var-201809-0289
Vulnerability from variot

A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability could be exploited by an attacker with network access to port 5678/TCP of the SIMATIC WinCC OA V3.14 server. Successful exploitation requires no user privileges and no user interaction. This vulnerability could allow an attacker to compromise integrity and availability of the SIMATIC WinCC OA system. At the time of advisory publication no public exploitation of this vulnerability was known. SIMATIC WinCC OA Contains an access control vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. The client-server HMI (Human Machine Interface) system SIMATIC WinCC Open Architecture (OA) is part of the SIMATIC HMI family. It is designed for applications that require a high degree of customer-specific adaptation, large or complex applications, and projects that impose specific system requirements or functionality. A privilege elevation vulnerability exists in SIMATIC WinCC OAV 3.14 and earlier, allowing unauthenticated remote users to upgrade their rights in the context of SIMATIC WinCC OAV 3.14. Siemens SIMATIC WinCC OA is prone to an access-bypass vulnerability. An attacker can exploit this issue to gain elevated privileges. Siemens SIMATIC WinCC OA (Open Architecture) is a SCADA system of Siemens (Siemens) in Germany, and it is also an integral part of the HMI series. The system is mainly applicable to industries such as rail transit, building automation and public power supply

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0289",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simatic wincc open architecture",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.14"
      },
      {
        "model": "wincc oa",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "\u003c=v3.14"
      },
      {
        "model": "simatic wincc oa",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "3.14-p021"
      },
      {
        "model": "simatic wincc open architecture",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "3.14"
      },
      {
        "model": "simatic wincc oa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.8"
      },
      {
        "model": "simatic wincc oa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.14"
      },
      {
        "model": "simatic wincc oa p002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.12"
      },
      {
        "model": "simatic wincc oa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.12"
      },
      {
        "model": "simatic wincc oa 3.14-p021",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2fa34f0-39ab-11e9-96c7-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-18613"
      },
      {
        "db": "BID",
        "id": "105332"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011290"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13799"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-573"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:siemens:simatic_wincc_open_architecture:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.14",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-13799"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "105332"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-13799",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.4,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-13799",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.4,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-18613",
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.4,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "e2fa34f0-39ab-11e9-96c7-000c29342cb1",
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-123894",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.1,
            "baseSeverity": "Critical",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-13799",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-13799",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-18613",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201809-573",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "e2fa34f0-39ab-11e9-96c7-000c29342cb1",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-123894",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2fa34f0-39ab-11e9-96c7-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-18613"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123894"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011290"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13799"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-573"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions \u003c V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability could be exploited by an attacker with network access to port 5678/TCP of the SIMATIC WinCC OA V3.14 server. Successful exploitation requires no user privileges and no user interaction. This vulnerability could allow an attacker to compromise integrity and availability of the SIMATIC WinCC OA system. At the time of advisory publication no public exploitation of this vulnerability was known. SIMATIC WinCC OA Contains an access control vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. The client-server HMI (Human Machine Interface) system SIMATIC WinCC Open Architecture (OA) is part of the SIMATIC HMI family. It is designed for applications that require a high degree of customer-specific adaptation, large or complex applications, and projects that impose specific system requirements or functionality. A privilege elevation vulnerability exists in SIMATIC WinCC OAV 3.14 and earlier, allowing unauthenticated remote users to upgrade their rights in the context of SIMATIC WinCC OAV 3.14. Siemens SIMATIC WinCC OA is prone to an access-bypass vulnerability. \nAn attacker can exploit this issue to gain elevated privileges. Siemens SIMATIC WinCC OA (Open Architecture) is a SCADA system of Siemens (Siemens) in Germany, and it is also an integral part of the HMI series. The system is mainly applicable to industries such as rail transit, building automation and public power supply",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-13799"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011290"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-18613"
      },
      {
        "db": "BID",
        "id": "105332"
      },
      {
        "db": "IVD",
        "id": "e2fa34f0-39ab-11e9-96c7-000c29342cb1"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123894"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-13799",
        "trust": 3.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-346256",
        "trust": 2.3
      },
      {
        "db": "BID",
        "id": "105332",
        "trust": 2.0
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-254-04",
        "trust": 1.1
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-573",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-18613",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011290",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "E2FA34F0-39AB-11E9-96C7-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-98899",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-123894",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2fa34f0-39ab-11e9-96c7-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-18613"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123894"
      },
      {
        "db": "BID",
        "id": "105332"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011290"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13799"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-573"
      }
    ]
  },
  "id": "VAR-201809-0289",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "e2fa34f0-39ab-11e9-96c7-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-18613"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123894"
      }
    ],
    "trust": 1.5731301
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      },
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2fa34f0-39ab-11e9-96c7-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-18613"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:43:34.166000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-346256",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf"
      },
      {
        "title": "Patch for SIMATIC WinCCOA privilege escalation vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/140015"
      },
      {
        "title": "Siemens SIMATIC WinCC OA Fixes for access control error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84840"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-18613"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011290"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-573"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123894"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011290"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13799"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/105332"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-254-04"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13799"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13799"
      },
      {
        "trust": 0.6,
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-346256.txt"
      },
      {
        "trust": 0.3,
        "url": "http://www.siemens.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-18613"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123894"
      },
      {
        "db": "BID",
        "id": "105332"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011290"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13799"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-573"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "e2fa34f0-39ab-11e9-96c7-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-18613"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123894"
      },
      {
        "db": "BID",
        "id": "105332"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011290"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13799"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-573"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-13T00:00:00",
        "db": "IVD",
        "id": "e2fa34f0-39ab-11e9-96c7-000c29342cb1"
      },
      {
        "date": "2018-09-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-18613"
      },
      {
        "date": "2018-09-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123894"
      },
      {
        "date": "2018-09-11T00:00:00",
        "db": "BID",
        "id": "105332"
      },
      {
        "date": "2019-01-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-011290"
      },
      {
        "date": "2018-09-12T13:29:00.907000",
        "db": "NVD",
        "id": "CVE-2018-13799"
      },
      {
        "date": "2018-09-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-573"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-18613"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123894"
      },
      {
        "date": "2018-09-11T00:00:00",
        "db": "BID",
        "id": "105332"
      },
      {
        "date": "2019-01-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-011290"
      },
      {
        "date": "2019-10-09T23:34:31.967000",
        "db": "NVD",
        "id": "CVE-2018-13799"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-573"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-573"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SIMATIC WinCC OA Access control vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-011290"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Access control error",
    "sources": [
      {
        "db": "IVD",
        "id": "e2fa34f0-39ab-11e9-96c7-000c29342cb1"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-573"
      }
    ],
    "trust": 0.8
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.