Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2019-6570
Vulnerability from cvelistv5
▼ | URL | Tags | |
---|---|---|---|
productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf | Patch, Vendor Advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | SINEMA Remote Connect Server |
Version: All versions < V2.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:23:22.082Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SINEMA Remote Connect Server", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-280", "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges ", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-15T17:03:30", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2019-6570", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SINEMA Remote Connect Server", "version": { "version_data": [ { "version_value": "All versions \u003c V2.0" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-280: Improper Handling of Insufficient Permissions or Privileges " } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2019-6570", "datePublished": "2019-04-17T13:40:24", "dateReserved": "2019-01-22T00:00:00", "dateUpdated": "2024-08-04T20:23:22.082Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2019-6570\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2019-04-17T14:29:03.730\",\"lastModified\":\"2024-11-21T04:46:43.400\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a V2.0). Debido a la insuficiente comprobaci\u00f3n de los permisos de los usuarios, un atacante puede acceder a URLs que requieren una autorizaci\u00f3n especial. Un atacante debe tener acceso a una cuenta con pocos privilegios para poder explotar la vulnerabilidad\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-280\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0\",\"matchCriteriaId\":\"5AB7DB4A-B5E8-4D44-8006-4675EA8CD8B1\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}" } }
icsa-19-099-04
Vulnerability from csaf_cisa
Notes
{ "document": { "acknowledgments": [ { "organization": "Siemens ProductCERT", "summary": "reporting these vulnerabilities to CISA" } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited", "tlp": { "label": "WHITE", "url": "https://us-cert.cisa.gov/tlp/" } }, "lang": "en-US", "notes": [ { "category": "general", "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", "title": "CISA Disclaimer" }, { "category": "legal_disclaimer", "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", "title": "Legal Notice" }, { "category": "summary", "text": "Successful exploitation of these vulnerabilities could allow an attacker to circumvent the system authorization for certain functionalities, and to execute privileged functions.", "title": "Risk evaluation" }, { "category": "other", "text": "Chemical, Critical Manufacturing, Energy, Food and Agriculture, Water and Wastewater", "title": "Critical infrastructure sectors" }, { "category": "other", "text": "Worldwide", "title": "Countries/areas deployed" }, { "category": "other", "text": "Germany", "title": "Company headquarters location" }, { "category": "general", "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:", "title": "Recommended Practices" }, { "category": "general", "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.", "title": "Recommended Practices" }, { "category": "general", "text": "Impact of libcurl vulnerabilities to other Siemens products:\n\n- - Siemens Security Advisory SSA-936080\n\nFor more details regarding the libcurl vulnerability refer to:\n\n- - Project curl Security Advisory \"NTLM type-2 out-of-bounds buffer\n read\"\n\n- - Project curl Security Advisory \"NTLMv2 type-3 header stack buffer\n overflow\"\n\n- - Project curl Security Advisory \"SMTP end-of-response out-of-bounds\n read\"\n\nFor further inquiries on security vulnerabilities in Siemens products and \nsolutions, please contact the Siemens ProductCERT:\n\nhttps://www.siemens.com/cert/advisories", "title": "Additional Resources" }, { "category": "general", "text": "Impact of libcurl vulnerabilities to other Siemens products: - - Siemens Security Advisory SSA-936080 For more details regarding the libcurl vulnerability refer to: - - Project curl Security Advisory \"NTLM type-2 out-of-bounds buffer read\" - - Project curl Security Advisory \"NTLMv2 type-3 header stack buffer overflow\" - - Project curl Security Advisory \"SMTP end-of-response out-of-bounds read\" For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", "title": "Additional Resources" }, { "category": "other", "text": "No known public exploits specifically target these vulnerabilities.", "title": "Exploitability" } ], "publisher": { "category": "coordinator", "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870", "name": "CISA", "namespace": "https://www.cisa.gov/" }, "references": [ { "category": "self", "summary": "ICS Advisory ICSA-19-099-04 JSON", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-099-04.json" }, { "category": "self", "summary": "ICS Advisory ICSA-19-099-04 Web Version", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-099-04" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B" }, { "category": "external", "summary": "SSA-496604: SSA-436177: Multiple Vulnerabilities in SINEMA Remote Connect - TXT Version", "url": "https://cert-portal.siemens.com/productcert/txt/SSA-436177.txt" } ], "title": "Siemens SINEMA Remote Connect (Update A)", "tracking": { "current_release_date": "2021-03-09T00:00:00.000000Z", "generator": { "engine": { "name": "CISA CSAF Generator", "version": "1.0.0" } }, "id": "ICSA-19-099-04", "initial_release_date": "2019-04-09T00:00:00.000000Z", "revision_history": [ { "date": "2019-04-09T00:00:00.000000Z", "legacy_version": "Initial", "number": "1", "summary": "ICSA-19-099-04 Siemens SINEMA Remote Connect" }, { "date": "2021-03-09T00:00:00.000000Z", "legacy_version": "A", "number": "2", "summary": "ICSA-19-099-04 Siemens SINEMA Remote Connect (Update A)" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "All versions \u003c V2.0 HF1", "product": { "name": "SINEMA Remote Connect Client: All versions \u003c V2.0 HF1", "product_id": "CSAFPID-0001" } } ], "category": "product_name", "name": "SINEMA Remote Connect Client" }, { "branches": [ { "category": "product_version_range", "name": "All versions \u003c V2.0", "product": { "name": "SINEMA Remote Connect Server: All versions \u003c V2.0", "product_id": "CSAFPID-0002" } } ], "category": "product_name", "name": "SINEMA Remote Connect Server" } ], "category": "vendor", "name": "Siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-14618", "cwe": { "id": "CWE-131", "name": "Incorrect Calculation of Buffer Size" }, "notes": [ { "category": "summary", "text": "The libcurl library versions 7.15.4 to and including 7.61.0 are vulnerable to a buffer overrun. The flaw is caused by an improper calculation of the required buffer size in the Curl_ntlm_core_mk_nt_hash function of libcurl.", "title": "Summary" }, { "category": "summary", "text": "The security vulnerability could be exploited by an attacker providing a malicious HTTP server.