cvelistv5 - cve-2017-9940

CVE-2017-9940 (GCVE-0-2017-9940)

Vulnerability from cvelistv5 – Published: 2017-08-08 00:00 – Updated: 2024-08-05 17:25

Summary

Severity ?

No CVSS data available.

CWE

CWE-269 - Improper Privilege Management

Assigner

siemens

References

URL

Tags

	https://www.siemens.com/cert/pool/cert/siemens_se…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/99578	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	SiPass integrated All versions before V2.70	Affected: SiPass integrated All versions before V2.70

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:25:00.497Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
          },
          {
            "name": "99578",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99578"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SiPass integrated All versions before V2.70",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "SiPass integrated All versions before V2.70"
            }
          ]
        }
      ],
      "datePublic": "2017-08-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269: Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-08T09:57:01",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
        },
        {
          "name": "99578",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99578"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2017-9940",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SiPass integrated All versions before V2.70",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SiPass integrated All versions before V2.70"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-269: Improper Privilege Management"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf",
              "refsource": "CONFIRM",
              "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
            },
            {
              "name": "99578",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99578"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2017-9940",
    "datePublished": "2017-08-08T00:00:00",
    "dateReserved": "2017-06-26T00:00:00",
    "dateUpdated": "2024-08-05T17:25:00.497Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:sipass_integrated:*:sp2:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.65\", \"matchCriteriaId\": \"2375DDBA-DBFD-49DB-9B13-0D832E21146B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network.\"}, {\"lang\": \"es\", \"value\": \"Se ha descubierto una vulnerabilidad en Siemens SiPass integrated (todas las versiones anteriores a la V2.70) que podr\\u00eda permitir que un atacante con acceso a una cuenta de usuario con pocos privilegios leyese o escribiese archivos en el sistema de archivos del servidor SiPass integrated en la red.\"}]",
      "id": "CVE-2017-9940",
      "lastModified": "2024-11-21T03:37:13.167",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:N\", \"baseScore\": 5.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-08-08T00:29:00.417",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/99578\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/99578\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "productcert@siemens.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"productcert@siemens.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-9940\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2017-08-08T00:29:00.417\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto una vulnerabilidad en Siemens SiPass integrated (todas las versiones anteriores a la V2.70) que podr\u00eda permitir que un atacante con acceso a una cuenta de usuario con pocos privilegios leyese o escribiese archivos en el sistema de archivos del servidor SiPass integrated en la red.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:N\",\"baseScore\":5.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sipass_integrated:*:sp2:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.65\",\"matchCriteriaId\":\"2375DDBA-DBFD-49DB-9B13-0D832E21146B\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/99578\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99578\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-9JH8-JXMJ-8C4H

Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36

Details

Severity ?

8.1 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-9940"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-08T00:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network.",
  "id": "GHSA-9jh8-jxmj-8c4h",
  "modified": "2022-05-13T01:36:04Z",
  "published": "2022-05-13T01:36:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9940"
    },
    {
      "type": "WEB",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99578"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2017-9940

Vulnerability from fkie_nvd - Published: 2017-08-08 00:29 - Updated: 2025-04-20 01:37

Severity ?

8.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Summary

References

URL	Tags
productcert@siemens.com	http://www.securityfocus.com/bid/99578	Third Party Advisory, VDB Entry
productcert@siemens.com	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99578	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf	Vendor Advisory

Impacted products

	Vendor	Product	Version
	siemens	sipass_integrated	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:sipass_integrated:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2375DDBA-DBFD-49DB-9B13-0D832E21146B",
              "versionEndIncluding": "2.65",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto una vulnerabilidad en Siemens SiPass integrated (todas las versiones anteriores a la V2.70) que podr\u00eda permitir que un atacante con acceso a una cuenta de usuario con pocos privilegios leyese o escribiese archivos en el sistema de archivos del servidor SiPass integrated en la red."
    }
  ],
  "id": "CVE-2017-9940",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-08T00:29:00.417",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99578"
    },
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99578"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ICSA-17-194-01

Vulnerability from csaf_cisa - Published: 2017-07-13 00:00 - Updated: 2017-07-13 00:00

Summary

Siemens SiPass integrated

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

ATTENTION: Remotely exploitable/low skill level to exploit.

Critical infrastructure sectors

Energy, Healthcare and Public Health, Transportation Systems

Countries/areas deployed

Worldwide

Company headquarters location

Germany

Recommended Practices

NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:

Recommended Practices

ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.

