var-201708-0476
Vulnerability from variot
An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions < V7.4 SP1), SIMATIC WinCC Runtime Professional (All versions < V14 SP1), SIMATIC NET PC Software, and SIMATIC IT Production Suite. By sending specially crafted packets to the OPC Discovery Server at port 4840/tcp, an attacker might cause the system to access various resources chosen by the attacker. Siemens industrial products are based on the OPC UAP protocol based on OPC to discover and configure LAN device information.
The Siemens OPC UA protocol has an XML external entity vulnerability. Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions. Siemens SIMATIC PCS and so on are all products of German Siemens (Siemens). Siemens SIMATIC PCS is a process control system. SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0476",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic pcs7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.1"
},
{
"model": "local discovery server",
"scope": "lte",
"trust": 1.0,
"vendor": "ocpfoundation",
"version": "1.01.333.0"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.4"
},
{
"model": "ua .net",
"scope": "lte",
"trust": 1.0,
"vendor": "ocpfoundation",
"version": "2017-03-21"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "78.0"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "78.1"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "7.3"
},
{
"model": "local discovery server",
"scope": "lt",
"trust": 0.8,
"vendor": "opc",
"version": "1.03.367"
},
{
"model": "ua .net",
"scope": "eq",
"trust": 0.8,
"vendor": "opc",
"version": "2017-03-21"
},
{
"model": "simatic it production suite",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic net pc software",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic pcs 7",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime professional",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic it production suite all",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic net pc-software",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7\u003c=7.1"
},
{
"model": "simatic wincc sp1",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v7.4"
},
{
"model": "simatic wincc runtime professional",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v13"
},
{
"model": "simatic wincc runtime professional sp1",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v14"
},
{
"model": "local discovery server",
"scope": "eq",
"trust": 0.6,
"vendor": "ocpfoundation",
"version": "1.01.333.0"
},
{
"model": "ua .net",
"scope": "eq",
"trust": 0.6,
"vendor": "ocpfoundation",
"version": "2017-03-21"
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.4"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "77.1"
},
{
"model": "simatic net pc-software",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic net pc-software sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc-software hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc-software",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc-software sp2 hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic net pc-software",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic it production suite",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "plant connectivity",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "15.0"
},
{
"model": "simatic wincc runtime professional sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "7.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "local discovery server",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ua net",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"db": "BID",
"id": "100559"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"db": "NVD",
"id": "CVE-2017-12069"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1273"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ocpfoundation:ua_.net:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2017-03-21",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ocpfoundation:local_discovery_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.01.333.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12069"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergey Temnikov of Kaspersky Lab.",
"sources": [
{
"db": "BID",
"id": "100559"
}
],
"trust": 0.3
},
"cve": "CVE-2017-12069",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-12069",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-24363",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-102554",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.2,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-12069",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12069",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-24363",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1273",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-102554",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-12069",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"db": "VULHUB",
"id": "VHN-102554"
},
{
"db": "VULMON",
"id": "CVE-2017-12069"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"db": "NVD",
"id": "CVE-2017-12069"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1273"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions \u003c V7.4 SP1), SIMATIC WinCC Runtime Professional (All versions \u003c V14 SP1), SIMATIC NET PC Software, and SIMATIC IT Production Suite. By sending specially crafted packets to the OPC Discovery Server at port 4840/tcp, an attacker might cause the system to access various resources chosen by the attacker. Siemens industrial products are based on the OPC UAP protocol based on OPC to discover and configure LAN device information. \n\nThe Siemens OPC UA protocol has an XML external entity vulnerability. \nAttackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions. Siemens SIMATIC PCS and so on are all products of German Siemens (Siemens). Siemens SIMATIC PCS is a process control system. SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12069"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"db": "BID",