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "https://support.industry.siemens.com/cs/de/en/view/109764829/", "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14618" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "remediations": [ { "category": "vendor_fix", "details": "Turn off NTLM authentication to mitigate CVE-2018-16890 and\nCVE-2019-3822", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Turn off SMTP to mitigate CVE-2019-3823", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Update to V2.0 HF1 - Download: https://support.industry.siemens.com/cs/de/en/view/109764829/ ", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] }, { "cve": "CVE-2018-16890", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "summary", "text": "The libcurl library versions 7.34.0 to and including 7.63.0 are vulnerable to a heap buffer out-of-bounds read.", "title": "Summary" }, { "category": "summary", "text": "The security vulnerability could be exploited by an attacker providing a malicious HTTP server.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "https://support.industry.siemens.com/cs/de/en/view/109764829/", "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16890" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "remediations": [ { "category": "vendor_fix", "details": "Turn off NTLM authentication to mitigate CVE-2018-16890 and\nCVE-2019-3822", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Turn off SMTP to mitigate CVE-2019-3823", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Update to V2.0 HF1 - Download: https://support.industry.siemens.com/cs/de/en/view/109764829/ ", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] }, { "cve": "CVE-2019-3822", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "summary", "text": "The libcurl library versions 7.34.0 to and including 7.63.0 are vulnerable to a stack-based buffer overflow.", "title": "Summary" }, { "category": "summary", "text": "The security vulnerability could be exploited by an attacker providing a malicious HTTP server.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "https://support.industry.siemens.com/cs/de/en/view/109764829/", "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3822" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "remediations": [ { "category": "vendor_fix", "details": "Turn off NTLM authentication to mitigate CVE-2018-16890 and\nCVE-2019-3822", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Turn off SMTP to mitigate CVE-2019-3823", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Update to V2.0 HF1 - Download: https://support.industry.siemens.com/cs/de/en/view/109764829/ ", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] }, { "cve": "CVE-2019-3823", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "summary", "text": "The libcurl library versions 7.34.0 to and including 7.63.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP.", "title": "Summary" }, { "category": "summary", "text": "This vulnerability could allow an attacker to trigger a Denial-of-Service condition on the affected devices.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "https://support.industry.siemens.com/cs/de/en/view/109764829/", "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3823" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "remediations": [ { "category": "vendor_fix", "details": "Turn off NTLM authentication to mitigate CVE-2018-16890 and\nCVE-2019-3822", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Turn off SMTP to mitigate CVE-2019-3823", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Update to V2.0 HF1 - Download: https://support.industry.siemens.com/cs/de/en/view/109764829/ ", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] }, { "cve": "CVE-2019-6570", "cwe": { "id": "CWE-280", "name": "Improper Handling of Insufficient Permissions or Privileges " }, "notes": [ { "category": "summary", "text": "Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization.", "title": "Summary" }, { "category": "summary", "text": "An attacker must have access to a low privileged account in order to exploit the vulnerability.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "https://support.industry.siemens.com/cs/de/en/view/109764829/", "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6570" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H" } ], "remediations": [ { "category": "vendor_fix", "details": "Turn off NTLM authentication to mitigate CVE-2018-16890 and\nCVE-2019-3822", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Turn off SMTP to mitigate CVE-2019-3823", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Update to V2.0 - Download: https://support.industry.siemens.com/cs/de/en/view/109764829/ ", "product_ids": [ "CSAFPID-0002" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] } ] }
ICSA-19-099-04
Vulnerability from csaf_cisa
Notes
{ "document": { "acknowledgments": [ { "organization": "Siemens ProductCERT", "summary": "reporting these vulnerabilities to CISA" } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited", "tlp": { "label": "WHITE", "url": "https://us-cert.cisa.gov/tlp/" } }, "lang": "en-US", "notes": [ { "category": "general", "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", "title": "CISA Disclaimer" }, { "category": "legal_disclaimer", "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", "title": "Legal Notice" }, { "category": "summary", "text": "Successful exploitation of these vulnerabilities could allow an attacker to circumvent the system authorization for certain functionalities, and to execute privileged functions.", "title": "Risk evaluation" }, { "category": "other", "text": "Chemical, Critical Manufacturing, Energy, Food and Agriculture, Water and Wastewater", "title": "Critical infrastructure sectors" }, { "category": "other", "text": "Worldwide", "title": "Countries/areas deployed" }, { "category": "other", "text": "Germany", "title": "Company headquarters location" }, { "category": "general", "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:", "title": "Recommended Practices" }, { "category": "general", "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.", "title": "Recommended Practices" }, { "category": "general", "text": "Impact of libcurl vulnerabilities to other Siemens products:\n\n- - Siemens Security Advisory SSA-936080\n\nFor more details regarding the libcurl