Recommended Practices

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Siemens",
        "summary": "reporting these vulnerabilities"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "ATTENTION: Remotely exploitable/low skill level to exploit.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Energy, Healthcare and Public Health, Transportation Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-194-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-194-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-194-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-194-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-194-01"
      }
    ],
    "title": "Siemens SiPass integrated",
    "tracking": {
      "current_release_date": "2017-07-13T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-17-194-01",
      "initial_release_date": "2017-07-13T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-07-13T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-17-194-01 Siemens SiPass integrated"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 2.70",
                "product": {
                  "name": "SiPass integrated: All versions prior to V2.70",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "SiPass integrated"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-9939",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An attacker with network access to the SiPass integrated server could bypass the authentication mechanism and perform administrative operations.CVE-2017-9939 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9939"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Siemens provides SiPass integrated V2.70, which fixes the vulnerabilities, and recommends users update to the new version. The new version can be obtained from Siemens customer support or from authorized partners.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-339433 at the following location:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "http://www.siemens.com/cert/advisories",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "http://www.siemens.com/cert/advisories"
        },
        {
          "category": "vendor_fix",
          "details": "In addition, ICS-CERT recommends that users take the following measures to protect themselves from social engineering attacks:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2017-9940",
      "cwe": {
        "id": "CWE-269",
        "name": "Improper Privilege Management"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An attacker with access to a low-privileged user account can read or write files on the file system of the SiPass integrated server over the network.CVE-2017-9940 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9940"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Siemens provides SiPass integrated V2.70, which fixes the vulnerabilities, and recommends users update to the new version. The new version can be obtained from Siemens customer support or from authorized partners.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-339433 at the following location:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "http://www.siemens.com/cert/advisories",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "http://www.siemens.com/cert/advisories"
        },
        {
          "category": "vendor_fix",
          "details": "In addition, ICS-CERT recommends that users take the following measures to protect themselves from social engineering attacks:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2017-9941",
      "cwe": {
        "id": "CWE-300",
        "name": "Channel Accessible by Non-Endpoint"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An attacker in a Man-in-the-Middle position between the SiPass integrated server and SiPass integrated clients could read or modify the network communication.CVE-2017-9941 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9941"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Siemens provides SiPass integrated V2.70, which fixes the vulnerabilities, and recommends users update to the new version. The new version can be obtained from Siemens customer support or from authorized partners.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-339433 at the following location:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "http://www.siemens.com/cert/advisories",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "http://www.siemens.com/cert/advisories"
        },
        {
          "category": "vendor_fix",
          "details": "In addition, ICS-CERT recommends that users take the following measures to protect themselves from social engineering attacks:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2017-9942",
      "cwe": {
        "id": "CWE-257",
        "name": "Storing Passwords in a Recoverable Format"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An attacker with local access to the SiPass integrated server or SiPass integrated client could potentially obtain credentials from the systems.CVE-2017-9942 has been assigned to this vulnerability. A CVSS v3 base score of 6.2 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9942"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Siemens provides SiPass integrated V2.70, which fixes the vulnerabilities, and recommends users update to the new version. The new version can be obtained from Siemens customer support or from authorized partners.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-339433 at the following location:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "http://www.siemens.com/cert/advisories",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "http://www.siemens.com/cert/advisories"
        },
        {
          "category": "vendor_fix",
          "details": "In addition, ICS-CERT recommends that users take the following measures to protect themselves from social engineering attacks:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

GSD-2017-9940

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-9940

Aliases

CVE-2017-9940

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-9940",
    "description": "A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network.",
    "id": "GSD-2017-9940"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-9940"
      ],
      "details": "A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network.",
      "id": "GSD-2017-9940",
      "modified": "2023-12-13T01:21:07.877724Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2017-9940",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SiPass integrated All versions before V2.70",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "SiPass integrated All versions before V2.70"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-269: Improper Privilege Management"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf",
            "refsource": "CONFIRM",
            "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
          },
          {
            "name": "99578",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99578"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.65",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2017-9940"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-269"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
            },
            {
              "name": "99578",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99578"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2019-10-09T23:30Z",
      "publishedDate": "2017-08-08T00:29Z"
    }
  }
}

CERTFR-2017-AVI-213

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans SCADA les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Siemens	N/A	SIMATIC Logon toutes versions antérieures à 1.6
	Siemens	N/A	SiPass integrated toutes versions antérieures à 2.70

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-339433 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Siemens SSA-804859 du 12 juillet 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC Logon toutes versions ant\u00e9rieures \u00e0 1.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SiPass integrated toutes versions ant\u00e9rieures \u00e0 2.70",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-9938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9938"
    },
    {
      "name": "CVE-2017-9939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9939"
    },
    {
      "name": "CVE-2017-9942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9942"
    },
    {
      "name": "CVE-2017-9941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9941"
    },
    {
      "name": "CVE-2017-9940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9940"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-213",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-07-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eSCADA les produits Siemens\u003c/span\u003e. Certaines d\u0027entre\nelles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-339433 du 12 juillet 2017",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-804859 du 12 juillet 2017",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-804859.pdf"
    }
  ]
}

