VAR-201809-0289
Vulnerability from variot - Updated: 2023-12-18 13:43A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability could be exploited by an attacker with network access to port 5678/TCP of the SIMATIC WinCC OA V3.14 server. Successful exploitation requires no user privileges and no user interaction. This vulnerability could allow an attacker to compromise integrity and availability of the SIMATIC WinCC OA system. At the time of advisory publication no public exploitation of this vulnerability was known. SIMATIC WinCC OA Contains an access control vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. The client-server HMI (Human Machine Interface) system SIMATIC WinCC Open Architecture (OA) is part of the SIMATIC HMI family. It is designed for applications that require a high degree of customer-specific adaptation, large or complex applications, and projects that impose specific system requirements or functionality. A privilege elevation vulnerability exists in SIMATIC WinCC OAV 3.14 and earlier, allowing unauthenticated remote users to upgrade their rights in the context of SIMATIC WinCC OAV 3.14. Siemens SIMATIC WinCC OA is prone to an access-bypass vulnerability. An attacker can exploit this issue to gain elevated privileges. Siemens SIMATIC WinCC OA (Open Architecture) is a SCADA system of Siemens (Siemens) in Germany, and it is also an integral part of the HMI series. The system is mainly applicable to industries such as rail transit, building automation and public power supply
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0289",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic wincc open architecture",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.14"
},
{
"model": "wincc oa",
"scope": "lte",
"trust": 0.8,
"vendor": "siemens",
"version": "\u003c=v3.14"
},
{
"model": "simatic wincc oa",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "3.14-p021"
},
{
"model": "simatic wincc open architecture",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.14"
},
{
"model": "simatic wincc oa",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.8"
},
{
"model": "simatic wincc oa",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.14"
},
{
"model": "simatic wincc oa p002",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.12"
},
{
"model": "simatic wincc oa",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.12"
},
{
"model": "simatic wincc oa 3.14-p021",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2fa34f0-39ab-11e9-96c7-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18613"
},
{
"db": "BID",
"id": "105332"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011290"
},
{
"db": "NVD",
"id": "CVE-2018-13799"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-573"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_wincc_open_architecture:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.14",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13799"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "105332"
}
],
"trust": 0.3
},
"cve": "CVE-2018-13799",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-13799",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-18613",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "e2fa34f0-39ab-11e9-96c7-000c29342cb1",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-123894",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-13799",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-13799",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-18613",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-573",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2fa34f0-39ab-11e9-96c7-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-123894",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2fa34f0-39ab-11e9-96c7-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18613"
},
{
"db": "VULHUB",
"id": "VHN-123894"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011290"
},
{
"db": "NVD",
"id": "CVE-2018-13799"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-573"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions \u003c V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability could be exploited by an attacker with network access to port 5678/TCP of the SIMATIC WinCC OA V3.14 server. Successful exploitation requires no user privileges and no user interaction. This vulnerability could allow an attacker to compromise integrity and availability of the SIMATIC WinCC OA system. At the time of advisory publication no public exploitation of this vulnerability was known. SIMATIC WinCC OA Contains an access control vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. The client-server HMI (Human Machine Interface) system SIMATIC WinCC Open Architecture (OA) is part of the SIMATIC HMI family. It is designed for applications that require a high degree of customer-specific adaptation, large or complex applications, and projects that impose specific system requirements or functionality. A privilege elevation vulnerability exists in SIMATIC WinCC OAV 3.14 and earlier, allowing unauthenticated remote users to upgrade their rights in the context of SIMATIC WinCC OAV 3.14. Siemens SIMATIC WinCC OA is prone to an access-bypass vulnerability. \nAn attacker can exploit this issue to gain elevated privileges. Siemens SIMATIC WinCC OA (Open Architecture) is a SCADA system of Siemens (Siemens) in Germany, and it is also an integral part of the HMI series. The system is mainly applicable to industries such as rail transit, building automation and public power supply",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13799"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011290"
},
{
"db": "CNVD",
"id": "CNVD-2018-18613"
},
{
"db": "BID",
"id": "105332"
},
{
"db": "IVD",
"id": "e2fa34f0-39ab-11e9-96c7-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-123894"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-13799",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-346256",
"trust": 2.3
},
{
"db": "BID",
"id": "105332",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-18-254-04",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201809-573",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-18613",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011290",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2FA34F0-39AB-11E9-96C7-000C29342CB1",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-98899",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-123894",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2fa34f0-39ab-11e9-96c7-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18613"
},
{
"db": "VULHUB",
"id": "VHN-123894"
},
{
"db": "BID",
"id": "105332"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011290"
},
{
"db": "NVD",
"id": "CVE-2018-13799"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-573"
}
]
},
"id": "VAR-201809-0289",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2fa34f0-39ab-11e9-96c7-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18613"
},
{
"db": "VULHUB",
"id": "VHN-123894"
}
],
"trust": 1.5731301
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2fa34f0-39ab-11e9-96c7-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18613"
}
]
},
"last_update_date": "2023-12-18T13:43:34.166000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-346256",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf"
},
{
"title": "Patch for SIMATIC WinCCOA privilege escalation vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/140015"
},
{
"title": "Siemens SIMATIC WinCC OA Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84840"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18613"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011290"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-573"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123894"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011290"
},
{
"db": "NVD",
"id": "CVE-2018-13799"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105332"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-04"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13799"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13799"
},
{
"trust": 0.6,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-346256.txt"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18613"
},
{
"db": "VULHUB",
"id": "VHN-123894"
},
{
"db": "BID",
"id": "105332"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011290"
},
{
"db": "NVD",
"id": "CVE-2018-13799"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-573"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2fa34f0-39ab-11e9-96c7-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-18613"
},
{
"db": "VULHUB",
"id": "VHN-123894"
},
{
"db": "BID",
"id": "105332"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011290"
},
{
"db": "NVD",
"id": "CVE-2018-13799"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-573"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-13T00:00:00",
"db": "IVD",
"id": "e2fa34f0-39ab-11e9-96c7-000c29342cb1"
},
{
"date": "2018-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18613"
},
{
"date": "2018-09-12T00:00:00",
"db": "VULHUB",
"id": "VHN-123894"
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105332"
},
{
"date": "2019-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011290"
},
{
"date": "2018-09-12T13:29:00.907000",
"db": "NVD",
"id": "CVE-2018-13799"
},
{
"date": "2018-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-573"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18613"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-123894"
},
{
"date": "2018-09-11T00:00:00",
"db": "BID",
"id": "105332"
},
{
"date": "2019-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011290"
},
{
"date": "2019-10-09T23:34:31.967000",
"db": "NVD",
"id": "CVE-2018-13799"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-573"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-573"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SIMATIC WinCC OA Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011290"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "e2fa34f0-39ab-11e9-96c7-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-573"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…