cve-2015-8214
Vulnerability from cvelistv5
Published
2015-11-27 15:00
Modified
2024-08-06 08:13
Severity ?
Summary
A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs' configuration was stored on their corresponding CPUs.
References
cve@mitre.orghttp://www.securityfocus.com/bid/78345
cve@mitre.orghttp://www.securitytracker.com/id/1034279
cve@mitre.orghttp://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdfVendor Advisory
cve@mitre.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf
Impacted products
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:13:31.851Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "78345",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/78345"
          },
          {
            "name": "1034279",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034279"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-11-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs\u0027 configuration was stored on their corresponding CPUs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-22T20:42:17",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "78345",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/78345"
        },
        {
          "name": "1034279",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034279"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8214",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs\u0027 configuration was stored on their corresponding CPUs."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "78345",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/78345"
            },
            {
              "name": "1034279",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034279"
            },
            {
              "name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf",
              "refsource": "CONFIRM",
              "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8214",
    "datePublished": "2015-11-27T15:00:00",
    "dateReserved": "2015-11-16T00:00:00",
    "dateUpdated": "2024-08-06T08:13:31.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-8214\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-11-27T15:59:00.133\",\"lastModified\":\"2021-04-22T21:15:08.047\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs\u0027 configuration was stored on their corresponding CPUs.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en SIMATIC NET CP 342-5 (incl. variantes de SIPLUS) (Todas las versiones), SIMATIC NET CP 343-1 Advanced (incl. variantes de SIPLUS) (Todas las versiones anteriores a V3.0.44), SIMATIC NET CP 343-1 Lean (incl. variantes de SIPLUS) (Todas las versiones anteriores a V3.1.1). variantes SIPLUS) (Todas las versiones anteriores a V3.1.1), SIMATIC NET CP 343-1 Standard (incl. variantes SIPLUS) (Todas las versiones anteriores a V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. variantes SIPLUS) (Todas las versiones anteriores a V3.2.9), SIMATIC NET CP 443-1 Standard (incl. variantes SIPLUS) (Todas las versiones anteriores a V3.0.44) SIPLUS) (Todas las versiones anteriores a V3.2.9), SIMATIC NET CP 443-5 Basic (incl. variantes SIPLUS) (Todas las versiones), SIMATIC NET CP 443-5 Extended (Todas las versiones), TIM 3V-IE / TIM 3V-IE Advanced (incl. variantes SIPLUS NET) (Todas las versiones anteriores a V2. 6.0), TIM 3V-IE DNP3 (incl. variantes SIPLUS NET) (Todas las versiones anteriores a V3.1.0), TIM 4R-IE (incl. variantes SIPLUS NET) (Todas las versiones anteriores a V2.6.0), TIM 4R-IE DNP3 (incl. variantes SIPLUS NET) (Todas las versiones anteriores a V3.1.0). La aplicaci\u00f3n del nivel de protecci\u00f3n de acceso implementado en los procesadores de comunicaci\u00f3n (CP) afectados podr\u00eda permitir a usuarios no autentificados realizar operaciones administrativas en los CP si el acceso a la red (puerto 102/TCP) est\u00e1 disponible y la configuraci\u00f3n de los CP se almacen\u00f3 en sus correspondientes CPU\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:C/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":9.7},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":9.5,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_cp_443-1_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88638890-5ABE-4824-A41F-FCF30532A538\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_cp_443-1_firmware:*:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"9296A7D4-7F72-4D8A-9863-7CF8B5CEEAAE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_cp_443-1:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"733EA356-41B9-47E9-8E17-0988D84CCEF8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_tim_4r-ie_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7572C2D-6B45-4DE4-9488-77A77437E3EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_tim_4r-ie_firmware:*:*:*:*:dnp3:*:*:*\",\"matchCriteriaId\":\"5CDFD9DA-A370-47C2-A2CB-B4A71268A9CE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_tim_4r-ie:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDA23503-444E-427A-B6A5-021AC6FE72CD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_cp_343-1_firmware:*:*:*:*:lean:*:*:*\",\"matchCriteriaId\":\"BF2877DF-4B20-4719-9046-BB368E5873DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_cp_343-1_firmware:*:*:*:*:advanced:*:*:*\",\"versionEndIncluding\":\"3.0\",\"matchCriteriaId\":\"B1CD1E2E-4220-4FC1-BB19-2812D4354BF9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_cp_343-1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C100D7C1-EAD2-455D-8A72-5BBBD85F2F77\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_tim_3v-ie_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28A429DF-6ED6-4235-9C2D-699CA577347A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_tim_3v-ie_firmware:-:*:*:*:advanced:*:*:*\",\"matchCriteriaId\":\"138A9472-BE23-4107-BB6D-3E6C150EC4FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_tim_3v-ie_firmware:-:*:*:*:dnp3:*:*:*\",\"matchCriteriaId\":\"B969E93A-18C8-4422-B544-57F8CF83A963\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_tim_3v-ie:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF29ECAA-CAB2-4B50-A348-A6EC50E0BDC6\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/78345\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1034279\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf\",\"source\":\"cve@mitre.org\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.