"id": "100559"
},
{
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"db": "VULHUB",
"id": "VHN-102554"
},
{
"db": "VULMON",
"id": "CVE-2017-12069"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12069",
"trust": 3.7
},
{
"db": "SIEMENS",
"id": "SSA-535640",
"trust": 1.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-243-01",
"trust": 1.6
},
{
"db": "BID",
"id": "100559",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1039510",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1273",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-24363",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-243-01B",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019",
"trust": 0.8
},
{
"db": "IVD",
"id": "E3C681F4-90BE-4763-9EA0-9BF8B55433BB",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-102554",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-12069",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"db": "VULHUB",
"id": "VHN-102554"
},
{
"db": "VULMON",
"id": "CVE-2017-12069"
},
{
"db": "BID",
"id": "100559"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"db": "NVD",
"id": "CVE-2017-12069"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1273"
}
]
},
"id": "VAR-201708-0476",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"db": "VULHUB",
"id": "VHN-102554"
}
],
"trust": 1.4807013
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"db": "CNVD",
"id": "CNVD-2017-24363"
}
]
},
"last_update_date": "2023-12-18T13:24:20.856000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Update for the OPC UA .NET Sample Code",
"trust": 0.8,
"url": "https://opcfoundation-onlineapplications.org/faq/securitybulletins/opc_foundation_security_bulletin_cve-2017-12069.pdf"
},
{
"title": "SSA-535640",
"trust": 0.8,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-535640.pdf"
},
{
"title": "Patch for Siemens OPC UA Protocol XML External Entity Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/176381"
},
{
"title": "Multiple Siemens product OPC Foundation UA .NET Sample Code and Local Discovery Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74833"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=0561e5e7e515f186e8a5589cf02f38a8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"db": "VULMON",
"id": "CVE-2017-12069"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1273"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-611",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102554"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"db": "NVD",
"id": "CVE-2017-12069"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-535640.pdf"
},
{
"trust": 1.5,
"url": "https://opcfoundation-onlineapplications.org/faq/securitybulletins/opc_foundation_security_bulletin_cve-2017-12069.pdf"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/100559"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1039510"
},
{
"trust": 0.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-243-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12069"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-243-01b"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12069"
},
{
"trust": 0.6,
"url": "https://support.industry.siemens.com/cs/ww/en/view/109746038"
},
{
"trust": 0.6,
"url": "https://support.industry.siemens.com/cs/ww/en/view/109746276"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-17-243-01-0"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.3,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=500633095"
},
{
"trust": 0.3,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=499356993"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/611.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=55504"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-17-243-01-0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"db": "VULHUB",
"id": "VHN-102554"
},
{
"db": "VULMON",
"id": "CVE-2017-12069"
},
{
"db": "BID",
"id": "100559"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"db": "NVD",
"id": "CVE-2017-12069"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1273"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"db": "VULHUB",
"id": "VHN-102554"
},
{
"db": "VULMON",
"id": "CVE-2017-12069"
},
{
"db": "BID",
"id": "100559"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"db": "NVD",
"id": "CVE-2017-12069"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1273"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-02T00:00:00",
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"date": "2017-09-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"date": "2017-08-30T00:00:00",
"db": "VULHUB",
"id": "VHN-102554"
},
{
"date": "2017-08-30T00:00:00",
"db": "VULMON",
"id": "CVE-2017-12069"
},
{
"date": "2017-08-31T00:00:00",
"db": "BID",
"id": "100559"
},
{
"date": "2017-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"date": "2017-08-30T19:29:00.210000",
"db": "NVD",
"id": "CVE-2017-12069"
},
{
"date": "2017-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1273"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"date": "2017-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-102554"
},
{
"date": "2017-10-06T00:00:00",
"db": "VULMON",
"id": "CVE-2017-12069"
},
{
"date": "2018-10-12T04:00:00",
"db": "BID",
"id": "100559"
},
{
"date": "2017-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"date": "2017-10-06T01:29:00.443000",
"db": "NVD",
"id": "CVE-2017-12069"
},
{
"date": "2020-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1273"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1273"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens OPC UA protocol XML External entity vulnerability",
"sources": [
{
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"db": "CNVD",
"id": "CNVD-2017-24363"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1273"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.