CNVD-2020-23038

Vulnerability from cnvd - Published: 2020-04-16
VLAI Severity ?
Title
多款Siemens产品输入验证错误漏洞(CNVD-2020-23038)
Description
Siemens SIMATIC PCS 7和SIMATIC WinCC都是德国西门子(Siemens)公司的产品。SIMATIC PCS 7是一套过程控制系统。SIMATIC WinCC是一套自动化的数据采集与监控(SCADA)系统。 多款Siemens产品中存在输入验证错误漏洞,攻击者可借助特制消息利用该漏洞导致拒绝服务。
Severity
Patch Name
多款Siemens产品输入验证错误漏洞(CNVD-2020-23038)的补丁
Patch Description
Siemens SIMATIC PCS 7和SIMATIC WinCC都是德国西门子(Siemens)公司的产品。SIMATIC PCS 7是一套过程控制系统。SIMATIC WinCC是一套自动化的数据采集与监控(SCADA)系统。 多款Siemens产品中存在输入验证错误漏洞,攻击者可借助特制消息利用该漏洞导致拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

厂商已发布了漏洞修复程序,请及时关注更新: https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf

Reference
https://www.us-cert.gov/ics/advisories/icsa-20-042-06
Impacted products
Name
['SIEMENS SIMATIC NET PC-Software', 'Siemens OpenPCS 7 V8.1', 'Siemens OpenPCS 7 V8.2', 'Siemens SIMATIC BATCH V8.1', 'Siemens SIMATIC BATCH V8.2', 'Siemens SIMATIC Route Control V8.1', 'Siemens SIMATIC Route Control V8.2', 'SIEMENS SIMATIC WinCC V7.3', 'SIEMENS SIMATIC WinCC V7.4', 'SIEMENS Siemens SIMATIC PCS 7 V8.1', 'SIEMENS Siemens SIMATIC PCS 7 V8.2', 'SIEMENS Siemens SIMATIC PCS 7 V9.0', 'Siemens OpenPCS 7 V9.0', 'Siemens SIMATIC BATCH V9.0', 'Siemens SIMATIC Route Control V9.0', 'SIEMENS SIMATIC WinCC(TIA Portal) 14.0.1', 'SIEMENS SIMATIC WinCC(TIA Portal) 15.1', 'SIEMENS SIMATIC WinCC(TIA Portal) 16', 'Siemens SIMATIC WinCC <7.5.1 Upd1', 'SIEMENS SIMATIC WinCC(TIA Portal) <13 SP2']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-19282"
    }
  },
  "description": "Siemens SIMATIC PCS 7\u548cSIMATIC WinCC\u90fd\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002SIMATIC PCS 7\u662f\u4e00\u5957\u8fc7\u7a0b\u63a7\u5236\u7cfb\u7edf\u3002SIMATIC WinCC\u662f\u4e00\u5957\u81ea\u52a8\u5316\u7684\u6570\u636e\u91c7\u96c6\u4e0e\u76d1\u63a7\uff08SCADA\uff09\u7cfb\u7edf\u3002\n\n\u591a\u6b3eSiemens\u4ea7\u54c1\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-23038",
  "openTime": "2020-04-16",
  "patchDescription": "Siemens SIMATIC PCS 7\u548cSIMATIC WinCC\u90fd\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002SIMATIC PCS 7\u662f\u4e00\u5957\u8fc7\u7a0b\u63a7\u5236\u7cfb\u7edf\u3002SIMATIC WinCC\u662f\u4e00\u5957\u81ea\u52a8\u5316\u7684\u6570\u636e\u91c7\u96c6\u4e0e\u76d1\u63a7\uff08SCADA\uff09\u7cfb\u7edf\u3002\r\n\r\n\u591a\u6b3eSiemens\u4ea7\u54c1\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eSiemens\u4ea7\u54c1\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-23038\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SIEMENS SIMATIC NET PC-Software",
      "Siemens OpenPCS 7 V8.1",
      "Siemens OpenPCS 7 V8.2",
      "Siemens SIMATIC BATCH V8.1",
      "Siemens SIMATIC BATCH V8.2",
      "Siemens SIMATIC Route Control V8.1",
      "Siemens SIMATIC Route Control V8.2",
      "SIEMENS SIMATIC WinCC V7.3",
      "SIEMENS SIMATIC WinCC V7.4",
      "SIEMENS Siemens SIMATIC PCS 7 V8.1",
      "SIEMENS Siemens SIMATIC PCS 7 V8.2",
      "SIEMENS Siemens SIMATIC PCS 7 V9.0",
      "Siemens OpenPCS 7 V9.0",
      "Siemens SIMATIC BATCH V9.0",
      "Siemens SIMATIC Route Control V9.0",
      "SIEMENS SIMATIC WinCC\uff08TIA Portal\uff09 14.0.1",
      "SIEMENS SIMATIC WinCC\uff08TIA Portal\uff09 15.1",
      "SIEMENS SIMATIC WinCC\uff08TIA Portal\uff09 16",
      "Siemens SIMATIC WinCC \u003c7.5.1 Upd1",
      "SIEMENS SIMATIC WinCC\uff08TIA Portal\uff09 \u003c13 SP2"
    ]
  },
  "referenceLink": "https://www.us-cert.gov/ics/advisories/icsa-20-042-06",
  "serverity": "\u9ad8",
  "submitTime": "2020-02-12",
  "title": "\u591a\u6b3eSiemens\u4ea7\u54c1\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-23038\uff09"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.