CNVD-2024-38013

Vulnerability from cnvd - Published: 2024-09-13
VLAI Severity ?
Title
Siemens SIMATIC SCADA和PCS 7 systems远程代码执行漏洞
Description
SIMATIC Information Server用于报告和可视化存储在SIMATIC process Historian中的过程数据。SIMATIC Process Historian是SIMATIC PCS 7、SIMATIC WinCC和SIMATIC PCS-neo的长期归档系统。它将生产工厂的过程值、警报和批数据存储在其数据库中,并为报告和可视化应用程序提供历史过程数据。SIMATIC PCS 7是一个分布式控制系统(DCS),集成了SIMATIC WinCC、SIMATIC Batch、SIMATIC路由控制、OpenPCS 7和其他组件。SIMATIC WinCC是一个监控和数据采集(SCADA)系统。SIMATIC WinCC Runtime Professional是一个可视化运行时平台,用于操作员控制和监控机器和工厂。 Siemens SIMATIC SCADA和PCS 7 systems存在远程代码执行漏洞,该漏洞是由于受影响的产品以提升的权限运行其数据库服务器,攻击者可利用该漏洞以管理权限执行任意操作系统命令。
Severity
Patch Name
Siemens SIMATIC SCADA和PCS 7 systems远程代码执行漏洞的补丁
Patch Description
SIMATIC Information Server用于报告和可视化存储在SIMATIC process Historian中的过程数据。SIMATIC Process Historian是SIMATIC PCS 7、SIMATIC WinCC和SIMATIC PCS-neo的长期归档系统。它将生产工厂的过程值、警报和批数据存储在其数据库中,并为报告和可视化应用程序提供历史过程数据。SIMATIC PCS 7是一个分布式控制系统(DCS),集成了SIMATIC WinCC、SIMATIC Batch、SIMATIC路由控制、OpenPCS 7和其他组件。SIMATIC WinCC是一个监控和数据采集(SCADA)系统。SIMATIC WinCC Runtime Professional是一个可视化运行时平台,用于操作员控制和监控机器和工厂。 Siemens SIMATIC SCADA和PCS 7 systems存在远程代码执行漏洞,该漏洞是由于受影响的产品以提升的权限运行其数据库服务器,攻击者可利用该漏洞以管理权限执行任意操作系统命令。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

用户可参考如下供应商提供的安全公告获得补丁信息: https://cert-portal.siemens.com/productcert/html/ssa-629254.html