vulnerability refer to:\n\n- - Project curl Security Advisory \"NTLM type-2 out-of-bounds buffer\n read\"\n\n- - Project curl Security Advisory \"NTLMv2 type-3 header stack buffer\n overflow\"\n\n- - Project curl Security Advisory \"SMTP end-of-response out-of-bounds\n read\"\n\nFor further inquiries on security vulnerabilities in Siemens products and \nsolutions, please contact the Siemens ProductCERT:\n\nhttps://www.siemens.com/cert/advisories", "title": "Additional Resources" }, { "category": "general", "text": "Impact of libcurl vulnerabilities to other Siemens products: - - Siemens Security Advisory SSA-936080 For more details regarding the libcurl vulnerability refer to: - - Project curl Security Advisory \"NTLM type-2 out-of-bounds buffer read\" - - Project curl Security Advisory \"NTLMv2 type-3 header stack buffer overflow\" - - Project curl Security Advisory \"SMTP end-of-response out-of-bounds read\" For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", "title": "Additional Resources" }, { "category": "other", "text": "No known public exploits specifically target these vulnerabilities.", "title": "Exploitability" } ], "publisher": { "category": "coordinator", "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870", "name": "CISA", "namespace": "https://www.cisa.gov/" }, "references": [ { "category": "self", "summary": "ICS Advisory ICSA-19-099-04 JSON", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-099-04.json" }, { "category": "self", "summary": "ICS Advisory ICSA-19-099-04 Web Version", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-099-04" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B" }, { "category": "external", "summary": "SSA-496604: SSA-436177: Multiple Vulnerabilities in SINEMA Remote Connect - TXT Version", "url": "https://cert-portal.siemens.com/productcert/txt/SSA-436177.txt" } ], "title": "Siemens SINEMA Remote Connect (Update A)", "tracking": { "current_release_date": "2021-03-09T00:00:00.000000Z", "generator": { "engine": { "name": "CISA CSAF Generator", "version": "1.0.0" } }, "id": "ICSA-19-099-04", "initial_release_date": "2019-04-09T00:00:00.000000Z", "revision_history": [ { "date": "2019-04-09T00:00:00.000000Z", "legacy_version": "Initial", "number": "1", "summary": "ICSA-19-099-04 Siemens SINEMA Remote Connect" }, { "date": "2021-03-09T00:00:00.000000Z", "legacy_version": "A", "number": "2", "summary": "ICSA-19-099-04 Siemens SINEMA Remote Connect (Update A)" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "All versions \u003c V2.0 HF1", "product": { "name": "SINEMA Remote Connect Client: All versions \u003c V2.0 HF1", "product_id": "CSAFPID-0001" } } ], "category": "product_name", "name": "SINEMA Remote Connect Client" }, { "branches": [ { "category": "product_version_range", "name": "All versions \u003c V2.0", "product": { "name": "SINEMA Remote Connect Server: All versions \u003c V2.0", "product_id": "CSAFPID-0002" } } ], "category": "product_name", "name": "SINEMA Remote Connect Server" } ], "category": "vendor", "name": "Siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-14618", "cwe": { "id": "CWE-131", "name": "Incorrect Calculation of Buffer Size" }, "notes": [ { "category": "summary", "text": "The libcurl library versions 7.15.4 to and including 7.61.0 are vulnerable to a buffer overrun. The flaw is caused by an improper calculation of the required buffer size in the Curl_ntlm_core_mk_nt_hash function of libcurl.", "title": "Summary" }, { "category": "summary", "text": "The security vulnerability could be exploited by an attacker providing a malicious HTTP server.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "https://support.industry.siemens.com/cs/de/en/view/109764829/", "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14618" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "remediations": [ { "category": "vendor_fix", "details": "Turn off NTLM authentication to mitigate CVE-2018-16890 and\nCVE-2019-3822", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Turn off SMTP to mitigate CVE-2019-3823", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Update to V2.0 HF1 - Download: https://support.industry.siemens.com/cs/de/en/view/109764829/ ", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] }, { "cve": "CVE-2018-16890", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "summary", "text": "The libcurl library versions 7.34.0 to and including 7.63.0 are vulnerable to a heap buffer out-of-bounds read.", "title": "Summary" }, { "category": "summary", "text": "The security vulnerability could be exploited by an attacker providing a malicious HTTP server.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "https://support.industry.siemens.com/cs/de/en/view/109764829/", "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16890" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "remediations": [ { "category": "vendor_fix", "details": "Turn off NTLM authentication to mitigate CVE-2018-16890 and\nCVE-2019-3822", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Turn off SMTP to mitigate CVE-2019-3823", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Update to V2.0 HF1 - Download: https://support.industry.siemens.com/cs/de/en/view/109764829/ ", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] }, { "cve": "CVE-2019-3822", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "summary", "text": "The libcurl library versions 7.34.0 to and including 7.63.0 are vulnerable to a stack-based buffer overflow.", "title": "Summary" }, { "category": "summary", "text": "The security vulnerability could be exploited by an attacker providing a malicious HTTP server.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "https://support.industry.siemens.com/cs/de/en/view/109764829/", "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3822" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "remediations": [ { "category": "vendor_fix", "details": "Turn off NTLM authentication to mitigate CVE-2018-16890 and\nCVE-2019-3822", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Turn off SMTP to mitigate CVE-2019-3823", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Update to V2.0 HF1 - Download: https://support.industry.siemens.com/cs/de/en/view/109764829/ ", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] }, { "cve": "CVE-2019-3823", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "summary", "text": "The libcurl library versions 7.34.0 to and including 7.63.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP.", "title": "Summary" }, { "category": "summary", "text": "This vulnerability could allow an attacker to trigger a Denial-of-Service condition on the affected devices.