CERTFR-2017-AVI-213

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Siemens	N/A	SIMATIC Logon toutes versions antérieures à 1.6
	Siemens	N/A	SiPass integrated toutes versions antérieures à 2.70

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-339433 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Siemens SSA-804859 du 12 juillet 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC Logon toutes versions ant\u00e9rieures \u00e0 1.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SiPass integrated toutes versions ant\u00e9rieures \u00e0 2.70",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-9938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9938"
    },
    {
      "name": "CVE-2017-9939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9939"
    },
    {
      "name": "CVE-2017-9942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9942"
    },
    {
      "name": "CVE-2017-9941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9941"
    },
    {
      "name": "CVE-2017-9940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9940"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-213",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-07-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eSCADA les produits Siemens\u003c/span\u003e. Certaines d\u0027entre\nelles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-339433 du 12 juillet 2017",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-804859 du 12 juillet 2017",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-804859.pdf"
    }
  ]
}

CNVD-2017-14603

Vulnerability from cnvd - Published: 2017-07-15

Title

Siemens SiPass integrated文件读写漏洞

Description

SiPass server是SiPass集中访问控制系统的组件，接收客户端的连接进行通信。 Siemens SiPass integrated存在文件读写漏洞，访问低权限用户帐户的攻击者可以通过网络在SiPass集成服务器的文件系统上读取或写入文件。

Severity

高

Patch Name

Siemens SiPass integrated文件读写漏洞的补丁

Patch Description

SiPass server是SiPass集中访问控制系统的组件，接收客户端的连接进行通信。 Siemens SiPass integrated存在文件读写漏洞，访问低权限用户帐户的攻击者可以通过网络在SiPass集成服务器的文件系统上读取或写入文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可联系供应商获得补丁信息： https://www.siemens.com/cert/advisories/

Reference

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf

Impacted products

Name
Siemens SiPass integrated <2.70

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-9940"
    }
  },
  "description": "SiPass server\u662fSiPass\u96c6\u4e2d\u8bbf\u95ee\u63a7\u5236\u7cfb\u7edf\u7684\u7ec4\u4ef6\uff0c\u63a5\u6536\u5ba2\u6237\u7aef\u7684\u8fde\u63a5\u8fdb\u884c\u901a\u4fe1\u3002\r\n\r\nSiemens SiPass integrated\u5b58\u5728\u6587\u4ef6\u8bfb\u5199\u6f0f\u6d1e\uff0c\u8bbf\u95ee\u4f4e\u6743\u9650\u7528\u6237\u5e10\u6237\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u7f51\u7edc\u5728SiPass\u96c6\u6210\u670d\u52a1\u5668\u7684\u6587\u4ef6\u7cfb\u7edf\u4e0a\u8bfb\u53d6\u6216\u5199\u5165\u6587\u4ef6\u3002",
  "discovererName": "Siemens",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a \r\nhttps://www.siemens.com/cert/advisories/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-14603",
  "openTime": "2017-07-15",
  "patchDescription": "SiPass server\u662fSiPass\u96c6\u4e2d\u8bbf\u95ee\u63a7\u5236\u7cfb\u7edf\u7684\u7ec4\u4ef6\uff0c\u63a5\u6536\u5ba2\u6237\u7aef\u7684\u8fde\u63a5\u8fdb\u884c\u901a\u4fe1\u3002\r\n\r\nSiemens SiPass integrated\u5b58\u5728\u6587\u4ef6\u8bfb\u5199\u6f0f\u6d1e\uff0c\u8bbf\u95ee\u4f4e\u6743\u9650\u7528\u6237\u5e10\u6237\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u7f51\u7edc\u5728SiPass\u96c6\u6210\u670d\u52a1\u5668\u7684\u6587\u4ef6\u7cfb\u7edf\u4e0a\u8bfb\u53d6\u6216\u5199\u5165\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SiPass integrated\u6587\u4ef6\u8bfb\u5199\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Siemens SiPass integrated \u003c2.70"
  },
  "referenceLink": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf",
  "serverity": "\u9ad8",
  "submitTime": "2017-07-13",
  "title": "Siemens SiPass integrated\u6587\u4ef6\u8bfb\u5199\u6f0f\u6d1e"
}

VAR-201708-1517

Vulnerability from variot - Updated: 2023-12-18 12:03

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network. Siemens SiPass integrated Contains an access control vulnerability.Information may be obtained and information may be altered. The SiPass server is a component of the SiPass centralized access control system that receives the client's connection for communication. There is a file read/write vulnerability in Siemens SiPass integrated. An authentication-bypass vulnerability 2. A privilege-escalation vulnerability 3. A man-in-the-middle security bypass vulnerability 4. An information-disclosure vulnerability An attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions by conducting a man-in-the-middle attack, gain unauthorized access or elevated privileges. Versions prior to SiPass integrated 2.70 are vulnerable

