var-201511-0184
Vulnerability from variot

A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs' configuration was stored on their corresponding CPUs. Siemens SIMATIC Multiple devices have vulnerabilities that can gain administrative access.By a third party TCP port 102 You may gain administrative access through the above session. Siemens SIMATIC CP 343-1/TIM 3V-IE/TIM 4R-IE/CP 443-1 is a communication module. Siemens SIMATIC CP 343-1 Advanced device prior to 3.0.44, CP 343-1 Lean, CP 343-1, TIM 3V-IE, TIM 3V-IE Advanced, TIM 3V-IE DNP3, TIM 4R-IE, TIM 4R- IE DNP3, CP 443-1, CP 443-1 Advanced has a security vulnerability in the implementation of the access protection layer, allowing unauthenticated remote attackers to exploit this vulnerability to gain administrator access through sessions on TCP port 102. Multiple Siemens SIMATIC products are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. Siemens SIMATIC CP 343-1 Advanced and so on are the Ethernet communication modules used by German Siemens to support PROFINET (a new generation of automation bus standard based on industrial Ethernet technology)

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201511-0184",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simatic tim 3v-ie",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 343-1",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "siemens",
        "version": "lean"
      },
      {
        "model": "simatic cp 443-1",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "siemens",
        "version": "advanced"
      },
      {
        "model": "simatic tim 4r-ie",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "siemens",
        "version": "dnp3"
      },
      {
        "model": "simatic tim 4r-ie",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 443-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 343-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic cp 343-1",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "simatic cp 343-1",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "none"
      },
      {
        "model": "simatic cp 343-1",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "advanced ( firmware  3.0.44  )"
      },
      {
        "model": "simatic cp 343-1",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "3.0.44   (advanced)"
      },
      {
        "model": "simatic cp 343-1",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 443-1",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "none"
      },
      {
        "model": "simatic cp 443-1",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic tim 3v-ie",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "none"
      },
      {
        "model": "simatic tim 3v-ie",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "advanced"
      },
      {
        "model": "simatic tim 3v-ie",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "dnp3"
      },
      {
        "model": "simatic tim 4r-ie",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "none"
      },
      {
        "model": "simatic tim 4r-ie",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "simatic tim 3v ie",
        "version": null
      },
      {
        "model": "simatic cp advanced devices",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "343-1\u003c3.0.44"
      },
      {
        "model": "cp lean devices",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "343-1"
      },
      {
        "model": "cp devices",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "343-1"
      },
      {
        "model": "tim 3v-ie devices",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "tim 3v-ie advanced devices",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "tim 3v-ie dnp3 devices",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "tim 4r-ie devices",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "tim 4r-ie dnp3 devices",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "cp devices",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "443-1"
      },
      {
        "model": "cp advanced devices",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "443-1"
      },
      {
        "model": "simatic cp 343-1",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "3.0"
      },
      {
        "model": "simatic tim 4r-ie",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic cp 443-1",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "simatic cp 443 1",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "simatic tim 4r ie",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "simatic cp 343 1",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "6bf20e1e-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07864"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006055"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8214"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-434"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_443-1_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_443-1_firmware:*:*:*:*:advanced:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_443-1:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_tim_4r-ie_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_tim_4r-ie_firmware:*:*:*:*:dnp3:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_tim_4r-ie:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_343-1_firmware:*:*:*:*:lean:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_343-1_firmware:*:*:*:*:advanced:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_343-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_tim_3v-ie_firmware:-:*:*:*:advanced:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_tim_3v-ie_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_tim_3v-ie_firmware:-:*:*:*:dnp3:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_tim_3v-ie:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-8214"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Lei ChengLin (Z-0ne) from Fengtai Technologies.",
    "sources": [
      {
        "db": "BID",
        "id": "78345"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-8214",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.7,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 9.5,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.7,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-8214",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.7,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2015-07864",
            "impactScore": 9.5,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.7,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "6bf20e1e-2351-11e6-abef-000c29c66e3d",
            "impactScore": 9.5,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.7,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-86175",
