VAR-201607-0463
Vulnerability from variot - Updated: 2023-12-18 13:19Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service (OPC UA service outage) via crafted TCP packets. SIMATIC NET is an open and diverse communication system from Siemens at the industrial control level. A denial of service vulnerability exists in Siemens SIMATIC NET PCSoftware. Need to manually restart the recovery system. An attacker can exploit this issue to cause the affected application to restart, denying service to legitimate users. Siemens SIMATIC NET PC-Software is a set of software from Siemens, Germany, which supports PLC (programmable logic controller) and personal computer network communication
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0463",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic net pc-software",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc-software",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc software",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "13 sp2"
},
{
"model": "simatic net pc-software sp2",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v13"
},
{
"model": "simatic net pc-software hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc-software sp2 hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic net pc-software",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic net pc-software sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic net pc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "5524f002-9108-4173-a9a0-5c2688ac020e"
},
{
"db": "CNVD",
"id": "CNVD-2016-05347"
},
{
"db": "BID",
"id": "92110"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004081"
},
{
"db": "NVD",
"id": "CVE-2016-5874"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-906"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_net_pc-software:*:sp1:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5874"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vladimir Dashchenko from Kaspersky Labs.",
"sources": [
{
"db": "BID",
"id": "92110"
}
],
"trust": 0.3
},
"cve": "CVE-2016-5874",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-5874",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-05347",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "5524f002-9108-4173-a9a0-5c2688ac020e",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-94694",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-5874",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-5874",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-05347",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-906",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5524f002-9108-4173-a9a0-5c2688ac020e",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-94694",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5524f002-9108-4173-a9a0-5c2688ac020e"
},
{
"db": "CNVD",
"id": "CNVD-2016-05347"
},
{
"db": "VULHUB",
"id": "VHN-94694"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004081"
},
{
"db": "NVD",
"id": "CVE-2016-5874"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-906"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service (OPC UA service outage) via crafted TCP packets. SIMATIC NET is an open and diverse communication system from Siemens at the industrial control level. A denial of service vulnerability exists in Siemens SIMATIC NET PCSoftware. Need to manually restart the recovery system. \nAn attacker can exploit this issue to cause the affected application to restart, denying service to legitimate users. Siemens SIMATIC NET PC-Software is a set of software from Siemens, Germany, which supports PLC (programmable logic controller) and personal computer network communication",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5874"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004081"
},
{
"db": "CNVD",
"id": "CNVD-2016-05347"
},
{
"db": "BID",
"id": "92110"
},
{
"db": "IVD",
"id": "5524f002-9108-4173-a9a0-5c2688ac020e"
},
{
"db": "VULHUB",
"id": "VHN-94694"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5874",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-453276",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-208-02",
"trust": 2.2
},
{
"db": "BID",
"id": "92110",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201607-906",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-05347",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004081",
"trust": 0.8
},
{
"db": "IVD",
"id": "5524F002-9108-4173-A9A0-5C2688AC020E",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-94694",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5524f002-9108-4173-a9a0-5c2688ac020e"
},
{
"db": "CNVD",
"id": "CNVD-2016-05347"
},
{
"db": "VULHUB",
"id": "VHN-94694"
},
{
"db": "BID",
"id": "92110"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004081"
},
{
"db": "NVD",
"id": "CVE-2016-5874"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-906"
}
]
},
"id": "VAR-201607-0463",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5524f002-9108-4173-a9a0-5c2688ac020e"
},
{
"db": "CNVD",
"id": "CNVD-2016-05347"
},
{
"db": "VULHUB",
"id": "VHN-94694"
}
],
"trust": 1.6307692
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "5524f002-9108-4173-a9a0-5c2688ac020e"
},
{
"db": "CNVD",
"id": "CNVD-2016-05347"
}
]
},
"last_update_date": "2023-12-18T13:19:40.753000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-453276",
"trust": 0.8,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-453276.pdf"
},
{
"title": "Siemens SIMATIC NET PCSoftware denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/79539"
},
{
"title": "Siemens SIMATIC NET PC-Software Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63266"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05347"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004081"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-906"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94694"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004081"
},
{
"db": "NVD",
"id": "CVE-2016-5874"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-453276.pdf"
},
{
"trust": 2.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-208-02"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92110"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5874"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5874"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05347"
},
{
"db": "VULHUB",
"id": "VHN-94694"
},
{
"db": "BID",
"id": "92110"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004081"
},
{
"db": "NVD",
"id": "CVE-2016-5874"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-906"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5524f002-9108-4173-a9a0-5c2688ac020e"
},
{
"db": "CNVD",
"id": "CNVD-2016-05347"
},
{
"db": "VULHUB",
"id": "VHN-94694"
},
{
"db": "BID",
"id": "92110"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004081"
},
{
"db": "NVD",
"id": "CVE-2016-5874"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-906"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-25T00:00:00",
"db": "IVD",
"id": "5524f002-9108-4173-a9a0-5c2688ac020e"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-05347"
},
{
"date": "2016-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-94694"
},
{
"date": "2016-07-22T00:00:00",
"db": "BID",
"id": "92110"
},
{
"date": "2016-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004081"
},
{
"date": "2016-07-22T15:59:02.897000",
"db": "NVD",
"id": "CVE-2016-5874"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-906"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-05347"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-94694"
},
{
"date": "2016-07-22T00:00:00",
"db": "BID",
"id": "92110"
},
{
"date": "2016-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004081"
},
{
"date": "2016-11-28T20:29:57.130000",
"db": "NVD",
"id": "CVE-2016-5874"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-906"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-906"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC NET PCSoftware Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "5524f002-9108-4173-a9a0-5c2688ac020e"
},
{
"db": "CNVD",
"id": "CNVD-2016-05347"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "5524f002-9108-4173-a9a0-5c2688ac020e"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-906"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…