cvelistv5 - cve-2017-6867

CVE-2017-6867 (GCVE-0-2017-6867)

Vulnerability from cvelistv5 – Published: 2017-05-11 10:00 – Updated: 2024-08-05 15:41

Summary

Severity ?

No CVSS data available.

CWE

CWE-787 - Out-of-bounds Write

Assigner

siemens

References

URL

Tags

	http://www.securityfocus.com/bid/98368	vdb-entryx_refsource_BID
	https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM
	https://www.siemens.com/cert/pool/cert/siemens_se…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Siemens SIMATIC WinCC	Affected: Siemens SIMATIC WinCC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:41:17.675Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "98368",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98368"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Siemens SIMATIC WinCC",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Siemens SIMATIC WinCC"
            }
          ]
        }
      ],
      "datePublic": "2017-05-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the \"administrators\" group to crash services by sending specially crafted messages to the DCOM interface."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-13T09:57:01",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "name": "98368",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98368"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2017-6867",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Siemens SIMATIC WinCC",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Siemens SIMATIC WinCC"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the \"administrators\" group to crash services by sending specially crafted messages to the DCOM interface."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-787: Out-of-bounds Write"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "98368",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98368"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf"
            },
            {
              "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf",
              "refsource": "CONFIRM",
              "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2017-6867",
    "datePublished": "2017-05-11T10:00:00",
    "dateReserved": "2017-03-13T00:00:00",
    "dateUpdated": "2024-08-05T15:41:17.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D6229A2-9B8E-4F76-8425-589D2CE58B16\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc:7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F64B795A-7E66-49AE-BE40-E8EEAC12D280\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc_\\\\(tia_portal\\\\):13:sp1:*:*:professional:*:*:*\", \"matchCriteriaId\": \"F8FA6B17-FA61-44FC-BAA7-AAC63ECBD996\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc_\\\\(tia_portal\\\\):14:*:*:*:professional:*:*:*\", \"matchCriteriaId\": \"B0E21465-76ED-4803-A40A-539500B993F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc_runtime:13:sp1:*:*:professional:*:*:*\", \"matchCriteriaId\": \"57CE0216-AA81-416B-88D2-3321D2A2A16D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:simatic_wincc_runtime:14:*:*:*:professional:*:*:*\", \"matchCriteriaId\": \"D8893E54-CF26-448A-9C32-90E5F8D8CC84\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the \\\"administrators\\\" group to crash services by sending specially crafted messages to the DCOM interface.\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 una vulnerabilidad en SIMATIC WinCC (versi\\u00f3n V7.3 anterior a Upd 11 y versi\\u00f3n V7.4 anterior a SP1), SIMATIC WinCC Runtime Professional (versi\\u00f3n V13 anterior a SP2 y versi\\u00f3n V14 anterior a SP1), SIMATIC WinCC (TIA Portal) Professional (versi\\u00f3n V13 anterior a SP2 y versi\\u00f3n V14 anterior a SP1) de Siemens, eso podr\\u00eda permitir a un atacante remoto autenticado, quien es miembro del grupo de los \\\"administrators\\\" bloquear los servicios enviando mensajes especialmente dise\\u00f1ados a la interfaz DCOM.\"}]",
      "id": "CVE-2017-6867",
      "lastModified": "2024-11-21T03:30:41.697",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 4.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:N/A:P\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-05-11T10:29:00.260",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/98368\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf\", \"source\": \"productcert@siemens.com\"}, {\"url\": \"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/98368\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "productcert@siemens.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"productcert@siemens.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-6867\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2017-05-11T10:29:00.260\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the \\\"administrators\\\" group to crash services by sending specially crafted messages to the DCOM interface.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 una vulnerabilidad en SIMATIC WinCC (versi\u00f3n V7.3 anterior a Upd 11 y versi\u00f3n V7.4 anterior a SP1), SIMATIC WinCC Runtime Professional (versi\u00f3n V13 anterior a SP2 y versi\u00f3n V14 anterior a SP1), SIMATIC WinCC (TIA Portal) Professional (versi\u00f3n V13 anterior a SP2 y versi\u00f3n V14 anterior a SP1) de Siemens, eso podr\u00eda permitir a un atacante remoto autenticado, quien es miembro del grupo de los \\\"administrators\\\" bloquear los servicios enviando mensajes especialmente dise\u00f1ados a la interfaz DCOM.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:P\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D6229A2-9B8E-4F76-8425-589D2CE58B16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F64B795A-7E66-49AE-BE40-E8EEAC12D280\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc_\\\\(tia_portal\\\\):13:sp1:*:*:professional:*:*:*\",\"matchCriteriaId\":\"F8FA6B17-FA61-44FC-BAA7-AAC63ECBD996\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc_\\\\(tia_portal\\\\):14:*:*:*:professional:*:*:*\",\"matchCriteriaId\":\"B0E21465-76ED-4803-A40A-539500B993F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc_runtime:13:sp1:*:*:professional:*:*:*\",\"matchCriteriaId\":\"57CE0216-AA81-416B-88D2-3321D2A2A16D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:simatic_wincc_runtime:14:*:*:*:professional:*:*:*\",\"matchCriteriaId\":\"D8893E54-CF26-448A-9C32-90E5F8D8CC84\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/98368\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/98368\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-F7G5-6G5Q-8C2Q