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "https://support.industry.siemens.com/cs/de/en/view/109764829/", "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3823" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "remediations": [ { "category": "vendor_fix", "details": "Turn off NTLM authentication to mitigate CVE-2018-16890 and\nCVE-2019-3822", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Turn off SMTP to mitigate CVE-2019-3823", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Update to V2.0 HF1 - Download: https://support.industry.siemens.com/cs/de/en/view/109764829/ ", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] }, { "cve": "CVE-2019-6570", "cwe": { "id": "CWE-280", "name": "Improper Handling of Insufficient Permissions or Privileges " }, "notes": [ { "category": "summary", "text": "Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization.", "title": "Summary" }, { "category": "summary", "text": "An attacker must have access to a low privileged account in order to exploit the vulnerability.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "https://support.industry.siemens.com/cs/de/en/view/109764829/", "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6570" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H" } ], "remediations": [ { "category": "vendor_fix", "details": "Turn off NTLM authentication to mitigate CVE-2018-16890 and\nCVE-2019-3822", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Turn off SMTP to mitigate CVE-2019-3823", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Update to V2.0 - Download: https://support.industry.siemens.com/cs/de/en/view/109764829/ ", "product_ids": [ "CSAFPID-0002" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] } ] }
ICSA-21-068-10
Vulnerability from csaf_cisa
Notes
{ "document": { "acknowledgments": [ { "organization": "Siemens", "summary": "reporting this vulnerability to CISA" } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited", "tlp": { "label": "WHITE", "url": "https://us-cert.cisa.gov/tlp/" } }, "lang": "en-US", "notes": [ { "category": "general", "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", "title": "CISA Disclaimer" }, { "category": "legal_disclaimer", "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", "title": "Legal Notice" }, { "category": "summary", "text": "Successful exploitation of this third-party vulnerability could allow an attacker to cause a denial-of-service condition on the affected devices.", "title": "Risk evaluation" }, { "category": "other", "text": "Multiple", "title": "Critical infrastructure sectors" }, { "category": "other", "text": "Worldwide", "title": "Countries/areas deployed" }, { "category": "other", "text": "Germany", "title": "Company headquarters location" }, { "category": "general", "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:", "title": "Recommended Practices" }, { "category": "general", "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.", "title": "Recommended Practices" }, { "category": "general", "text": "Impact of libcurl vulnerabilities to other Siemens products:\n\n- - Siemens Security Advisory SSA-936080\n\nFor more details regarding the libcurl vulnerability refer to:\n\n- - Project curl Security Advisory \"NTLM type-2 out-of-bounds buffer\n read\"\n\n- - Project curl Security Advisory \"NTLMv2 type-3 header stack buffer\n overflow\"\n\n- - Project curl Security Advisory \"SMTP end-of-response out-of-bounds\n read\"\n\nFor further inquiries on security vulnerabilities in Siemens products and \nsolutions, please contact the Siemens ProductCERT:\n\nhttps://www.siemens.com/cert/advisories", "title": "Additional Resources" }, { "category": "general", "text": "Impact of libcurl vulnerabilities to other Siemens products: - - Siemens Security Advisory SSA-936080 For more details regarding the libcurl vulnerability refer to: - - Project curl Security Advisory \"NTLM type-2 out-of-bounds buffer read\" - - Project curl Security Advisory \"NTLMv2 type-3 header stack buffer overflow\" - - Project curl Security Advisory \"SMTP end-of-response out-of-bounds read\" For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", "title": "Additional Resources" }, { "category": "other", "text": "No known public exploits specifically target this vulnerability.", "title": "Exploitability" } ], "publisher": { "category": "coordinator", "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870", "name": "CISA", "namespace": "https://www.cisa.gov/" }, "references": [ { "category": "self", "summary": "ICS Advisory ICSA-21-068-10 JSON", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-068-10.json" }, { "category": "self", "summary": "ICS Advisory ICSA-21-068-10 Web Version", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-068-10" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B" }, { "category": "external", "summary": "SSA-496604: SSA-436177: Multiple Vulnerabilities in SINEMA Remote Connect - TXT Version", "url": "https://cert-portal.siemens.com/productcert/txt/SSA-436177.txt" } ], "title": "Siemens SCALANCE and SIMATIC libcurl (Update B)", "tracking": { "current_release_date": "2021-09-14T00:00:00.000000Z", "generator": { "engine": { "name": "CISA CSAF Generator", "version": "1.0.0" } }, "id": "ICSA-21-068-10", "initial_release_date": "2021-03-09T00:00:00.000000Z", "revision_history": [ { "date": "2021-03-09T00:00:00.000000Z", "legacy_version": "Initial", "number": "1", "summary": "ICSA-21-068-10 Siemens SCALANCE and SIMATIC libcurl" }, { "date": "2021-05-11T00:00:00.000000Z", "legacy_version": "A", "number": "2", "summary": "ICSA-21-068-10 Siemens SCALANCE and SIMATIC libcurl (Update A)" }, { "date": "2021-09-14T00:00:00.000000Z", "legacy_version": "B", "number": "3", "summary": "ICSA-21-068-10 Siemens SCALANCE and SIMATIC libcurl (Update B)" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "All versions \u003c V2.0 HF1", "product": { "name": "SINEMA Remote Connect Client: All versions \u003c V2.0 HF1", "product_id": "CSAFPID-0001" } } ], "category": "product_name", "name": "SINEMA Remote Connect Client" }, { "branches": [ { "category": "product_version_range", "name": "All versions \u003c V2.0", "product": { "name": "SINEMA Remote Connect Server: All versions \u003c V2.0", "product_id": "CSAFPID-0002" } } ], "category": "product_name", "name": "SINEMA Remote Connect Server" } ], "category": "vendor", "name": "Siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-14618", "cwe": { "id": "CWE-131", "name": "Incorrect Calculation of Buffer Size" }, "notes": [ { "category": "summary", "text": "The libcurl library versions 7.15.4 to and including 7.61.0 are vulnerable to a buffer overrun. The flaw is caused by an improper calculation of the required buffer size in the Curl_ntlm_core_mk_nt_hash function of libcurl.", "title": "Summary" }, { "category": "summary", "text": "The security vulnerability could be exploited by an attacker providing a malicious HTTP server.