens | wincc | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0165209F-7378-4C05-9373-ECA6EA57697D",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "33FA164B-E269-4140-AC85-2623356AF636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B894F4-9635-4436-BC0A-E43280426017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74484B5D-121B-4838-9072-019532E78A03",
"versionEndIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CB277F-7ECB-4F44-8BB5-A3D350486EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "616535F1-F609-408B-AE48-61ACF48748A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F322FCB-32F4-4C5A-A7F5-F7EF41188C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "69822DB4-DC79-4F88-A470-5AC512C77377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "996DE8BD-DD51-41EF-9882-C2BD2CC5FE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "945C8B46-4CDA-4143-889C-30E30E93DB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33F9015-7058-419A-8762-CB2AE4ACF1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E6271FCC-CCF6-4D31-801A-B4B0DC4639DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DF7A6B2B-D573-4285-B3B4-136F2BE7E710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "111D0F4D-2B67-46E8-BF8D-5D30EFE561EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B16BB99-49E0-443E-BEE0-C7694D2C54E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "A4115260-50FC-40C9-81CF-4D9F97394627",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during the sniffing of network traffic on TCP port 1030."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n de administraci\u00f3n del proyecto en Siemens SIMATIC WinCC anterior a 7.3, utilizado en PCS7 y otros productos, tiene una clave de codificaci\u00f3n embebida, lo que permite a atacantes remotos obtener informaci\u00f3n sensible mediante la extracci\u00f3n de esta clave de otra instalaci\u00f3n del producto y la posterior utilizaci\u00f3n de esta clave durante la captura de trafico de la red en puerto TCP 1030."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/798.html\" target=\"_blank\"\u003eCWE-798: CWE-798: Use of Hard-coded Credentials\u003c/a\u003e",
"id": "CVE-2014-4686",
"lastModified": "2024-11-21T02:10:42.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-24T14:55:08.190",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-21 15:55
Modified
2024-11-21 01:47
Severity ?
Summary
Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a denial of service via a crafted packet.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EFF12A0-B105-4225-B818-F858C75047B0",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:7.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "33FA164B-E269-4140-AC85-2623356AF636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B34F3397-62D2-4D9C-A3DA-1BEE4A2A69FC",
"versionEndIncluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CB277F-7ECB-4F44-8BB5-A3D350486EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "616535F1-F609-408B-AE48-61ACF48748A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F322FCB-32F4-4C5A-A7F5-F7EF41188C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "69822DB4-DC79-4F88-A470-5AC512C77377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "996DE8BD-DD51-41EF-9882-C2BD2CC5FE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "945C8B46-4CDA-4143-889C-30E30E93DB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33F9015-7058-419A-8762-CB2AE4ACF1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E6271FCC-CCF6-4D31-801A-B4B0DC4639DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DF7A6B2B-D573-4285-B3B4-136F2BE7E710",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "111D0F4D-2B67-46E8-BF8D-5D30EFE561EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a denial of service via a crafted packet."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en CCEServer (tambi\u00e9n conocido como el componente central de comunicaciones) en Siemens WinCC antes de v7,2, tal como se utiliza en SIMATIC PCS v7 antes de v8,0 SP1 y otros productos, permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de un paquete dise\u00f1ado."