Vulnerability from github – Published: 2022-05-14 03:18 – Updated: 2022-05-14 03:18

Details

Severity ?

4.9 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6867"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-11T10:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the \"administrators\" group to crash services by sending specially crafted messages to the DCOM interface.",
  "id": "GHSA-f7g5-6g5q-8c2q",
  "modified": "2022-05-14T03:18:09Z",
  "published": "2022-05-14T03:18:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6867"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98368"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2017-06154

Vulnerability from cnvd - Published: 2017-05-09

Title

Siemens SIMATIC WinCC和SIMATIC WinCC Runtime Professional拒绝服务漏洞

Description

Siemens SIMATIC WinCC和SIMATIC WinCC Runtime Professional等都是德国西门子（Siemens）公司的工业自动化产品。SIMATIC WinCC是一个监控和数据采集（SCADA）系统。SIMATIC WinCC Runtime Professional是用于操作员的可视化运行时平台机器和设备的控制和监控。 Siemens SIMATIC WinCC和SIMATIC WinCC Runtime Professional存在拒绝服务漏洞。作为“管理员”身份的远程攻击者可利用漏洞通过向DCOM接口发送特制消息来进行崩溃服务。

Severity

高

Patch Name

Siemens SIMATIC WinCC和SIMATIC WinCC Runtime Professional拒绝服务漏洞的补丁

Patch Description

Formal description

用户可联系供应商获得补丁信息： https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf

Reference

http://www.siemens.com/cert/en/cert-security-advisories.htm

Impacted products

Name
['SIEMENS SIMATIC WinCC <V7.3 Upd 11', 'SIEMENS SIMATIC WinCC <V7.4 SP1', 'SIEMENS SIMATIC WinCC Runtime Professional <V13 SP2', 'SIEMENS SIMATIC WinCC Runtime Professional <V14 SP1', 'SIEMENS SIMATIC WinCC (TIA Portal) Professional <V13 SP2', 'SIEMENS SIMATIC WinCC (TIA Portal) Professional <V14 SP1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6867"
    }
  },
  "description": "Siemens SIMATIC WinCC\u548cSIMATIC WinCC Runtime Professional\u7b49\u90fd\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u5de5\u4e1a\u81ea\u52a8\u5316\u4ea7\u54c1\u3002SIMATIC WinCC\u662f\u4e00\u4e2a\u76d1\u63a7\u548c\u6570\u636e\u91c7\u96c6\uff08SCADA\uff09\u7cfb\u7edf\u3002SIMATIC WinCC Runtime Professional\u662f\u7528\u4e8e\u64cd\u4f5c\u5458\u7684\u53ef\u89c6\u5316\u8fd0\u884c\u65f6\u5e73\u53f0\u673a\u5668\u548c\u8bbe\u5907\u7684\u63a7\u5236\u548c\u76d1\u63a7\u3002\r\n\r\nSiemens SIMATIC WinCC\u548cSIMATIC WinCC Runtime Professional\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u4f5c\u4e3a\u201c\u7ba1\u7406\u5458\u201d\u8eab\u4efd\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7\u5411DCOM\u63a5\u53e3\u53d1\u9001\u7279\u5236\u6d88\u606f\u6765\u8fdb\u884c\u5d29\u6e83\u670d\u52a1\u3002",
  "discovererName": "Sergey Temnikov and Vladimir Dashchenko, Critical Infrastructure Defense Team, Kaspersky Lab",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-06154",