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "https://support.industry.siemens.com/cs/de/en/view/109764829/", "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" } ], "remediations": [ { "category": "vendor_fix", "details": "Turn off NTLM authentication to mitigate CVE-2018-16890 and\nCVE-2019-3822", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Turn off SMTP to mitigate CVE-2019-3823", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Update to V2.0 HF1 - Download: https://support.industry.siemens.com/cs/de/en/view/109764829/ ", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] }, { "cve": "CVE-2018-16890", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "summary", "text": "The libcurl library versions 7.34.0 to and including 7.63.0 are vulnerable to a heap buffer out-of-bounds read.", "title": "Summary" }, { "category": "summary", "text": "The security vulnerability could be exploited by an attacker providing a malicious HTTP server.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "https://support.industry.siemens.com/cs/de/en/view/109764829/", "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" } ], "remediations": [ { "category": "vendor_fix", "details": "Turn off NTLM authentication to mitigate CVE-2018-16890 and\nCVE-2019-3822", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Turn off SMTP to mitigate CVE-2019-3823", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Update to V2.0 HF1 - Download: https://support.industry.siemens.com/cs/de/en/view/109764829/ ", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] }, { "cve": "CVE-2019-3822", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "summary", "text": "The libcurl library versions 7.34.0 to and including 7.63.0 are vulnerable to a stack-based buffer overflow.", "title": "Summary" }, { "category": "summary", "text": "The security vulnerability could be exploited by an attacker providing a malicious HTTP server.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "https://support.industry.siemens.com/cs/de/en/view/109764829/", "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" } ], "remediations": [ { "category": "vendor_fix", "details": "Turn off NTLM authentication to mitigate CVE-2018-16890 and\nCVE-2019-3822", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Turn off SMTP to mitigate CVE-2019-3823", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Update to V2.0 HF1 - Download: https://support.industry.siemens.com/cs/de/en/view/109764829/ ", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] }, { "cve": "CVE-2019-3823", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "summary", "text": "The libcurl library versions 7.34.0 to and including 7.63.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP.", "title": "Summary" }, { "category": "summary", "text": "This vulnerability could allow an attacker to trigger a Denial-of-Service condition on the affected devices.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "https://support.industry.siemens.com/cs/de/en/view/109764829/", "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3823" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "remediations": [ { "category": "vendor_fix", "details": "Turn off NTLM authentication to mitigate CVE-2018-16890 and\nCVE-2019-3822", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Turn off SMTP to mitigate CVE-2019-3823", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Update to V2.0 HF1 - Download: https://support.industry.siemens.com/cs/de/en/view/109764829/ ", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] }, { "cve": "CVE-2019-6570", "cwe": { "id": "CWE-280", "name": "Improper Handling of Insufficient Permissions or Privileges " }, "notes": [ { "category": "summary", "text": "Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization.", "title": "Summary" }, { "category": "summary", "text": "An attacker must have access to a low privileged account in order to exploit the vulnerability.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "https://support.industry.siemens.com/cs/de/en/view/109764829/", "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" } ], "remediations": [ { "category": "vendor_fix", "details": "Turn off NTLM authentication to mitigate CVE-2018-16890 and\nCVE-2019-3822", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Turn off SMTP to mitigate CVE-2019-3823", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Update to V2.0 - Download: https://support.industry.siemens.com/cs/de/en/view/109764829/ ", "product_ids": [ "CSAFPID-0002" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] } ] }
icsa-21-068-10
Vulnerability from csaf_cisa
Notes
{ "document": { "acknowledgments": [ { "organization": "Siemens", "summary": "reporting this vulnerability to CISA" } ], "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Disclosure is not limited", "tlp": { "label": "WHITE", "url": "https://us-cert.cisa.gov/tlp/" } }, "lang": "en-US", "notes": [ { "category": "general", "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov", "title": "CISA Disclaimer" }, { "category": "legal_disclaimer", "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", "title": "Legal Notice" }, { "category": "summary", "text": "Successful exploitation of this third-party vulnerability could allow an attacker to cause a denial-of-service condition on the affected devices.", "title": "Risk evaluation" }, { "category": "other", "text": "Multiple", "title": "Critical infrastructure sectors" }, { "category": "other", "text": "Worldwide", "title": "Countries/areas deployed" }, { "category": "other", "text": "Germany", "title": "Company headquarters location" }, { "category": "general", "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:", "title": "Recommended Practices" }, { "category": "general", "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", "title": "Recommended Practices" }, { "category": "general", "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.", "title": "Recommended Practices" }, { "category": "general", "text": "Impact of libcurl vulnerabilities to other Siemens products:\n\n- - Siemens Security Advisory SSA-936080\n\nFor more details regarding the libcurl vulnerability refer to:\n\n- - Project curl Security Advisory \"NTLM type-2 out-of-bounds buffer\n read\"\n\n- - Project curl Security Advisory \"NTLMv2 type-3 header stack buffer\n overflow\"\n\n- - Project curl Security Advisory \"SMTP end-of-response out-of-bounds\n read\"\n\nFor further inquiries on security vulnerabilities in Siemens products and \nsolutions, please