Reference
https://cert-portal.siemens.com/productcert/html/ssa-629254.html
Impacted products
Name
['Siemens SIMATIC Process Historian 2020 null', 'Siemens SIMATIC PCS 7 V9.1', 'Siemens SIMATIC WinCC Runtime Professional V18', 'Siemens SIMATIC WinCC Runtime Professional V19', 'Siemens SIMATIC WinCC V7.4', 'Siemens SIMATIC BATCH V9.1', 'Siemens SIMATIC WinCC V8.0 < V8.0 Update 5', 'Siemens SIMATIC Information Server', 'Siemens SIMATIC Process Historian 2022', 'Siemens SIMATIC WinCC V7.5 < V7.5 SP2 Update 18']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-35783"
    }
  },
  "description": "SIMATIC Information Server\u7528\u4e8e\u62a5\u544a\u548c\u53ef\u89c6\u5316\u5b58\u50a8\u5728SIMATIC process Historian\u4e2d\u7684\u8fc7\u7a0b\u6570\u636e\u3002SIMATIC Process Historian\u662fSIMATIC PCS 7\u3001SIMATIC WinCC\u548cSIMATIC PCS-neo\u7684\u957f\u671f\u5f52\u6863\u7cfb\u7edf\u3002\u5b83\u5c06\u751f\u4ea7\u5de5\u5382\u7684\u8fc7\u7a0b\u503c\u3001\u8b66\u62a5\u548c\u6279\u6570\u636e\u5b58\u50a8\u5728\u5176\u6570\u636e\u5e93\u4e2d\uff0c\u5e76\u4e3a\u62a5\u544a\u548c\u53ef\u89c6\u5316\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u5386\u53f2\u8fc7\u7a0b\u6570\u636e\u3002SIMATIC PCS 7\u662f\u4e00\u4e2a\u5206\u5e03\u5f0f\u63a7\u5236\u7cfb\u7edf\uff08DCS\uff09\uff0c\u96c6\u6210\u4e86SIMATIC WinCC\u3001SIMATIC Batch\u3001SIMATIC\u8def\u7531\u63a7\u5236\u3001OpenPCS 7\u548c\u5176\u4ed6\u7ec4\u4ef6\u3002SIMATIC WinCC\u662f\u4e00\u4e2a\u76d1\u63a7\u548c\u6570\u636e\u91c7\u96c6\uff08SCADA\uff09\u7cfb\u7edf\u3002SIMATIC WinCC Runtime Professional\u662f\u4e00\u4e2a\u53ef\u89c6\u5316\u8fd0\u884c\u65f6\u5e73\u53f0\uff0c\u7528\u4e8e\u64cd\u4f5c\u5458\u63a7\u5236\u548c\u76d1\u63a7\u673a\u5668\u548c\u5de5\u5382\u3002\n\nSiemens SIMATIC SCADA\u548cPCS 7 systems\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u53d7\u5f71\u54cd\u7684\u4ea7\u54c1\u4ee5\u63d0\u5347\u7684\u6743\u9650\u8fd0\u884c\u5176\u6570\u636e\u5e93\u670d\u52a1\u5668\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u7ba1\u7406\u6743\u9650\u6267\u884c\u4efb\u610f\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-629254.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-38013",
  "openTime": "2024-09-13",
  "patchDescription": "SIMATIC Information Server\u7528\u4e8e\u62a5\u544a\u548c\u53ef\u89c6\u5316\u5b58\u50a8\u5728SIMATIC process Historian\u4e2d\u7684\u8fc7\u7a0b\u6570\u636e\u3002SIMATIC Process Historian\u662fSIMATIC PCS 7\u3001SIMATIC WinCC\u548cSIMATIC PCS-neo\u7684\u957f\u671f\u5f52\u6863\u7cfb\u7edf\u3002\u5b83\u5c06\u751f\u4ea7\u5de5\u5382\u7684\u8fc7\u7a0b\u503c\u3001\u8b66\u62a5\u548c\u6279\u6570\u636e\u5b58\u50a8\u5728\u5176\u6570\u636e\u5e93\u4e2d\uff0c\u5e76\u4e3a\u62a5\u544a\u548c\u53ef\u89c6\u5316\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u5386\u53f2\u8fc7\u7a0b\u6570\u636e\u3002SIMATIC PCS 7\u662f\u4e00\u4e2a\u5206\u5e03\u5f0f\u63a7\u5236\u7cfb\u7edf\uff08DCS\uff09\uff0c\u96c6\u6210\u4e86SIMATIC WinCC\u3001SIMATIC Batch\u3001SIMATIC\u8def\u7531\u63a7\u5236\u3001OpenPCS 7\u548c\u5176\u4ed6\u7ec4\u4ef6\u3002SIMATIC WinCC\u662f\u4e00\u4e2a\u76d1\u63a7\u548c\u6570\u636e\u91c7\u96c6\uff08SCADA\uff09\u7cfb\u7edf\u3002SIMATIC WinCC Runtime Professional\u662f\u4e00\u4e2a\u53ef\u89c6\u5316\u8fd0\u884c\u65f6\u5e73\u53f0\uff0c\u7528\u4e8e\u64cd\u4f5c\u5458\u63a7\u5236\u548c\u76d1\u63a7\u673a\u5668\u548c\u5de5\u5382\u3002\r\n\r\nSiemens SIMATIC SCADA\u548cPCS 7 systems\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u53d7\u5f71\u54cd\u7684\u4ea7\u54c1\u4ee5\u63d0\u5347\u7684\u6743\u9650\u8fd0\u884c\u5176\u6570\u636e\u5e93\u670d\u52a1\u5668\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u7ba1\u7406\u6743\u9650\u6267\u884c\u4efb\u610f\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SIMATIC SCADA\u548cPCS 7 systems\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens SIMATIC Process Historian 2020 null",
      "Siemens SIMATIC PCS 7 V9.1",
      "Siemens SIMATIC WinCC Runtime Professional V18",
      "Siemens SIMATIC WinCC Runtime Professional V19",
      "Siemens SIMATIC WinCC V7.4",
      "Siemens SIMATIC BATCH V9.1",
      "Siemens SIMATIC WinCC V8.0 \u003c V8.0 Update 5",
      "Siemens SIMATIC Information Server",
      "Siemens SIMATIC Process Historian 2022",
      "Siemens SIMATIC WinCC V7.5 \u003c V7.5 SP2 Update 18"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-629254.html",
  "serverity": "\u9ad8",
  "submitTime": "2024-09-12",
  "title": "Siemens SIMATIC SCADA\u548cPCS 7 systems\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.