  "openTime": "2017-05-09",
  "patchDescription": "Siemens SIMATIC WinCC\u548cSIMATIC WinCC Runtime Professional\u7b49\u90fd\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u5de5\u4e1a\u81ea\u52a8\u5316\u4ea7\u54c1\u3002SIMATIC WinCC\u662f\u4e00\u4e2a\u76d1\u63a7\u548c\u6570\u636e\u91c7\u96c6\uff08SCADA\uff09\u7cfb\u7edf\u3002SIMATIC WinCC Runtime Professional\u662f\u7528\u4e8e\u64cd\u4f5c\u5458\u7684\u53ef\u89c6\u5316\u8fd0\u884c\u65f6\u5e73\u53f0\u673a\u5668\u548c\u8bbe\u5907\u7684\u63a7\u5236\u548c\u76d1\u63a7\u3002\r\n\r\nSiemens SIMATIC WinCC\u548cSIMATIC WinCC Runtime Professional\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u4f5c\u4e3a\u201c\u7ba1\u7406\u5458\u201d\u8eab\u4efd\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7\u5411DCOM\u63a5\u53e3\u53d1\u9001\u7279\u5236\u6d88\u606f\u6765\u8fdb\u884c\u5d29\u6e83\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SIMATIC WinCC\u548cSIMATIC WinCC Runtime Professional\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SIEMENS SIMATIC WinCC \u003cV7.3 Upd 11",
      "SIEMENS SIMATIC WinCC \u003cV7.4 SP1",
      "SIEMENS SIMATIC WinCC Runtime Professional \u003cV13 SP2",
      "SIEMENS SIMATIC WinCC Runtime Professional \u003cV14 SP1",
      "SIEMENS SIMATIC WinCC (TIA Portal) Professional \u003cV13 SP2",
      "SIEMENS SIMATIC WinCC (TIA Portal) Professional \u003cV14 SP1"
    ]
  },
  "referenceLink": "http://www.siemens.com/cert/en/cert-security-advisories.htm",
  "serverity": "\u9ad8",
  "submitTime": "2017-05-09",
  "title": "Siemens SIMATIC WinCC\u548cSIMATIC WinCC Runtime Professional\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

VAR-201705-3974

Vulnerability from variot - Updated: 2023-12-18 12:51

A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the "administrators" group to crash services by sending specially crafted messages to the DCOM interface. Siemens SIMATIC WinCC and SIMATIC WinCC Runtime Professional are industrial automation products from Siemens AG. SIMATIC WinCC is a monitoring and data acquisition (SCADA) system. SIMATIC WinCC Runtime Professional is the control and monitoring of the operator's visual runtime platform machines and equipment. Multiple SIMATIC WinCC Products are prone to a denial-of-service vulnerability. The following products are vulnerable: SIMATIC WinCC 7.3 versions prior to 7.3 Update 11 SIMATIC WinCC 7.4 versions prior to 7.4 SP1 SIMATIC WinCC Runtime Professional 13 versions prior to 13 SP2 SIMATIC WinCC Runtime Professional 14 versions prior to 14 SP1 SIMATIC WinCC (TIA Portal) Professional 13 versions prior to 13 SP2 SIMATIC WinCC (TIA Portal) Professional 14 versions prior to 14 SP1. Siemens SIMATIC WinCC, etc. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC. Security vulnerabilities exist in several Siemens products