}
],
"id": "CVE-2013-0675",
"lastModified": "2024-11-21T01:47:59.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-21T15:55:01.553",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-03 20:55
Modified
2024-11-21 01:32
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4510.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | wincc_flexible | 2004 | |
| siemens | wincc_flexible | 2005 | |
| siemens | wincc_flexible | 2007 | |
| siemens | wincc_flexible | 2008 | |
| siemens | wincc_flexible | 2008 | |
| siemens | wincc_flexible | 2008 | |
| siemens | wincc | * | |
| siemens | wincc | v11 | |
| siemens | wincc | v11 | |
| siemens | simatic_hmi_panels | comfort_panels | |
| siemens | simatic_hmi_panels | mobile_panels | |
| siemens | simatic_hmi_panels | mp | |
| siemens | simatic_hmi_panels | op | |
| siemens | simatic_hmi_panels | tp | |
| siemens | wincc_runtime_advanced | v11 | |
| siemens | wincc_flexible_runtime | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "7D596C29-36F8-44F2-897D-FD107769E5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "2D84E29A-4BC2-4229-83C3-D9F7A641D19C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3ADDE1-1F91-43E7-A3C3-3069916F4B23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "1432EC7A-47B2-41D1-B90B-72DBB79AC266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:sp1:*:*:*:*:*:*",
"matchCriteriaId": "1A4B1323-9AF3-424F-925A-A62F35E575E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E454C72B-7804-402B-9C6A-687BF2C45D39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "9FE44373-06BD-4AA0-8778-06F2A150510C",
"versionEndIncluding": "v11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"matchCriteriaId": "18A9883B-80E1-4B2E-88DA-D2326AE3DC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:v11:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F53FDA20-FE97-4BA3-9165-F0BD7A25FA5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"matchCriteriaId": "DC593746-B329-43EA-8CA1-AA56AC5A3B10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF877E8-A0D1-4444-99F2-8A3E8ED4D31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"matchCriteriaId": "442AC914-BDD5-4D0C-9E04-88F60EE2B730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"matchCriteriaId": "D9749966-1666-4F7D-90D0-17AFBB88AE83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"matchCriteriaId": "9471D239-08B1-4076-82F7-2B73F4E343CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"matchCriteriaId": "1AE3AE80-C7A2-4581-993A-536936F6D315",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F785262-BBFB-4A0C-A7DC-97F5D6B94BB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4510."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en el servidor web HMI en Siemens WinCC flexible v2004, v2005, v2007 y v2008 antes de SP3, WinCC V11 (tambi\u00e9n conocido como TIA Portal) antes de SP2 Update 1, el TP, OP, MP, Comfort Panels, y los paneles de Mobile Panels SIMATIC HMI, WinCC V11 Runtime Advanced, y WinCC flexible Runtime. Esta vulnerabilidad permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados. Se trata de una vulnerabilidad diferente a CVE-2011-4510."
}
],
"id": "CVE-2011-4511",
"lastModified": "2024-11-21T01:32:27.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-03T20:55:01.407",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-18 14:55
Modified
2024-11-21 01:40
Severity ?
Summary
WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified methods in ActiveX controls.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B894F4-9635-4436-BC0A-E43280426017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "5AC094B0-B1BE-436D-A8D3-2008D0CDE070",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CB277F-7ECB-4F44-8BB5-A3D350486EE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "616535F1-F609-408B-AE48-61ACF48748A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F322FCB-32F4-4C5A-A7F5-F7EF41188C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "69822DB4-DC79-4F88-A470-5AC512C77377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "996DE8BD-DD51-41EF-9882-C2BD2CC5FE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "945C8B46-4CDA-4143-889C-30E30E93DB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33F9015-7058-419A-8762-CB2AE4ACF1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "E6271FCC-CCF6-4D31-801A-B4B0DC4639DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:wincc:7.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "DF7A6B2B-D573-4285-B3B4-136F2BE7E710",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified methods in ActiveX controls."
},
{
"lang": "es",
"value": "WebNavigator en Siemens WinCC v7.0 SP3 y anteriores, como se usa en SIMATIC PCS7 y otros productos, permite a atacantes remotos descubrir un nombre de usuario y contrase\u00f1a a trav\u00e9s de par\u00e1metros modificados en m\u00e9todos no especificados de controles ActiveX"
}
],
"id": "CVE-2012-3034",
"lastModified": "2024-11-21T01:40:09.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-18T14:55:01.583",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://en.securitylab.ru/lab/PT-2012-45"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://en.securitylab.ru/lab/PT-2012-45"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}