var-201808-0743
Vulnerability from variot

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially crafted files which may prevent TIA Portal startup (Denial-of-Service) or lead to local code execution. No special privileges are required, but the victim needs to attempt to start TIA Portal after the manipulation. SIMATIC STEP 7 and WinCC (TIA Portal ) Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens SIMATIC STEP 7 (TIA Portal) is a set of programming software for SIMATIC controllers. The software provides PLC programming, design option packages and advanced drive technology. WinCC (TIA Portal) is an automated data acquisition and monitoring (SCADA) system. The system provides functions such as process monitoring and data acquisition. The Portal starts, causing a denial of service or execution of code. Siemens SIMATIC STEP 7 and SIMATIC WinCC are prone to multiple insecure file-permissions vulnerabilities. A local attacker can exploit these issues by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201808-0743",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simatic wincc \\",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "15.0"
      },
      {
        "model": "simatic step 7 \\",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "13.0"
      },
      {
        "model": "simatic step 7 \\",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "15.0"
      },
      {
        "model": "simatic wincc \\",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "13.0"
      },
      {
        "model": "simatic step 7 \\",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "11.0"
      },
      {
        "model": "simatic wincc \\",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "14.0"
      },
      {
        "model": "simatic step 7 \\",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "10.0"
      },
      {
        "model": "simatic step 7 \\",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "14.0"
      },
      {
        "model": "simatic step 7 \\",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "12.0"
      },
      {
        "model": "simatic wincc \\",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "10.0"
      },
      {
        "model": "simatic wincc \\",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "11.0"
      },
      {
        "model": "simatic wincc \\",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "12.0"
      },
      {
        "model": "simatic step 7",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic wincc",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic step",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "710"
      },
      {
        "model": "simatic step",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "711"
      },
      {
        "model": "simatic step",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "712"
      },
      {
        "model": "simatic step",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "713"
      },
      {
        "model": "simatic step sp1 update",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "714.*\u003c146"
      },
      {
        "model": "simatic step update",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "715.*\u003c152"
      },
      {
        "model": "wincc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "10"
      },
      {
        "model": "wincc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "11"
      },
      {
        "model": "wincc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "12"
      },
      {
        "model": "wincc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "13"
      },
      {
        "model": "wincc sp1 update",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "14.*\u003c146"
      },
      {
        "model": "wincc update",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "15.*\u003c152"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "simatic step 7 tia portal",
        "version": "13.0"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "v120"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "v110"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "v15"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "v13"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "v11"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "v10"
      },
      {
        "model": "simatic step tia portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7v14"
      },
      {
        "model": "simatic step tia portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7v13"
      },
      {
        "model": "simatic step tia portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7v12"
      },
      {
        "model": "simatic step",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7v15"
      },
      {
        "model": "simatic step",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7v11"
      },
      {
        "model": "simatic step",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "7v10"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic step 7 tia portal",
        "version": "10.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic step 7 tia portal",
        "version": "11.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic step 7 tia portal",
        "version": "12.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic step 7 tia portal",
        "version": "14.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic step 7 tia portal",
        "version": "15.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic wincc tia portal",
        "version": "10.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic wincc tia portal",
        "version": "11.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic wincc tia portal",
        "version": "12.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic wincc tia portal",
        "version": "13.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic wincc tia portal",
        "version": "14.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "simatic wincc tia portal",
        "version": "15.0"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2fc57cf-39ab-11e9-b215-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-19601"
      },
      {
        "db": "BID",
        "id": "105115"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009209"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11453"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-241"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):13.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):13.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):12.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):13.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-11453"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Younes Dragoni from Nozomi Networks.",
    "sources": [
      {
        "db": "BID",
        "id": "105115"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-11453",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-11453",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2018-19601",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "e2fc57cf-39ab-11e9-b215-000c29342cb1",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-121314",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-11453",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-11453",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-19601",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201808-241",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "e2fc57cf-39ab-11e9-b215-000c29342cb1",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-121314",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2fc57cf-39ab-11e9-b215-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-19601"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121314"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009209"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11453"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-241"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions \u003c V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions \u003c V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially crafted files which may prevent TIA Portal startup (Denial-of-Service) or lead to local code execution. No special privileges are required, but the victim needs to attempt to start TIA Portal after the manipulation. SIMATIC STEP 7 and WinCC (TIA Portal ) Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens SIMATIC STEP 7 (TIA Portal) is a set of programming software for SIMATIC controllers. The software provides PLC programming, design option packages and advanced drive technology. WinCC (TIA Portal) is an automated data acquisition and monitoring (SCADA) system. The system provides functions such as process monitoring and data acquisition. The Portal starts, causing a denial of service or execution of code. Siemens SIMATIC STEP 7 and SIMATIC WinCC are prone to multiple insecure file-permissions vulnerabilities. \nA local attacker can exploit these issues by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-11453"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009209"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-19601"
      },
      {
        "db": "BID",
        "id": "105115"
      },
      {
        "db": "IVD",
        "id": "e2fc57cf-39ab-11e9-b215-000c29342cb1"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121314"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-11453",
        "trust": 3.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-979106",
        "trust": 2.3
      },
      {
        "db": "BID",
        "id": "105115",
        "trust": 2.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-226-01",
        "trust": 1.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-241",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-19601",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009209",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "E2FC57CF-39AB-11E9-B215-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-121314",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2fc57cf-39ab-11e9-b215-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-19601"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121314"
      },
      {
        "db": "BID",
        "id": "105115"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009209"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11453"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-241"
      }
    ]
  },
  "id": "VAR-201808-0743",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "e2fc57cf-39ab-11e9-b215-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-19601"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121314"
      }
    ],
    "trust": 1.6596514042857142
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2fc57cf-39ab-11e9-b215-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-19601"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:43:53.749000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-979106",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf"
      },
      {
        "title": "Patch for Siemens SIMATIC STEP 7 and WinCC Denial of Service Vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/140877"
      },
      {
        "title": "Siemens SIMATIC STEP 7  and WinCC Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83960"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-19601"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009209"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-241"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-732",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-121314"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009209"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11453"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/105115"
      },
      {
        "trust": 1.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-226-01"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11453"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11453"
      },
      {
        "trust": 0.3,
        "url": "http://www.siemens.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-19601"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121314"
      },
      {
        "db": "BID",
        "id": "105115"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009209"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11453"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-241"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "e2fc57cf-39ab-11e9-b215-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-19601"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121314"
      },
      {
        "db": "BID",
        "id": "105115"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009209"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11453"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-241"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-21T00:00:00",
        "db": "IVD",
        "id": "e2fc57cf-39ab-11e9-b215-000c29342cb1"
      },
      {
        "date": "2018-09-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-19601"
      },
      {
        "date": "2018-08-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121314"
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "BID",
        "id": "105115"
      },
      {
        "date": "2018-11-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-009209"
      },
      {
        "date": "2018-08-07T15:29:00.247000",
        "db": "NVD",
        "id": "CVE-2018-11453"
      },
      {
        "date": "2018-08-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201808-241"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-21T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-19601"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121314"
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "BID",
        "id": "105115"
      },
      {
        "date": "2019-01-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-009209"
      },
      {
        "date": "2019-10-09T23:33:32.137000",
        "db": "NVD",
        "id": "CVE-2018-11453"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201808-241"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "105115"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-241"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SIMATIC STEP 7 and  WinCC Vulnerabilities related to authorization, permissions, and access control",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009209"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201808-241"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.