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3974",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "siemens",
        "version": "7.4"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "siemens",
        "version": "7.3"
      },
      {
        "model": "simatic wincc runtime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "13"
      },
      {
        "model": "simatic wincc \\",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "13"
      },
      {
        "model": "simatic wincc runtime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "14"
      },
      {
        "model": "simatic wincc \\",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "14"
      },
      {
        "model": "simatic wincc runtime professional",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "14 sp1"
      },
      {
        "model": "simatic wincc",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "13"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "7.3 update 11"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "7.4 sp1"
      },
      {
        "model": "simatic wincc",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "7.3"
      },
      {
        "model": "simatic wincc runtime professional",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "13"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "14 sp1"
      },
      {
        "model": "simatic wincc runtime professional",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "13 sp2"
      },
      {
        "model": "simatic wincc",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "7.4"
      },
      {
        "model": "simatic wincc",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "14"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "13 sp2"
      },
      {
        "model": "simatic wincc runtime professional",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "14"
      },
      {
        "model": "simatic wincc upd",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v7.311"
      },
      {
        "model": "simatic wincc sp1",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v7.4"
      },
      {
        "model": "simatic wincc runtime professional sp2",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v13"
      },
      {
        "model": "simatic wincc runtime professional sp1",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v14"
      },
      {
        "model": "simatic wincc professional sp2",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v13"
      },
      {
        "model": "simatic wincc professional sp1",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v14"
      },
      {
        "model": "simatic wincc runtime professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "14"
      },
      {
        "model": "simatic wincc runtime professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "13"
      },
      {
        "model": "simatic wincc professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "14"
      },
      {
        "model": "simatic wincc professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "13"
      },
      {
        "model": "simatic wincc update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.32"
      },
      {
        "model": "simatic wincc update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.310"
      },
      {
        "model": "simatic wincc update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.31"
      },
      {
        "model": "simatic wincc runtime professional sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "14"
      },
      {
        "model": "simatic wincc runtime professional sp2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "13"
      },
      {
        "model": "simatic wincc professional sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "14"
      },
      {
        "model": "simatic wincc professional sp2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "13"
      },
      {
        "model": "simatic wincc sp1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.4"
      },
      {
        "model": "simatic wincc update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.311"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic wincc",
        "version": "7.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic wincc",
        "version": "7.4"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic wincc tia portal",
        "version": "13"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic wincc tia portal",
        "version": "14"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic wincc runtime",
        "version": "13"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic wincc runtime",
        "version": "14"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "81c5d14f-8537-4b60-aa16-b99aec0c6e39"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06154"
      },
      {
        "db": "BID",
        "id": "98368"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004058"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6867"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-630"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):14:*:*:*:professional:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):13:sp1:*:*:professional:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_runtime:14:*:*:*:professional:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_runtime:13:sp1:*:*:professional:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6867"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sergey Temnikov and Vladimir Dashchenko of the Kaspersky Lab Critical Infrastructure Defense Team",
    "sources": [
      {
        "db": "BID",
        "id": "98368"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-6867",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-6867",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-06154",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "81c5d14f-8537-4b60-aa16-b99aec0c6e39",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "VHN-115070",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.2,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 4.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-6867",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-6867",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-06154",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201703-630",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "81c5d14f-8537-4b60-aa16-b99aec0c6e39",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-115070",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "81c5d14f-8537-4b60-aa16-b99aec0c6e39"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06154"
      },
      {
        "db": "VULHUB",