contact the Siemens ProductCERT:\n\nhttps://www.siemens.com/cert/advisories", "title": "Additional Resources" }, { "category": "general", "text": "Impact of libcurl vulnerabilities to other Siemens products: - - Siemens Security Advisory SSA-936080 For more details regarding the libcurl vulnerability refer to: - - Project curl Security Advisory \"NTLM type-2 out-of-bounds buffer read\" - - Project curl Security Advisory \"NTLMv2 type-3 header stack buffer overflow\" - - Project curl Security Advisory \"SMTP end-of-response out-of-bounds read\" For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", "title": "Additional Resources" }, { "category": "other", "text": "No known public exploits specifically target this vulnerability.", "title": "Exploitability" } ], "publisher": { "category": "coordinator", "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870", "name": "CISA", "namespace": "https://www.cisa.gov/" }, "references": [ { "category": "self", "summary": "ICS Advisory ICSA-21-068-10 JSON", "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-068-10.json" }, { "category": "self", "summary": "ICS Advisory ICSA-21-068-10 Web Version", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-068-10" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf" }, { "category": "external", "summary": "Recommended Practices", "url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B" }, { "category": "external", "summary": "SSA-496604: SSA-436177: Multiple Vulnerabilities in SINEMA Remote Connect - TXT Version", "url": "https://cert-portal.siemens.com/productcert/txt/SSA-436177.txt" } ], "title": "Siemens SCALANCE and SIMATIC libcurl (Update B)", "tracking": { "current_release_date": "2021-09-14T00:00:00.000000Z", "generator": { "engine": { "name": "CISA CSAF Generator", "version": "1.0.0" } }, "id": "ICSA-21-068-10", "initial_release_date": "2021-03-09T00:00:00.000000Z", "revision_history": [ { "date": "2021-03-09T00:00:00.000000Z", "legacy_version": "Initial", "number": "1", "summary": "ICSA-21-068-10 Siemens SCALANCE and SIMATIC libcurl" }, { "date": "2021-05-11T00:00:00.000000Z", "legacy_version": "A", "number": "2", "summary": "ICSA-21-068-10 Siemens SCALANCE and SIMATIC libcurl (Update A)" }, { "date": "2021-09-14T00:00:00.000000Z", "legacy_version": "B", "number": "3", "summary": "ICSA-21-068-10 Siemens SCALANCE and SIMATIC libcurl (Update B)" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "All versions \u003c V2.0 HF1", "product": { "name": "SINEMA Remote Connect Client: All versions \u003c V2.0 HF1", "product_id": "CSAFPID-0001" } } ], "category": "product_name", "name": "SINEMA Remote Connect Client" }, { "branches": [ { "category": "product_version_range", "name": "All versions \u003c V2.0", "product": { "name": "SINEMA Remote Connect Server: All versions \u003c V2.0", "product_id": "CSAFPID-0002" } } ], "category": "product_name", "name": "SINEMA Remote Connect Server" } ], "category": "vendor", "name": "Siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-14618", "cwe": { "id": "CWE-131", "name": "Incorrect Calculation of Buffer Size" }, "notes": [ { "category": "summary", "text": "The libcurl library versions 7.15.4 to and including 7.61.0 are vulnerable to a buffer overrun. The flaw is caused by an improper calculation of the required buffer size in the Curl_ntlm_core_mk_nt_hash function of libcurl.", "title": "Summary" }, { "category": "summary", "text": "The security vulnerability could be exploited by an attacker providing a malicious HTTP server.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "https://support.industry.siemens.com/cs/de/en/view/109764829/", "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" } ], "remediations": [ { "category": "vendor_fix", "details": "Turn off NTLM authentication to mitigate CVE-2018-16890 and\nCVE-2019-3822", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Turn off SMTP to mitigate CVE-2019-3823", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Update to V2.0 HF1 - Download: https://support.industry.siemens.com/cs/de/en/view/109764829/ ", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] }, { "cve": "CVE-2018-16890", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "summary", "text": "The libcurl library versions 7.34.0 to and including 7.63.0 are vulnerable to a heap buffer out-of-bounds read.", "title": "Summary" }, { "category": "summary", "text": "The security vulnerability could be exploited by an attacker providing a malicious HTTP server.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "https://support.industry.siemens.com/cs/de/en/view/109764829/", "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" } ], "remediations": [ { "category": "vendor_fix", "details": "Turn off NTLM authentication to mitigate CVE-2018-16890 and\nCVE-2019-3822", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Turn off SMTP to mitigate CVE-2019-3823", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Update to V2.0 HF1 - Download: https://support.industry.siemens.com/cs/de/en/view/109764829/ ", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] }, { "cve": "CVE-2019-3822", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "summary", "text": "The libcurl library versions 7.34.0 to and including 7.63.0 are vulnerable to a stack-based buffer overflow.", "title": "Summary" }, { "category": "summary", "text": "The security vulnerability could be exploited by an attacker providing a malicious HTTP server.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "https://support.industry.siemens.com/cs/de/en/view/109764829/", "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" } ], "remediations": [ { "category": "vendor_fix", "details": "Turn off NTLM authentication to mitigate CVE-2018-16890 and\nCVE-2019-3822", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Turn off SMTP to mitigate CVE-2019-3823", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Update to V2.0 HF1 - Download: https://support.industry.siemens.com/cs/de/en/view/109764829/ ", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] }, { "cve": "CVE-2019-3823", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "summary", "text": "The libcurl library versions 7.34.0 to and including 7.63.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP.", "title": "Summary" }, { "category": "summary", "text": "This vulnerability could allow an attacker to trigger a Denial-of-Service condition on the affected devices.