VAR-201504-0235
Vulnerability from variot - Updated: 2023-12-18 12:07Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password. plural SIMATIC HMI Products and SIMATIC WinCC Contains a vulnerability that allows authentication to be completed.Even if there is no related password information, a third party may use the password hash to complete the authentication. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. Siemens SIMATIC and SIMATIC WinCC HMI Comfort Panels have verification bypass vulnerabilities that allow remote attackers to exploit vulnerabilities to bypass authentication. Multiple Siemens SIMATIC products are prone to an authentication-bypass vulnerability. This may aid in further attacks. The SIMATIC HMI Panel series, SIMATIC WinCC Runtime Advanced and Professional are all HMI software for operating and monitoring machines and plants. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. A remote attacker could exploit this vulnerability to authenticate using a known hashed password
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0235",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 2.2,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 2.2,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "wincc",
"scope": "eq",
"trust": 2.2,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "wincc",
"scope": "eq",
"trust": 2.2,
"vendor": "siemens",
"version": "7.3"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "13.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "*"
},
{
"model": "simatic hmi basic panels 2nd generation",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "(wincc 13 sp1 upd2"
},
{
"model": "simatic hmi mobile panel 277",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "(wincc all versions )"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "7.3 upd4"
},
{
"model": "simatic hmi comfort panels",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": ")"
},
{
"model": "simatic hmi multi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "(wincc all versions )"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "(wincc 13 sp1 upd2"
},
{
"model": "simatic hmi basic panels 1st generation",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "(wincc all versions )"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.x"
},
{
"model": "simatic hmi basic panels 2nd generation",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": ")"
},
{
"model": "simatic hmi basic panels generation",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "1"
},
{
"model": "simatic hmi basic panels generation",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2"
},
{
"model": "simatic hmi comfort panels",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi mobile panel",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "277"
},
{
"model": "simatic hmi mobile panels",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "13.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.3"
}
],
"sources": [
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "NVD",
"id": "CVE-2015-2823"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:sp1:*:*:advanced:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:sp1:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_basic_panels_generation_2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_comfort_panels:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_mobile_panel_277:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_multi_panels:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_basic_panels_generation_1:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2823"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quarkslab team and Ilya Karpov from Positive Technologies.",
"sources": [
{
"db": "BID",
"id": "74040"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2823",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-2823",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-02291",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "9844de6a-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-80784",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2823",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-02291",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-097",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-80784",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-2823",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "VULHUB",
"id": "VHN-80784"
},
{
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "NVD",
"id": "CVE-2015-2823"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password. plural SIMATIC HMI Products and SIMATIC WinCC Contains a vulnerability that allows authentication to be completed.Even if there is no related password information, a third party may use the password hash to complete the authentication. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. Siemens SIMATIC and SIMATIC WinCC HMI Comfort Panels have verification bypass vulnerabilities that allow remote attackers to exploit vulnerabilities to bypass authentication. Multiple Siemens SIMATIC products are prone to an authentication-bypass vulnerability. This may aid in further attacks. The SIMATIC HMI Panel series, SIMATIC WinCC Runtime Advanced and Professional are all HMI software for operating and monitoring machines and plants. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. A remote attacker could exploit this vulnerability to authenticate using a known hashed password",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2823"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "BID",
"id": "74040"
},
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-80784"
},
{
"db": "VULMON",
"id": "CVE-2015-2823"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2823",
"trust": 3.9
},
{
"db": "BID",
"id": "74040",
"trust": 2.1
},
{
"db": "SIEMENS",
"id": "SSA-487246",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-097",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2015-02291",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSA-15-099-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126",
"trust": 0.8
},
{
"db": "IVD",
"id": "344280CB-0461-40FA-A3C6-537FF0CE4AFF",
"trust": 0.2
},
{
"db": "IVD",
"id": "9844DE6A-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-80784",
"trust": 0.1
},
{
"db": "ICS CERT",
"id": "ICSA-15-099-01E",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-2823",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "VULHUB",
"id": "VHN-80784"
},
{
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"db": "BID",
"id": "74040"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "NVD",
"id": "CVE-2015-2823"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
]
},
"id": "VAR-201504-0235",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "VULHUB",
"id": "VHN-80784"
}
],
"trust": 1.79651604125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
}
]
},
"last_update_date": "2023-12-18T12:07:29.451000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-487246",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf"
},
{
"title": "Siemens SIMATIC and SIMATIC WinCC HMI Comfort Panels verify patches for bypassing vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/57127"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2015/08/31/ruskie_ics_hacker_drops_nine_holes_in_popular_siemens_power_plant_kit/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80784"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "NVD",
"id": "CVE-2015-2823"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2823"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/74040"
},
{
"trust": 1.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2823"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-099-01"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.theregister.co.uk/2015/08/31/ruskie_ics_hacker_drops_nine_holes_in_popular_siemens_power_plant_kit/"
},
{
"trust": 0.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-099-01e"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "VULHUB",
"id": "VHN-80784"
},
{
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"db": "BID",
"id": "74040"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "NVD",
"id": "CVE-2015-2823"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "VULHUB",
"id": "VHN-80784"
},
{
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"db": "BID",
"id": "74040"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "NVD",
"id": "CVE-2015-2823"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-10T00:00:00",
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"date": "2015-04-10T00:00:00",
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"date": "2015-04-08T00:00:00",
"db": "VULHUB",
"id": "VHN-80784"
},
{
"date": "2015-04-08T00:00:00",
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"date": "2015-04-10T00:00:00",
"db": "BID",
"id": "74040"
},
{
"date": "2015-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"date": "2015-04-08T16:59:01.270000",
"db": "NVD",
"id": "CVE-2015-2823"
},
{
"date": "2015-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-80784"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"date": "2015-11-03T19:21:00",
"db": "BID",
"id": "74040"
},
{
"date": "2015-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"date": "2016-11-28T19:21:58.403000",
"db": "NVD",
"id": "CVE-2015-2823"
},
{
"date": "2015-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SIMATIC HMI Products and SIMATIC WinCC Vulnerabilities that complete authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…