        "id": "VHN-115070"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004058"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6867"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-630"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the \"administrators\" group to crash services by sending specially crafted messages to the DCOM interface. Siemens SIMATIC WinCC and SIMATIC WinCC Runtime Professional are industrial automation products from Siemens AG. SIMATIC WinCC is a monitoring and data acquisition (SCADA) system. SIMATIC WinCC Runtime Professional is the control and monitoring of the operator\u0027s visual runtime platform machines and equipment. Multiple SIMATIC WinCC Products are prone to a denial-of-service vulnerability. \nThe following products are vulnerable:\nSIMATIC WinCC 7.3 versions prior to 7.3 Update 11\nSIMATIC WinCC 7.4 versions prior to 7.4 SP1\nSIMATIC WinCC Runtime Professional 13 versions prior to 13 SP2\nSIMATIC WinCC Runtime Professional 14 versions prior to 14 SP1\nSIMATIC WinCC (TIA Portal) Professional 13 versions prior to 13 SP2\nSIMATIC WinCC (TIA Portal) Professional 14 versions prior to 14 SP1. Siemens SIMATIC WinCC, etc. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC. Security vulnerabilities exist in several Siemens products",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6867"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004058"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06154"
      },
      {
        "db": "BID",
        "id": "98368"
      },
      {
        "db": "IVD",
        "id": "81c5d14f-8537-4b60-aa16-b99aec0c6e39"
      },
      {
        "db": "VULHUB",
        "id": "VHN-115070"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6867",
        "trust": 3.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-156872",
        "trust": 2.3
      },
      {
        "db": "BID",
        "id": "98368",
        "trust": 2.0
      },
      {
        "db": "SIEMENS",
        "id": "SSA-523365",
        "trust": 1.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-630",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06154",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-306-01",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004058",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-129-03",
        "trust": 0.3
      },
      {
        "db": "IVD",
        "id": "81C5D14F-8537-4B60-AA16-B99AEC0C6E39",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-115070",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "81c5d14f-8537-4b60-aa16-b99aec0c6e39"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06154"
      },
      {
        "db": "VULHUB",
        "id": "VHN-115070"
      },
      {
        "db": "BID",
        "id": "98368"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004058"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6867"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-630"
      }
    ]
  },
  "id": "VAR-201705-3974",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "81c5d14f-8537-4b60-aa16-b99aec0c6e39"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06154"
      },
      {
        "db": "VULHUB",
        "id": "VHN-115070"
      }
    ],
    "trust": 1.561624812
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "81c5d14f-8537-4b60-aa16-b99aec0c6e39"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06154"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:51:13.289000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-156872",
        "trust": 0.8,
        "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf"
      },
      {
        "title": "Patch for Siemens SIMATIC WinCC and SIMATIC WinCC Runtime Professional Denial of Service Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/176383"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-06154"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004058"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-115070"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004058"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6867"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/98368"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6867"
      },
      {
        "trust": 0.8,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-306-01"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6867"
      },
      {
        "trust": 0.6,
        "url": "http://www.siemens.com/cert/en/cert-security-advisories.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.siemens.com/"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-129-03"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-06154"
      },
      {
        "db": "VULHUB",
        "id": "VHN-115070"
      },
      {
        "db": "BID",
        "id": "98368"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004058"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6867"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-630"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "81c5d14f-8537-4b60-aa16-b99aec0c6e39"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-06154"
      },
      {
        "db": "VULHUB",
        "id": "VHN-115070"
      },
      {
        "db": "BID",
        "id": "98368"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004058"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6867"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-630"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-09T00:00:00",
        "db": "IVD",
        "id": "81c5d14f-8537-4b60-aa16-b99aec0c6e39"
      },
      {
        "date": "2017-05-09T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-06154"
      },
      {
        "date": "2017-05-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115070"
      },
      {
        "date": "2017-05-09T00:00:00",
        "db": "BID",
        "id": "98368"
      },
      {
        "date": "2017-06-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004058"
      },
      {
        "date": "2017-05-11T10:29:00.260000",
        "db": "NVD",
        "id": "CVE-2017-6867"
      },
      {
        "date": "2017-03-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-630"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-06154"
      },
      {
        "date": "2018-06-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-115070"
      },
      {
        "date": "2017-05-23T16:23:00",
        "db": "BID",
        "id": "98368"
      },
      {
        "date": "2018-06-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004058"
      },
      {
        "date": "2018-06-14T01:29:31.133000",
        "db": "NVD",
        "id": "CVE-2017-6867"
      },
      {
        "date": "2017-05-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-630"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-630"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Siemens SIMATIC Vulnerability that can crash services in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004058"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input validation",
    "sources": [
      {
        "db": "IVD",
        "id": "81c5d14f-8537-4b60-aa16-b99aec0c6e39"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-630"
      }
    ],
    "trust": 0.8
  }
}