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "https://support.industry.siemens.com/cs/de/en/view/109764829/", "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "external", "summary": "web.nvd.nist.gov", "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3823" }, { "category": "external", "summary": "www.first.org", "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "remediations": [ { "category": "vendor_fix", "details": "Turn off NTLM authentication to mitigate CVE-2018-16890 and\nCVE-2019-3822", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Turn off SMTP to mitigate CVE-2019-3823", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Update to V2.0 HF1 - Download: https://support.industry.siemens.com/cs/de/en/view/109764829/ ", "product_ids": [ "CSAFPID-0001" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] }, { "cve": "CVE-2019-6570", "cwe": { "id": "CWE-280", "name": "Improper Handling of Insufficient Permissions or Privileges " }, "notes": [ { "category": "summary", "text": "Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization.", "title": "Summary" }, { "category": "summary", "text": "An attacker must have access to a low privileged account in order to exploit the vulnerability.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-0001", "CSAFPID-0002" ] }, "references": [ { "category": "external", "summary": "https://support.industry.siemens.com/cs/de/en/view/109764829/", "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" } ], "remediations": [ { "category": "vendor_fix", "details": "Turn off NTLM authentication to mitigate CVE-2018-16890 and\nCVE-2019-3822", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Turn off SMTP to mitigate CVE-2019-3823", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] }, { "category": "vendor_fix", "details": "Update to V2.0 - Download: https://support.industry.siemens.com/cs/de/en/view/109764829/ ", "product_ids": [ "CSAFPID-0002" ], "url": "https://support.industry.siemens.com/cs/de/en/view/109764829/" }, { "category": "mitigation", "details": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", "product_ids": [ "CSAFPID-0001", "CSAFPID-0002" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-0001", "CSAFPID-0002" ] } ] } ] }
var-201904-0175
Vulnerability from variot
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability. SINEMA Remote Connect Server Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens is a leading global technology company that provides solutions to customers in the areas of power generation and transmission and distribution, infrastructure, industrial automation, drive and software with innovation in electrification, automation and digital. Siemens SINEMA has an unauthorized access vulnerability that an attacker can use to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. An attacker could use the vulnerability to compromise confidentiality, integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. The platform supports efficient and secure remote access to machines and equipment distributed around the world, as well as secure management of VPN tunnels between control centers, service engineers and installed equipment. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0175", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "sinema remote connect server", "scope": "lt", "trust": 1.8, "vendor": "siemens", "version": "2.0" }, { "model": "sinema remote connect server", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "1.2" }, { "model": "sinema remote connect server", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1.2" }, { "model": "sinema remote connect server", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "2.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinema remote connect server", "version": "*" } ], "sources": [ { "db": "IVD", "id": "7372e208-26d9-4cfc-93cd-b8e76b594c46" }, { "db": "CNVD", "id": "CNVD-2019-10133" }, { "db": "BID", "id": "107843" }, { "db": "JVNDB", "id": "JVNDB-2019-003470" }, { "db": "NVD", "id": "CVE-2019-6570" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-6570" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens ProductCERT reported these vulnerabilities to NCCIC.,Siemens", "sources": [ { "db": "CNNVD", "id": "CNNVD-201904-466" } ], "trust": 0.6 }, "cve": "CVE-2019-6570", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 9.0, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2019-6570", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 9.7, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2019-10133", "impactScore": 9.5, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 9.7, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "7372e208-26d9-4cfc-93cd-b8e76b594c46", "impactScore": 9.5, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "id": "VHN-158005", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-6570", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-6570", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2019-10133", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201904-466", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "7372e208-26d9-4cfc-93cd-b8e76b594c46", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-158005", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2019-6570", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "7372e208-26d9-4cfc-93cd-b8e76b594c46" }, { "db": "CNVD", "id": "CNVD-2019-10133" }, { "db": "VULHUB", "id": "VHN-158005" }, { "db": "VULMON", "id": "CVE-2019-6570" }, { "db": "JVNDB", "id": "JVNDB-2019-003470" }, { "db": "NVD", "id": "CVE-2019-6570" }, { "db": "CNNVD", "id": "CNNVD-201904-466" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability. SINEMA Remote Connect Server Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens is a leading global technology company that provides solutions to customers in the areas of power generation and transmission and distribution, infrastructure, industrial automation, drive and software with innovation in electrification, automation and digital. Siemens SINEMA has an unauthorized access vulnerability that an attacker can use to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. An attacker could use the vulnerability to compromise confidentiality, integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. The platform supports efficient and secure remote access to machines and equipment distributed around the world, as well as secure management of VPN tunnels between control centers, service engineers and installed equipment. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products", "sources": [ { "db": "NVD", "id": "CVE-2019-6570" }, { "db": "JVNDB", "id": "JVNDB-2019-003470" }, { "db": "CNVD", "id": "CNVD-2019-10133" }, { "db": "BID", "id": "107843" }, { "db": "IVD", "id": "7372e208-26d9-4cfc-93cd-b8e76b594c46" }, { "db": "VULHUB", "id": "VHN-158005" }, { "db": "VULMON", "id": "CVE-2019-6570" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-6570", "trust": 3.7 }, { "db": "SIEMENS", "id": "SSA-436177", "trust": 2.7 }, { "db": "ICS CERT", "id": "ICSA-19-099-04", "trust": 1.8 }, { "db": "BID", "id": "107843", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-201904-466", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-10133", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-003470", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2019.1221", "trust": 0.6 }, { "db": "IVD", "id": "7372E208-26D9-4CFC-93CD-B8E76B594C46", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-158005", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2019-6570", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "7372e208-26d9-4cfc-93cd-b8e76b594c46" }, { "db": "CNVD", "id": "CNVD-2019-10133" }, { "db": "VULHUB", "id": "VHN-158005" }, { "db": "VULMON", "id": "CVE-2019-6570" }, { "db": "BID", "id": "107843" }, { "db": "JVNDB", "id": "JVNDB-2019-003470" }, { "db": "NVD", "id": "CVE-2019-6570" }, { "db": "CNNVD", "id": "CNNVD-201904-466" } ] }, "id": "VAR-201904-0175", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "7372e208-26d9-4cfc-93cd-b8e76b594c46" }, { "db": "CNVD", "id": "CNVD-2019-10133" }, { "db": "VULHUB", "id": "VHN-158005" } ], "trust": 0.09 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "7372e208-26d9-4cfc-93cd-b8e76b594c46" }, { "db": "CNVD", "id": "CNVD-2019-10133" } ] }, "last_update_date": "2023-12-18T10:47:00.231000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-436177", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf" }, { "title": "Siemens SINEMA Unauthorized Access Vulnerability Patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/158809" }, { "title": "Haxx libcurl Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91294" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=8a056bd2177d12192b11798b7ac3e013" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-10133" }, { "db": "VULMON", "id": "CVE-2019-6570" }, { "db": "JVNDB", "id": "JVNDB-2019-003470" }, { "db": "CNNVD", "id": "CNNVD-201904-466" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-280", "trust": 1.0 }, { "problemtype": "CWE-264", "trust": 0.9 }, { "problemtype": "CWE-863", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-158005" }, { "db": "JVNDB", "id": "JVNDB-2019-003470" }, { "db": "NVD", "id": "CVE-2019-6570" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6570" }, { "trust": 1.0, "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-099-04" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6570" }, { "trust": 0.8, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-099-04" }, { "trust": 0.7, "url": "https://www.securityfocus.com/bid/107843" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-099-04" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/78786" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/280.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-10133" }, { "db": "VULHUB", "id": "VHN-158005" }, { "db": "VULMON", "id": "CVE-2019-6570" }, { "db": "BID", "id": "107843" }, { "db": "JVNDB", "id": "JVNDB-2019-003470" }, { "db": "NVD", "id": "CVE-2019-6570" }, { "db": "CNNVD", "id": "CNNVD-201904-466" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "7372e208-26d9-4cfc-93cd-b8e76b594c46" }, { "db": "CNVD", "id": "CNVD-2019-10133" }, { "db": "VULHUB", "id": "VHN-158005" }, { "db": "VULMON", "id": "CVE-2019-6570" }, { "db": "BID", "id": "107843" }, { "db": "JVNDB", "id": "JVNDB-2019-003470" }, { "db": "NVD", "id": "CVE-2019-6570" }, { "db": "CNNVD", "id": "CNNVD-201904-466" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-04-17T00:00:00", "db": "IVD", "id": "7372e208-26d9-4cfc-93cd-b8e76b594c46" }, { "date": "2019-04-17T00:00:00", "db": "CNVD", "id": "CNVD-2019-10133" }, { "date": "2019-04-17T00:00:00", "db": "VULHUB", "id": "VHN-158005" }, { "date": "2019-04-17T00:00:00", "db": "VULMON", "id": "CVE-2019-6570" }, { "date": "2019-04-09T00:00:00", "db": "BID", "id": "107843" }, { "date": "2019-05-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003470" }, { "date": "2019-04-17T14:29:03.730000", "db": "NVD", "id": "CVE-2019-6570" }, { "date": "2019-04-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201904-466" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-04-17T00:00:00", "db": "CNVD", "id": "CNVD-2019-10133" }, { "date": "2020-10-06T00:00:00", "db": "VULHUB", "id": "VHN-158005" }, { "date": "2021-03-15T00:00:00", "db": "VULMON", "id": "CVE-2019-6570" }, { "date": "2019-04-09T00:00:00", "db": "BID", "id": "107843" }, { "date": "2019-07-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003470" }, { "date": "2021-03-15T18:15:16.457000", "db": "NVD", "id": "CVE-2019-6570" }, { "date": "2021-03-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201904-466" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201904-466" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens SINEMA Unauthorized Access Vulnerability", "sources": [ { "db": "IVD", "id": "7372e208-26d9-4cfc-93cd-b8e76b594c46" }, { "db": "CNVD", "id": "CNVD-2019-10133" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201904-466" } ], "trust": 0.6 } }
gsd-2019-6570
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2019-6570", "description": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability.", "id": "GSD-2019-6570" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2019-6570" ], "details": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability.", "id": "GSD-2019-6570", "modified": "2023-12-13T01:23:49.760706Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2019-6570", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SINEMA Remote Connect Server", "version": { "version_data": [ { "version_value": "All versions \u003c V2.0" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-280: Improper Handling of Insufficient Permissions or Privileges " } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2019-6570" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-280" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", "refsource": "MISC", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9 } }, "lastModifiedDate": "2021-03-15T18:15Z", "publishedDate": "2019-04-17T14:29Z" } } }
ghsa-qp82-v7w8-wfwq
Vulnerability from github
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability.
{ "affected": [], "aliases": [ "CVE-2019-6570" ], "database_specific": { "cwe_ids": [ "CWE-280" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2019-04-17T14:29:00Z", "severity": "HIGH" }, "details": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability.", "id": "GHSA-qp82-v7w8-wfwq", "modified": "2022-05-13T01:11:25Z", "published": "2022-05-13T01:11:25Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6570" }, { "type": "WEB", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.