            "impactScore": 9.5,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-8214",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-07864",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201511-434",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "6bf20e1e-2351-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-86175",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "6bf20e1e-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07864"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86175"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006055"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8214"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-434"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions \u003c V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions \u003c V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions \u003c V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs\u0027 configuration was stored on their corresponding CPUs. Siemens SIMATIC Multiple devices have vulnerabilities that can gain administrative access.By a third party TCP port 102 You may gain administrative access through the above session. Siemens SIMATIC CP 343-1/TIM 3V-IE/TIM 4R-IE/CP 443-1 is a communication module. Siemens SIMATIC CP 343-1 Advanced device prior to 3.0.44, CP 343-1 Lean, CP 343-1, TIM 3V-IE, TIM 3V-IE Advanced, TIM 3V-IE DNP3, TIM 4R-IE, TIM 4R- IE DNP3, CP 443-1, CP 443-1 Advanced has a security vulnerability in the implementation of the access protection layer, allowing unauthenticated remote attackers to exploit this vulnerability to gain administrator access through sessions on TCP port 102. Multiple Siemens SIMATIC products are prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. Siemens SIMATIC CP 343-1 Advanced and so on are the Ethernet communication modules used by German Siemens to support PROFINET (a new generation of automation bus standard based on industrial Ethernet technology)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-8214"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006055"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07864"
      },
      {
        "db": "BID",
        "id": "78345"
      },
      {
        "db": "IVD",
        "id": "6bf20e1e-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86175"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-8214",
        "trust": 3.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-763427",
        "trust": 2.3
      },
      {
        "db": "BID",
        "id": "78345",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1034279",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-434",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07864",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-15-335-03",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006055",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-15-335-03A",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "6BF20E1E-2351-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-86175",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "6bf20e1e-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07864"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86175"
      },
      {
        "db": "BID",
        "id": "78345"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006055"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8214"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-434"
      }
    ]
  },
  "id": "VAR-201511-0184",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "6bf20e1e-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07864"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86175"
      }
    ],
    "trust": 1.9
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      },
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "6bf20e1e-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07864"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:37:55.509000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-763427",
        "trust": 0.8,
        "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf"
      },
      {
        "title": "Patch for Siemens SIMATIC Communicator Module Information Disclosure Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/67396"
      },
      {
        "title": "Multiple Siemens SIMATIC Product Privilege License and Access Control Vulnerability Fixes",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=58866"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07864"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006055"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-434"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-86175"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006055"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8214"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/78345"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1034279"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8214"
      },
      {
        "trust": 0.8,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-335-03"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8214"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-15-335-03a"
      },
      {
        "trust": 0.3,
        "url": "http://subscriber.communications.siemens.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07864"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86175"
      },
      {
        "db": "BID",
        "id": "78345"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006055"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8214"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-434"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "6bf20e1e-2351-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07864"
      },
      {
        "db": "VULHUB",
        "id": "VHN-86175"
      },
      {
        "db": "BID",
        "id": "78345"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006055"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-8214"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-434"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-01T00:00:00",
        "db": "IVD",
        "id": "6bf20e1e-2351-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2015-12-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-07864"
      },
      {
        "date": "2015-11-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-86175"
      },
      {
        "date": "2015-11-27T00:00:00",
        "db": "BID",
        "id": "78345"
      },
      {
        "date": "2015-12-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006055"
      },
      {
        "date": "2015-11-27T15:59:00.133000",
        "db": "NVD",
        "id": "CVE-2015-8214"
      },
      {
        "date": "2015-11-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201511-434"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-07864"
      },
      {
        "date": "2016-12-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-86175"
      },
      {
        "date": "2015-12-08T22:20:00",
        "db": "BID",
        "id": "78345"
      },
      {
        "date": "2015-12-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006055"
      },
      {
        "date": "2021-04-22T21:15:08.047000",
        "db": "NVD",
        "id": "CVE-2015-8214"
      },
      {
        "date": "2021-04-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201511-434"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-434"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens SIMATIC Vulnerabilities that allow multiple devices to gain administrative access",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006055"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-434"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.