CERTFR-2017-AVI-140

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans SCADA les produits Siemens. Elles permettent à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les produits Siemens sans le dernier correctif de sécurité

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité SCADA Siemens SSA-156872 du 08 mai 2017	None	vendor-advisory
Bulletin de sécurité SCADA Siemens SSA-293562 du 08 mai 2017	None	vendor-advisory
Bulletin de sécurité SCADA Siemens SSA-275839 du 08 mai 2017	None	vendor-advisory
Bulletin de sécurité SCADA Siemens SSA-275839 du 08 mai 2017	-	other
Bulletin de sécurité SCADA Siemens SSA-156872 du 08 mai 2017	-	other
Bulletin de sécurité SCADA SSA-293562 Siemens du 08 mai 2017	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eLes produits Siemens sans le dernier correctif de s\u00e9curit\u00e9\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-2680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2680"
    },
    {
      "name": "CVE-2017-2681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2681"
    },
    {
      "name": "CVE-2017-6867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6867"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens SSA-275839 du 08 mai    2017",
      "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-275839.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens SSA-156872 du 08 mai    2017",
      "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-156872.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA SSA-293562 Siemens du 08 mai    2017",
      "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-293562.pdf"
    }
  ],
  "reference": "CERTFR-2017-AVI-140",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-05-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eSCADA les produits Siemens\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens SSA-156872 du 08 mai 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens SSA-293562 du 08 mai 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens SSA-275839 du 08 mai 2017",
      "url": null
    }
  ]
}

CERTFR-2017-AVI-140

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans SCADA les produits Siemens. Elles permettent à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les produits Siemens sans le dernier correctif de sécurité

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité SCADA Siemens SSA-156872 du 08 mai 2017	None	vendor-advisory
Bulletin de sécurité SCADA Siemens SSA-293562 du 08 mai 2017	None	vendor-advisory
Bulletin de sécurité SCADA Siemens SSA-275839 du 08 mai 2017	None	vendor-advisory
Bulletin de sécurité SCADA Siemens SSA-275839 du 08 mai 2017	-	other
Bulletin de sécurité SCADA Siemens SSA-156872 du 08 mai 2017	-	other
Bulletin de sécurité SCADA SSA-293562 Siemens du 08 mai 2017	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eLes produits Siemens sans le dernier correctif de s\u00e9curit\u00e9\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-2680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2680"
    },
    {
      "name": "CVE-2017-2681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2681"
    },
    {
      "name": "CVE-2017-6867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6867"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens SSA-275839 du 08 mai    2017",
      "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-275839.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens SSA-156872 du 08 mai    2017",
      "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-156872.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA SSA-293562 Siemens du 08 mai    2017",
      "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-293562.pdf"
    }
  ],
  "reference": "CERTFR-2017-AVI-140",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-05-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eSCADA les produits Siemens\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens SSA-156872 du 08 mai 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens SSA-293562 du 08 mai 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens SSA-275839 du 08 mai 2017",
      "url": null
    }
  ]
}

ICSA-17-129-03

Vulnerability from csaf_cisa - Published: 2017-05-09 00:00 - Updated: 2017-05-09 00:00

Summary

Siemens SIMATIC WinCC and SIMATIC WinCC Runtime Professional

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

ATTENTION: Remotely exploitable/low skill level to exploit.

Critical infrastructure sectors

Food and Agriculture, Chemical, Energy, Water and Wastewater Systems

Countries/areas deployed

Worldwide

Company headquarters location

Germany

Recommended Practices

NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.

