var-201702-0669
Vulnerability from variot

Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication. SIMATIC WinCC, SIMATIC PCS 7, SIMATIC PDM and SIMATIC IT are all industrial automation products from Siemens AG.

There is a certification bypass vulnerability in SIEMENS SIMATIC Logon. An attacker could exploit the vulnerability to bypass authentication mechanisms and perform unauthorized operations. This may aid in further attacks. Siemens SIMATIC WinCC, etc. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC. A security vulnerability exists in versions prior to SIMATIC Logon 1.5 SP3 Update 2 in several Siemens SIMATIC products. The following products and versions are affected: Siemens SIMATIC WinCC Version 7.x; SIMATIC WinCC Runtime Professional; SIMATIC PCS 7; SIMATIC PDM; SIMATIC IT

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0669",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simatic logon",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.5"
      },
      {
        "model": "simatic logon",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "1.5 sp3 update 2"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "7.x"
      },
      {
        "model": "simatic wincc runtime professional",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic pcs",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "7"
      },
      {
        "model": "simatic pdm",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic it",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic logon",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "1.5"
      },
      {
        "model": "simatic wincc runtime professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic wincc update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.41"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.4"
      },
      {
        "model": "simatic wincc update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.32"
      },
      {
        "model": "simatic wincc update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.310"
      },
      {
        "model": "simatic wincc update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.31"
      },
      {
        "model": "simatic wincc upd4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.3"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.3"
      },
      {
        "model": "simatic wincc update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.29"
      },
      {
        "model": "simatic wincc update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.28"
      },
      {
        "model": "simatic wincc update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.21"
      },
      {
        "model": "simatic wincc upd4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.2"
      },
      {
        "model": "simatic wincc upd11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.2"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.2"
      },
      {
        "model": "simatic wincc sp3 upd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.08"
      },
      {
        "model": "simatic wincc sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.0"
      },
      {
        "model": "simatic wincc sp2 upd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.012"
      },
      {
        "model": "simatic wincc sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.0"
      },
      {
        "model": "simatic wincc sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.03"
      },
      {
        "model": "simatic wincc sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.02"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7.0"
      },
      {
        "model": "simatic pdm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic pcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "78.2"
      },
      {
        "model": "simatic pcs sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "78.1"
      },
      {
        "model": "simatic pcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "78.1"
      },
      {
        "model": "simatic pcs sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "78.0"
      },
      {
        "model": "simatic pcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "78.0"
      },
      {
        "model": "simatic pcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "78"
      },
      {
        "model": "simatic pcs sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "77.1"
      },
      {
        "model": "simatic pcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "77.1"
      },
      {
        "model": "simatic pcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "77"
      },
      {
        "model": "simatic logon",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic it",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic logon sp3 update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.52"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic logon",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "9bc72032-e004-41ac-bce6-0e6ff85b8945"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-01343"
      },
      {
        "db": "BID",
        "id": "96208"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002227"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2684"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-612"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_logon:*:sp3_update_1:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2684"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported the issue.",
    "sources": [
      {
        "db": "BID",
        "id": "96208"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-2684",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-2684",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "CNVD-2017-01343",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "9bc72032-e004-41ac-bce6-0e6ff85b8945",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-110887",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.0,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-2684",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-2684",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-01343",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201702-612",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "9bc72032-e004-41ac-bce6-0e6ff85b8945",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-110887",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "9bc72032-e004-41ac-bce6-0e6ff85b8945"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-01343"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110887"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002227"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2684"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-612"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication. SIMATIC WinCC, SIMATIC PCS 7, SIMATIC PDM and SIMATIC IT are all industrial automation products from Siemens AG. \n\nThere is a certification bypass vulnerability in SIEMENS SIMATIC Logon. An attacker could exploit the vulnerability to bypass authentication mechanisms and perform unauthorized operations. This may aid in further attacks. Siemens SIMATIC WinCC, etc. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC. A security vulnerability exists in versions prior to SIMATIC Logon 1.5 SP3 Update 2 in several Siemens SIMATIC products. The following products and versions are affected: Siemens SIMATIC WinCC Version 7.x; SIMATIC WinCC Runtime Professional; SIMATIC PCS 7; SIMATIC PDM; SIMATIC IT",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2684"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002227"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-01343"
      },
      {
        "db": "BID",
        "id": "96208"
      },
      {
        "db": "IVD",
        "id": "9bc72032-e004-41ac-bce6-0e6ff85b8945"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110887"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-2684",
        "trust": 3.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-931064",
        "trust": 2.3
      },
      {
        "db": "BID",
        "id": "96208",
        "trust": 2.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-045-03",
        "trust": 1.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-612",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-01343",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002227",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "9BC72032-E004-41AC-BCE6-0E6FF85B8945",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-110887",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "9bc72032-e004-41ac-bce6-0e6ff85b8945"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-01343"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110887"
      },
      {
        "db": "BID",
        "id": "96208"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002227"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2684"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-612"
      }
    ]
  },
  "id": "VAR-201702-0669",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "9bc72032-e004-41ac-bce6-0e6ff85b8945"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-01343"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110887"
      }
    ],
    "trust": 1.545470526
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "9bc72032-e004-41ac-bce6-0e6ff85b8945"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-01343"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:57:27.176000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-931064",
        "trust": 0.8,
        "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-931064.pdf"
      },
      {
        "title": "Patch for SIEMENS SIMATIC Logon Certification Bypass Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/176385"
      },
      {
        "title": "Multiple Siemens SIMATIC Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68203"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-01343"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002227"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-612"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110887"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002227"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2684"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-931064.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/96208"
      },
      {
        "trust": 1.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-045-03"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2684"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2684"
      },
      {
        "trust": 0.6,
        "url": "http://www.siemens.com/cert/en/cert-security-advisories.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www.siemens.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-01343"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110887"
      },
      {
        "db": "BID",
        "id": "96208"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002227"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2684"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-612"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "9bc72032-e004-41ac-bce6-0e6ff85b8945"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-01343"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110887"
      },
      {
        "db": "BID",
        "id": "96208"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002227"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2684"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-612"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-02-14T00:00:00",
        "db": "IVD",
        "id": "9bc72032-e004-41ac-bce6-0e6ff85b8945"
      },
      {
        "date": "2017-02-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-01343"
      },
      {
        "date": "2017-02-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110887"
      },
      {
        "date": "2017-02-14T00:00:00",
        "db": "BID",
        "id": "96208"
      },
      {
        "date": "2017-04-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-002227"
      },
      {
        "date": "2017-02-22T02:59:00.153000",
        "db": "NVD",
        "id": "CVE-2017-2684"
      },
      {
        "date": "2017-02-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-612"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-01343"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110887"
      },
      {
        "date": "2017-03-07T04:02:00",
        "db": "BID",
        "id": "96208"
      },
      {
        "date": "2017-09-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-002227"
      },
      {
        "date": "2019-10-09T23:27:06.587000",
        "db": "NVD",
        "id": "CVE-2017-2684"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-612"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-612"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens SIMATIC Logon Vulnerabilities that bypass application-level authentication",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-002227"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-612"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.