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1517",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sipass integrated",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.65"
      },
      {
        "model": "sipass integrated",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "2.70"
      },
      {
        "model": "sipass integrated",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "2.70"
      },
      {
        "model": "sipass integrated",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "2.65"
      },
      {
        "model": "sipass integrated mp2.6",
        "scope": null,
        "trust": 0.3,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sipass integrated mp2.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sipass integrated mp2.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "sipass integrated",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2.70"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "sipass integrated",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "6ba0449d-be86-414d-9d46-b1977cf1c756"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-14603"
      },
      {
        "db": "BID",
        "id": "99578"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006972"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9940"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-606"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:sipass_integrated:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.65",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-9940"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens",
    "sources": [
      {
        "db": "BID",
        "id": "99578"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-9940",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-9940",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 9.4,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-14603",
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 9.4,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "6ba0449d-be86-414d-9d46-b1977cf1c756",
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-118143",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 8.1,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-9940",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-9940",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-14603",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201707-606",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "6ba0449d-be86-414d-9d46-b1977cf1c756",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-118143",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "6ba0449d-be86-414d-9d46-b1977cf1c756"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-14603"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118143"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006972"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9940"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-606"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network. Siemens SiPass integrated Contains an access control vulnerability.Information may be obtained and information may be altered. The SiPass server is a component of the SiPass centralized access control system that receives the client\u0027s connection for communication. There is a file read/write vulnerability in Siemens SiPass integrated. An authentication-bypass vulnerability\n2. A privilege-escalation vulnerability\n3. A man-in-the-middle security bypass vulnerability\n4. An information-disclosure vulnerability\nAn attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions by conducting a man-in-the-middle attack, gain unauthorized access or elevated privileges. \nVersions prior to SiPass integrated 2.70 are vulnerable",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-9940"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006972"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-14603"
      },
      {
        "db": "BID",
        "id": "99578"
      },
      {
        "db": "IVD",
        "id": "6ba0449d-be86-414d-9d46-b1977cf1c756"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118143"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-9940",
        "trust": 3.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-339433",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "99578",
        "trust": 2.0
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-606",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-14603",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006972",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-194-01",
        "trust": 0.3
      },
      {
        "db": "IVD",
        "id": "6BA0449D-BE86-414D-9D46-B1977CF1C756",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-118143",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "6ba0449d-be86-414d-9d46-b1977cf1c756"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-14603"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118143"
      },
      {
        "db": "BID",
        "id": "99578"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006972"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9940"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-606"
      }
    ]
  },
  "id": "VAR-201708-1517",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "6ba0449d-be86-414d-9d46-b1977cf1c756"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-14603"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118143"
      }
    ],
    "trust": 1.48787876
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "6ba0449d-be86-414d-9d46-b1977cf1c756"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-14603"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:03:28.382000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-339433",
        "trust": 0.8,
        "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
      },
      {
        "title": "Siemens SiPass integrated file read and write vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/98176"
      },
      {
        "title": "Siemens SiPass integrated Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71720"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14603"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006972"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-606"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-269",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118143"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006972"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9940"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/99578"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9940"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9940"
      },
      {
        "trust": 0.3,
        "url": "http://subscriber.communications.siemens.com/"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-194-01"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14603"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118143"
      },
      {
        "db": "BID",
        "id": "99578"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006972"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9940"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-606"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "6ba0449d-be86-414d-9d46-b1977cf1c756"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-14603"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118143"
      },
      {
        "db": "BID",
        "id": "99578"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006972"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9940"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-606"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-15T00:00:00",
        "db": "IVD",
        "id": "6ba0449d-be86-414d-9d46-b1977cf1c756"
      },
      {
        "date": "2017-07-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-14603"
      },
      {
        "date": "2017-08-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118143"
      },
      {
        "date": "2017-07-13T00:00:00",
        "db": "BID",
        "id": "99578"
      },
      {
        "date": "2017-09-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-006972"
      },
      {
        "date": "2017-08-08T00:29:00.417000",
        "db": "NVD",
        "id": "CVE-2017-9940"
      },
      {
        "date": "2017-07-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-606"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-14603"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118143"
      },
      {
        "date": "2017-07-13T00:00:00",
        "db": "BID",
        "id": "99578"
      },
      {
        "date": "2017-09-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-006972"
      },
      {
        "date": "2019-10-09T23:30:53.470000",
        "db": "NVD",
        "id": "CVE-2017-9940"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-606"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-606"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens SiPass integrated Access control vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006972"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-606"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-9940 (GCVE-0-2017-9940)

Solution

Solution

Tags

Sightings

Nomenclature