Recommended Practices

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Sergey Temnikov",
          "Vladimir Dashchenko"
        ],
        "organization": "the Kaspersky Lab Critical Infrastructure Defense Team",
        "summary": "reporting this vulnerability directly to Siemens"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "ATTENTION: Remotely exploitable/low skill level to exploit.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Food and Agriculture, Chemical, Energy, Water and Wastewater Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-129-03 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-129-03.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-129-03 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-129-03"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-129-03"
      }
    ],
    "title": "Siemens SIMATIC WinCC and SIMATIC WinCC Runtime Professional",
    "tracking": {
      "current_release_date": "2017-05-09T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-17-129-03",
      "initial_release_date": "2017-05-09T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-05-09T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-17-129-03 Siemens SIMATIC WinCC"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 14 SP1",
                "product": {
                  "name": "V14: All versions prior to V14 SP1",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC WinCC Runtime Professional / SIMATIC WinCC (TIA Portal) Professional"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 13 SP2",
                "product": {
                  "name": "V13: All versions prior to V13 SP2",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC WinCC Runtime Professional / SIMATIC WinCC (TIA Portal) Professional"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 7.4 SP1",
                "product": {
                  "name": "V7.4: All versions prior to V7.4 SP1",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC WinCC"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 7.3 Update 11",
                "product": {
                  "name": "V7.3: All versions prior to V7.3 Update 11",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC WinCC"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-6867",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An authenticated, remote attacker who is a member of the administrators group could crash services by sending specially crafted messages to the DCOM interface.CVE-2017-6867 has been assigned to this vulnerability. A CVSS v3 base score of 4.9 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6867"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Siemens has released updates for the following products and strongly encourages users to upgrade to the new versions as soon as possible:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://support.industry.siemens.com/cs/ww/en/view/109746452",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109746452"
        },
        {
          "category": "vendor_fix",
          "details": "https://support.industry.siemens.com/cs/ww/en/view/109746038",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109746038"
        },
        {
          "category": "vendor_fix",
          "details": "https://support.industry.siemens.com/cs/ww/en/view/109746268",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109746268"
        },
        {
          "category": "vendor_fix",
          "details": "https://support.industry.siemens.com/cs/ww/en/view/109746276",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109746276"
        },
        {
          "category": "vendor_fix",
          "details": "https://support.industry.siemens.com/cs/ww/en/view/109746075",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109746075"
        },
        {
          "category": "vendor_fix",
          "details": "https://support.industry.siemens.com/cs/ww/en/view/109746074",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109746074"
        },
        {
          "category": "vendor_fix",
          "details": "For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-156872 at the following location:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "http://www.siemens.com/cert/en/cert-security-advisories.htm",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "http://www.siemens.com/cert/en/cert-security-advisories.htm"
        },
        {
          "category": "vendor_fix",
          "details": "As a general security measure Siemens strongly recommends protecting network access to SIMATIC WinCC, SIMATIC WinCC Runtime, and SIMATIC WinCC (TIA Portal) Professional stations with appropriate mechanisms. Siemens advises configuring the environment according to Siemens operational guidelines in order to run the devices in a protected IT environment.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://www.siemens.com/cert/operational-guidelines-industrial-security",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://www.siemens.com/cert/operational-guidelines-industrial-security"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ]
    }
  ]
}

ICSA-17-306-01

Vulnerability from csaf_cisa - Published: 2017-11-02 00:00 - Updated: 2018-06-12 00:00

Summary

Siemens SIMATIC PCS 7 (Update A)

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

Risk evaluation

Successful exploitation of this vulnerability could allow a remote authenticated attacker to crash services on the devices.

Critical infrastructure sectors

Chemical, Energy, Food and Agriculture, and Water and Wastewater Systems

Countries/areas deployed

Worldwide

Company headquarters location

Germany

Recommended Practices

NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Sergey Temnikov",
          "Vladimir Dashchenko"
        ],
        "organization": "Kaspersky Labs",
        "summary": "reporting the vulnerability to Siemens"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability could allow a remote authenticated attacker to crash services on the devices.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Chemical, Energy, Food and Agriculture, and Water and Wastewater Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and \nsolutions, please contact the Siemens ProductCERT:\n\nhttps://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and  solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-306-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-306-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-306-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-306-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "SSA-496604: SSA-523365: Vulnerability in SIMATIC PCS 7 - TXT Version",
        "url": "https://cert-portal.siemens.com/productcert/txt/SSA-523365.txt"
      }
    ],
    "title": "Siemens SIMATIC PCS 7 (Update A)",
    "tracking": {
      "current_release_date": "2018-06-12T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-17-306-01",
      "initial_release_date": "2017-11-02T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-11-02T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-17-306-01 Siemens SIMATIC PCS 7"
        },
        {
          "date": "2018-06-12T00:00:00.000000Z",
          "legacy_version": "A",
          "number": "2",
          "summary": "ICSA-17-306-01 Siemens SIMATIC PCS 7 (Update A)"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions \u003c V8.1 SP1 with WinCC V7.3 Upd 13",
                "product": {
                  "name": "SIMATIC PCS 7 V8.1: All versions \u003c V8.1 SP1 with WinCC V7.3 Upd 13",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC PCS 7 V8.1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "All versions \u003c V8.2 SP1",
                "product": {
                  "name": "SIMATIC PCS 7 V8.2: All versions \u003c V8.2 SP1",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC PCS 7 V8.2"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-6867",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An authenticated, remote attacker who is member of the \"administrators\" group couldcrash services by sending specially crafted messages to the DCOM interface.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Apply cell protection concept",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Use VPN for protecting network communication between cells",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Apply Defense-in-Depth",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update WinCC to V7.3 Upd 13 - Download: https://support.industry.siemens.com/cs/ww/en/view/109746452 ",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109746452"
        },
        {
          "category": "mitigation",
          "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    }
  ]
}

