var-201504-0235
Vulnerability from variot
Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password. plural SIMATIC HMI Products and SIMATIC WinCC Contains a vulnerability that allows authentication to be completed.Even if there is no related password information, a third party may use the password hash to complete the authentication. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. Siemens SIMATIC and SIMATIC WinCC HMI Comfort Panels have verification bypass vulnerabilities that allow remote attackers to exploit vulnerabilities to bypass authentication. Multiple Siemens SIMATIC products are prone to an authentication-bypass vulnerability. This may aid in further attacks. The SIMATIC HMI Panel series, SIMATIC WinCC Runtime Advanced and Professional are all HMI software for operating and monitoring machines and plants. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. A remote attacker could exploit this vulnerability to authenticate using a known hashed password
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0235",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 2.2,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 2.2,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "wincc",
"scope": "eq",
"trust": 2.2,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "wincc",
"scope": "eq",
"trust": 2.2,
"vendor": "siemens",
"version": "7.3"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "13.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "*"
},
{
"model": "simatic hmi basic panels 2nd generation",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "(wincc 13 sp1 upd2"
},
{
"model": "simatic hmi mobile panel 277",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "(wincc all versions )"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "7.3 upd4"
},
{
"model": "simatic hmi comfort panels",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": ")"
},
{
"model": "simatic hmi multi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "(wincc all versions )"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "(wincc 13 sp1 upd2"
},
{
"model": "simatic hmi basic panels 1st generation",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "(wincc all versions )"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.x"
},
{
"model": "simatic hmi basic panels 2nd generation",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": ")"
},
{
"model": "simatic hmi basic panels generation",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "1"
},
{
"model": "simatic hmi basic panels generation",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2"
},
{
"model": "simatic hmi comfort panels",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi mobile panel",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "277"
},
{
"model": "simatic hmi mobile panels",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "13.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.3"
}
],
"sources": [
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "NVD",
"id": "CVE-2015-2823"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:sp1:*:*:advanced:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:sp1:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_basic_panels_generation_2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_comfort_panels:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_mobile_panel_277:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_multi_panels:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_basic_panels_generation_1:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2823"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quarkslab team and Ilya Karpov from Positive Technologies.",
"sources": [
{
"db": "BID",
"id": "74040"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2823",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-2823",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-02291",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "9844de6a-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-80784",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2823",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-02291",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-097",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-80784",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-2823",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "VULHUB",
"id": "VHN-80784"
},
{
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "NVD",
"id": "CVE-2015-2823"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password. plural SIMATIC HMI Products and SIMATIC WinCC Contains a vulnerability that allows authentication to be completed.Even if there is no related password information, a third party may use the password hash to complete the authentication. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. Siemens SIMATIC and SIMATIC WinCC HMI Comfort Panels have verification bypass vulnerabilities that allow remote attackers to exploit vulnerabilities to bypass authentication. Multiple Siemens SIMATIC products are prone to an authentication-bypass vulnerability. This may aid in further attacks. The SIMATIC HMI Panel series, SIMATIC WinCC Runtime Advanced and Professional are all HMI software for operating and monitoring machines and plants. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. A remote attacker could exploit this vulnerability to authenticate using a known hashed password",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2823"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "BID",
"id": "74040"
},
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-80784"
},
{
"db": "VULMON",
"id": "CVE-2015-2823"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2823",
"trust": 3.9
},
{
"db": "BID",
"id": "74040",
"trust": 2.1
},
{
"db": "SIEMENS",
"id": "SSA-487246",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-097",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2015-02291",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSA-15-099-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126",
"trust": 0.8
},
{
"db": "IVD",
"id": "344280CB-0461-40FA-A3C6-537FF0CE4AFF",
"trust": 0.2
},
{
"db": "IVD",
"id": "9844DE6A-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-80784",
"trust": 0.1
},
{
"db": "ICS CERT",
"id": "ICSA-15-099-01E",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-2823",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "VULHUB",
"id": "VHN-80784"
},
{
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"db": "BID",
"id": "74040"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "NVD",
"id": "CVE-2015-2823"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
]
},
"id": "VAR-201504-0235",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "VULHUB",
"id": "VHN-80784"
}
],
"trust": 1.79651604125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
}
]
},
"last_update_date": "2023-12-18T12:07:29.451000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-487246",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf"
},
{
"title": "Siemens SIMATIC and SIMATIC WinCC HMI Comfort Panels verify patches for bypassing vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/57127"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2015/08/31/ruskie_ics_hacker_drops_nine_holes_in_popular_siemens_power_plant_kit/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80784"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "NVD",
"id": "CVE-2015-2823"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2823"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/74040"
},
{
"trust": 1.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2823"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-099-01"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.theregister.co.uk/2015/08/31/ruskie_ics_hacker_drops_nine_holes_in_popular_siemens_power_plant_kit/"
},
{
"trust": 0.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-099-01e"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "VULHUB",
"id": "VHN-80784"
},
{
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"db": "BID",
"id": "74040"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "NVD",
"id": "CVE-2015-2823"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "VULHUB",
"id": "VHN-80784"
},
{
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"db": "BID",
"id": "74040"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "NVD",
"id": "CVE-2015-2823"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-10T00:00:00",
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"date": "2015-04-10T00:00:00",
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"date": "2015-04-08T00:00:00",
"db": "VULHUB",
"id": "VHN-80784"
},
{
"date": "2015-04-08T00:00:00",
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"date": "2015-04-10T00:00:00",
"db": "BID",
"id": "74040"
},
{
"date": "2015-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"date": "2015-04-08T16:59:01.270000",
"db": "NVD",
"id": "CVE-2015-2823"
},
{
"date": "2015-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-80784"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"date": "2015-11-03T19:21:00",
"db": "BID",
"id": "74040"
},
{
"date": "2015-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"date": "2016-11-28T19:21:58.403000",
"db": "NVD",
"id": "CVE-2015-2823"
},
{
"date": "2015-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SIMATIC HMI Products and SIMATIC WinCC Vulnerabilities that complete authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
],
"trust": 0.6
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.