CNVD-2018-25912

Vulnerability from cnvd - Published: 2018-12-20
VLAI Severity ?
Title
Siemens SIMATIC IT LMS、SIMATIC IT Production Suite和SIMATIC IT UA Discrete Manufacturing授权问题漏洞
Description
Siemens SIMATIC IT LMS、SIMATIC IT Production Suite和SIMATIC IT UA Discrete Manufacturing都是德国西门子(Siemens)公司的产品。Siemens SIMATIC IT LMS是一套总体设备效能(OEE)的线路监控系统。SIMATIC IT Production Suite是一套工厂生产管理套件。SIMATIC IT UA Discrete Manufacturing是一套为制造业提供结构化服务的解决方案。 Siemens SIMATIC IT LMS、SIMATIC IT Production Suite 7.1 Upd3之前的7.1版本和SIMATIC IT UA Discrete Manufacturing 2.4之前版本中存在授权问题漏洞,攻击者可利用该漏洞绕过应用程序的身份验证检测,影响系统的保密性、完整性和可用性。
Severity
Patch Name
Siemens SIMATIC IT LMS、SIMATIC IT Production Suite和SIMATIC IT UA Discrete Manufacturing授权问题漏洞的补丁
Patch Description
Siemens SIMATIC IT LMS、SIMATIC IT Production Suite和SIMATIC IT UA Discrete Manufacturing都是德国西门子(Siemens)公司的产品。Siemens SIMATIC IT LMS是一套总体设备效能(OEE)的线路监控系统。SIMATIC IT Production Suite是一套工厂生产管理套件。SIMATIC IT UA Discrete Manufacturing是一套为制造业提供结构化服务的解决方案。 Siemens SIMATIC IT LMS、SIMATIC IT Production Suite 7.1 Upd3之前的7.1版本和SIMATIC IT UA Discrete Manufacturing 2.4之前版本中存在授权问题漏洞,攻击者可利用该漏洞绕过应用程序的身份验证检测,影响系统的保密性、完整性和可用性。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商只发布了SIMATIC IT Production Suite等产品的升级补丁以修复漏洞,产品SIMATIC IT LMS的升级补丁暂未发布,详情请参考链接: https://cert-portal.siemens.com/productcert/pdf/ssa-944083.pdf

Reference
https://ics-cert.us-cert.gov/advisories/ICSA-18-317-07
Impacted products
Name
['Siemens SIMATIC IT LMS ALL', 'Siemens SIMATIC IT UA Discrete Manufacturing <2.4', 'Siemens SIMATIC IT Production Suite 7.1.*,<7.1 Upd3']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-13804"
    }
  },
  "description": "Siemens SIMATIC IT LMS\u3001SIMATIC IT Production Suite\u548cSIMATIC IT UA Discrete Manufacturing\u90fd\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Siemens SIMATIC IT LMS\u662f\u4e00\u5957\u603b\u4f53\u8bbe\u5907\u6548\u80fd\uff08OEE\uff09\u7684\u7ebf\u8def\u76d1\u63a7\u7cfb\u7edf\u3002SIMATIC IT Production Suite\u662f\u4e00\u5957\u5de5\u5382\u751f\u4ea7\u7ba1\u7406\u5957\u4ef6\u3002SIMATIC IT UA Discrete Manufacturing\u662f\u4e00\u5957\u4e3a\u5236\u9020\u4e1a\u63d0\u4f9b\u7ed3\u6784\u5316\u670d\u52a1\u7684\u89e3\u51b3\u65b9\u6848\u3002\n\nSiemens SIMATIC IT LMS\u3001SIMATIC IT Production Suite 7.1 Upd3\u4e4b\u524d\u76847.1\u7248\u672c\u548cSIMATIC IT UA Discrete Manufacturing 2.4\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5e94\u7528\u7a0b\u5e8f\u7684\u8eab\u4efd\u9a8c\u8bc1\u68c0\u6d4b\uff0c\u5f71\u54cd\u7cfb\u7edf\u7684\u4fdd\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\u3002",
  "discovererName": "Siemens",
  "formalWay": "\u76ee\u524d\u5382\u5546\u53ea\u53d1\u5e03\u4e86SIMATIC IT Production Suite\u7b49\u4ea7\u54c1\u7684\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u4ea7\u54c1SIMATIC IT LMS\u7684\u5347\u7ea7\u8865\u4e01\u6682\u672a\u53d1\u5e03\uff0c\u8be6\u60c5\u8bf7\u53c2\u8003\u94fe\u63a5\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-944083.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-25912",
  "openTime": "2018-12-20",
  "patchDescription": "Siemens SIMATIC IT LMS\u3001SIMATIC IT Production Suite\u548cSIMATIC IT UA Discrete Manufacturing\u90fd\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Siemens SIMATIC IT LMS\u662f\u4e00\u5957\u603b\u4f53\u8bbe\u5907\u6548\u80fd\uff08OEE\uff09\u7684\u7ebf\u8def\u76d1\u63a7\u7cfb\u7edf\u3002SIMATIC IT Production Suite\u662f\u4e00\u5957\u5de5\u5382\u751f\u4ea7\u7ba1\u7406\u5957\u4ef6\u3002SIMATIC IT UA Discrete Manufacturing\u662f\u4e00\u5957\u4e3a\u5236\u9020\u4e1a\u63d0\u4f9b\u7ed3\u6784\u5316\u670d\u52a1\u7684\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nSiemens SIMATIC IT LMS\u3001SIMATIC IT Production Suite 7.1 Upd3\u4e4b\u524d\u76847.1\u7248\u672c\u548cSIMATIC IT UA Discrete Manufacturing 2.4\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5e94\u7528\u7a0b\u5e8f\u7684\u8eab\u4efd\u9a8c\u8bc1\u68c0\u6d4b\uff0c\u5f71\u54cd\u7cfb\u7edf\u7684\u4fdd\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SIMATIC IT LMS\u3001SIMATIC IT Production Suite\u548cSIMATIC IT UA Discrete Manufacturing\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens SIMATIC IT LMS ALL",
      "Siemens SIMATIC IT UA Discrete Manufacturing \u003c2.4",
      "Siemens SIMATIC IT Production Suite 7.1.*\uff0c\u003c7.1 Upd3"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-18-317-07",
  "serverity": "\u9ad8",
  "submitTime": "2018-11-16",
  "title": "Siemens SIMATIC IT LMS\u3001SIMATIC IT Production Suite\u548cSIMATIC IT UA Discrete Manufacturing\u6388\u6743\u95ee\u9898\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.