GSD-2017-6867

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-6867

Aliases

CVE-2017-6867

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6867",
    "description": "A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the \"administrators\" group to crash services by sending specially crafted messages to the DCOM interface.",
    "id": "GSD-2017-6867"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6867"
      ],
      "details": "A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the \"administrators\" group to crash services by sending specially crafted messages to the DCOM interface.",
      "id": "GSD-2017-6867",
      "modified": "2023-12-13T01:21:09.862279Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2017-6867",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Siemens SIMATIC WinCC",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Siemens SIMATIC WinCC"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the \"administrators\" group to crash services by sending specially crafted messages to the DCOM interface."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-787: Out-of-bounds Write"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "98368",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/98368"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf",
            "refsource": "CONFIRM",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf"
          },
          {
            "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf",
            "refsource": "CONFIRM",
            "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):14:*:*:*:professional:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):13:sp1:*:*:professional:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_runtime:14:*:*:*:professional:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_runtime:13:sp1:*:*:professional:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2017-6867"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the \"administrators\" group to crash services by sending specially crafted messages to the DCOM interface."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf"
            },
            {
              "name": "98368",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/98368"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2018-06-14T01:29Z",
      "publishedDate": "2017-05-11T10:29Z"
    }
  }
}

FKIE_CVE-2017-6867

Vulnerability from fkie_nvd - Published: 2017-05-11 10:29 - Updated: 2025-04-20 01:37

Severity ?

4.9 (Medium) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
productcert@siemens.com	http://www.securityfocus.com/bid/98368	Third Party Advisory, VDB Entry
productcert@siemens.com	https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf
productcert@siemens.com	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/98368	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf
af854a3a-2127-422b-91ae-364da2661108	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf	Vendor Advisory

Impacted products

Vendor	Product	Version
siemens	simatic_wincc	7.3
siemens	simatic_wincc	7.4
siemens	simatic_wincc_\(tia_portal\)	13
siemens	simatic_wincc_\(tia_portal\)	14
siemens	simatic_wincc_runtime	13
siemens	simatic_wincc_runtime	14

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D6229A2-9B8E-4F76-8425-589D2CE58B16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F64B795A-7E66-49AE-BE40-E8EEAC12D280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):13:sp1:*:*:professional:*:*:*",
              "matchCriteriaId": "F8FA6B17-FA61-44FC-BAA7-AAC63ECBD996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):14:*:*:*:professional:*:*:*",
              "matchCriteriaId": "B0E21465-76ED-4803-A40A-539500B993F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc_runtime:13:sp1:*:*:professional:*:*:*",
              "matchCriteriaId": "57CE0216-AA81-416B-88D2-3321D2A2A16D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_wincc_runtime:14:*:*:*:professional:*:*:*",
              "matchCriteriaId": "D8893E54-CF26-448A-9C32-90E5F8D8CC84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the \"administrators\" group to crash services by sending specially crafted messages to the DCOM interface."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad en SIMATIC WinCC (versi\u00f3n V7.3 anterior a Upd 11 y versi\u00f3n V7.4 anterior a SP1), SIMATIC WinCC Runtime Professional (versi\u00f3n V13 anterior a SP2 y versi\u00f3n V14 anterior a SP1), SIMATIC WinCC (TIA Portal) Professional (versi\u00f3n V13 anterior a SP2 y versi\u00f3n V14 anterior a SP1) de Siemens, eso podr\u00eda permitir a un atacante remoto autenticado, quien es miembro del grupo de los \"administrators\" bloquear los servicios enviando mensajes especialmente dise\u00f1ados a la interfaz DCOM."
    }
  ],
  "id": "CVE-2017-6867",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-11T10:29:00.260",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98368"
    },
    {
      "source": "productcert@siemens.com",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf"
    },
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98368"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-6867 (GCVE-0-2017-6867)

Solution

Solution

Tags

Sightings

Nomenclature