var-201808-0744
Vulnerability from variot
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device. SIMATIC STEP 7 and WinCC (TIA Portal ) Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens SIMATIC STEP 7 (TIA Portal) is a set of programming software for SIMATIC controllers. The software provides PLC programming, design option packages and advanced drive technology. WinCC (TIA Portal) is an automated data acquisition and monitoring (SCADA) system. The system provides functions such as process monitoring and data acquisition. And resources that are executed by the user. Siemens SIMATIC STEP 7 and SIMATIC WinCC are prone to multiple insecure file-permissions vulnerabilities. A local attacker can exploit these issues by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0744",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "15.0"
},
{
"model": "simatic step 7 \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "13.0"
},
{
"model": "simatic step 7 \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "15.0"
},
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "13.0"
},
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "10.0"
},
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "11.0"
},
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "12.0"
},
{
"model": "simatic step 7 \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "simatic step 7 \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "11.0"
},
{
"model": "simatic step 7 \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "10.0"
},
{
"model": "simatic step 7 \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "12.0"
},
{
"model": "simatic step 7",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "710"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "711"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "712"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "713"
},
{
"model": "simatic step sp1 update",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "714.*\u003c146"
},
{
"model": "simatic step update",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "715.*\u003c152"
},
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "10"
},
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "11"
},
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "12"
},
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "13"
},
{
"model": "wincc sp1 update",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "14.*\u003c146"
},
{
"model": "wincc update",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "15.*\u003c152"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "simatic step 7 tia portal",
"version": "13.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v120"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v110"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v15"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v13"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v10"
},
{
"model": "simatic step tia portal",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v14"
},
{
"model": "simatic step tia portal",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v13"
},
{
"model": "simatic step tia portal",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v12"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v15"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v11"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v10"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7 tia portal",
"version": "10.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7 tia portal",
"version": "11.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7 tia portal",
"version": "12.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7 tia portal",
"version": "14.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7 tia portal",
"version": "15.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": "10.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": "11.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": "12.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": "13.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": "14.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": "15.0"
}
],
"sources": [
{
"db": "IVD",
"id": "e2fc30c0-39ab-11e9-8ae0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19602"
},
{
"db": "BID",
"id": "105115"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009208"
},
{
"db": "NVD",
"id": "CVE-2018-11454"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-240"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):13.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-11454"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Younes Dragoni from Nozomi Networks.",
"sources": [
{
"db": "BID",
"id": "105115"
}
],
"trust": 0.3
},
"cve": "CVE-2018-11454",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-11454",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-19602",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "e2fc30c0-39ab-11e9-8ae0-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-121315",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-11454",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-11454",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-19602",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-240",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2fc30c0-39ab-11e9-8ae0-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-121315",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2fc30c0-39ab-11e9-8ae0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19602"
},
{
"db": "VULHUB",
"id": "VHN-121315"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009208"
},
{
"db": "NVD",
"id": "CVE-2018-11454"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-240"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions \u003c V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions \u003c V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device. SIMATIC STEP 7 and WinCC (TIA Portal ) Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens SIMATIC STEP 7 (TIA Portal) is a set of programming software for SIMATIC controllers. The software provides PLC programming, design option packages and advanced drive technology. WinCC (TIA Portal) is an automated data acquisition and monitoring (SCADA) system. The system provides functions such as process monitoring and data acquisition. And resources that are executed by the user. Siemens SIMATIC STEP 7 and SIMATIC WinCC are prone to multiple insecure file-permissions vulnerabilities. \nA local attacker can exploit these issues by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-11454"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009208"
},
{
"db": "CNVD",
"id": "CNVD-2018-19602"
},
{
"db": "BID",
"id": "105115"
},
{
"db": "IVD",
"id": "e2fc30c0-39ab-11e9-8ae0-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-121315"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-11454",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-979106",
"trust": 2.3
},
{
"db": "BID",
"id": "105115",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-18-226-01",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201808-240",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-19602",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009208",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2FC30C0-39AB-11E9-8AE0-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-121315",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2fc30c0-39ab-11e9-8ae0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19602"
},
{
"db": "VULHUB",
"id": "VHN-121315"
},
{
"db": "BID",
"id": "105115"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009208"
},
{
"db": "NVD",
"id": "CVE-2018-11454"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-240"
}
]
},
"id": "VAR-201808-0744",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2fc30c0-39ab-11e9-8ae0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19602"
},
{
"db": "VULHUB",
"id": "VHN-121315"
}
],
"trust": 1.6596514042857142
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2fc30c0-39ab-11e9-8ae0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19602"
}
]
},
"last_update_date": "2023-12-18T12:43:53.710000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-979106",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf"
},
{
"title": "Patch for Siemens SIMATIC STEP 7 and WinCC Rights Management Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/140875"
},
{
"title": "Siemens SIMATIC STEP 7 and WinCC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83959"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19602"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009208"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-240"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121315"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009208"
},
{
"db": "NVD",
"id": "CVE-2018-11454"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105115"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-226-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11454"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11454"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19602"
},
{
"db": "VULHUB",
"id": "VHN-121315"
},
{
"db": "BID",
"id": "105115"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009208"
},
{
"db": "NVD",
"id": "CVE-2018-11454"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-240"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2fc30c0-39ab-11e9-8ae0-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-19602"
},
{
"db": "VULHUB",
"id": "VHN-121315"
},
{
"db": "BID",
"id": "105115"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009208"
},
{
"db": "NVD",
"id": "CVE-2018-11454"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-240"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-21T00:00:00",
"db": "IVD",
"id": "e2fc30c0-39ab-11e9-8ae0-000c29342cb1"
},
{
"date": "2018-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19602"
},
{
"date": "2018-08-07T00:00:00",
"db": "VULHUB",
"id": "VHN-121315"
},
{
"date": "2018-08-14T00:00:00",
"db": "BID",
"id": "105115"
},
{
"date": "2018-11-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009208"
},
{
"date": "2018-08-07T15:29:00.373000",
"db": "NVD",
"id": "CVE-2018-11454"
},
{
"date": "2018-08-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-240"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19602"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-121315"
},
{
"date": "2018-08-14T00:00:00",
"db": "BID",
"id": "105115"
},
{
"date": "2019-01-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009208"
},
{
"date": "2019-10-09T23:33:32.290000",
"db": "NVD",
"id": "CVE-2018-11454"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-240"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "105115"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-240"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SIMATIC STEP 7 and WinCC Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009208"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-240"
}
],
"trust": 0.6
}
}
Loading...