Search criteria
104 vulnerabilities found for SIMATIC WinCC by Siemens
VAR-201705-3973
Vulnerability from variot - Updated: 2025-04-20 23:37A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Update 15), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions < flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15), SINEMA Server (All versions < V14), SINUMERIK 808D Programming Tool (All versions < V4.7 SP4 HF2), SMART PC Access (All versions < V2.3), STEP 7 - Micro/WIN SMART (All versions < V2.3), Security Configuration Tool (SCT) (All versions < V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover. SIMATIC WinCC (TIA Portal), SIMATIC STEP 7, SMART PC Access, SIMATIC Automation Tool, etc. are all industrial automation products from Siemens AG. A number of Siemens industrial products have a denial of service vulnerability. Attackers can exploit this issue to crash the affected device, denying service to legitimate users. Siemens SIMATIC WinCC, etc. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3973",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart pc access",
"scope": "eq",
"trust": 2.5,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "simatic wincc",
"scope": null,
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "13.0"
},
{
"model": "sinumerik 808d programming tool",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinaut st7cc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc flexible 2008",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic step 7 micro\\/win smart",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic winac rtx 2010",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic automation tool",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "sinaut st7cc",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "sinumerik 808d programming tool",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "simatic step 7 \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "13.0"
},
{
"model": "pcs 7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "simatic step 7 \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "simatic net pc-software",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "simatic step 7 \\",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "simatic winac rtx f 2010",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "security configuration tool",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "simatic automation tool",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "primary setup tool",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "0"
},
{
"model": "primary setup tool",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "security configuration tool",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic net pc software",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic pcs 7",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic step 7",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "v5.x"
},
{
"model": "simatic step 7",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic winac rtx 2010",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic winac rtx f 2010",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc flexible 2008",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "sinema server",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "smart pc access",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "step 7 - micro/win smart",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "75.x"
},
{
"model": "simatic winac rtx sp2 all",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2010"
},
{
"model": "simatic winac rtx f sp2 all",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2010"
},
{
"model": "security configuration tool all",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "primary setup tool all",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7"
},
{
"model": "simatic wincc professional sp2",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v13"
},
{
"model": "simatic wincc professional sp1",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v14"
},
{
"model": "simatic step sp2",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7\u003cv13"
},
{
"model": "simatic step sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7\u003cv14"
},
{
"model": "step micro win smart",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7-/"
},
{
"model": "simatic net pc-software",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinumerik 808d programming tool",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sinema server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "sinema server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12.0"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12.0-"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "sinaut st7cc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc flexible sp3 up7",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc basic",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v13"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v13"
},
{
"model": "simatic winac rtx f sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2010"
},
{
"model": "simatic winac rtx sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2010"
},
{
"model": "simatic step tia portal",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v14"
},
{
"model": "simatic step tia portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v13"
},
{
"model": "simatic step tia portal",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v13"
},
{
"model": "simatic step sp4 hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp3 hf10",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp2 hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp1 hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic pcs sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "77.1"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "77.1"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "77"
},
{
"model": "simatic net pc-software",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic net pc-software sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc-software hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc-software",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc-software sp2 hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic net pc-software",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic automation tool",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1.0.2"
},
{
"model": "simatic automation tool",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "security configuration tool",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "primary setup tool",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "micro/win",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic step tia portal sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "714"
},
{
"model": "simatic step tia portal sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "713"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pcs 7",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "primary setup tool",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "security configuration tool",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic automation tool",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic net pc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7 tia portal",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7 tia portal",
"version": "13.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7 tia portal",
"version": "14.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7 micro win smart",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic winac rtx 2010",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic winac rtx f 2010",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": "13.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": "14.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc flexible 2008",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinaut st7cc",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinema server",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinumerik 808d programming tool",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "smart pc access",
"version": "2.0"
}
],
"sources": [
{
"db": "IVD",
"id": "1b7b75ad-c1f6-4e73-be28-ff3e458e7677"
},
{
"db": "CNVD",
"id": "CNVD-2017-06152"
},
{
"db": "BID",
"id": "98366"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004136"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-632"
},
{
"db": "NVD",
"id": "CVE-2017-6865"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:primary_setup_tool",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:security_configuration_tool",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_automation_tool",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_net_pc-software",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_pcs_7",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_step_7",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_step_7_%28tia_portal%29",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_winac_rtx_2010",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_winac_rtx_f_2010",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_flexible_2008",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:sinaut_st7cc",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:sinema_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:sinumerik_808d_programming_tool",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:smart_pc_access",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_step_7_micro%2fwin_smart",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004136"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Duan JinTong, Ma ShaoShuai, and Cheng Lei from NSFOCUS Security Team.",
"sources": [
{
"db": "BID",
"id": "98366"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6865",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2017-6865",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CNVD-2017-06152",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "1b7b75ad-c1f6-4e73-be28-ff3e458e7677",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-115068",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2017-6865",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6865",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-6865",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-06152",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-632",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "1b7b75ad-c1f6-4e73-be28-ff3e458e7677",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-115068",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1b7b75ad-c1f6-4e73-be28-ff3e458e7677"
},
{
"db": "CNVD",
"id": "CNVD-2017-06152"
},
{
"db": "VULHUB",
"id": "VHN-115068"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004136"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-632"
},
{
"db": "NVD",
"id": "CVE-2017-6865"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in Primary Setup Tool (PST) (All versions \u003c V4.2 HF1), SIMATIC Automation Tool (All versions \u003c V3.0), SIMATIC NET PC-Software (All versions \u003c V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions \u003c V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions \u003c V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions \u003c V14 SP1), SIMATIC STEP 7 V5.X (All versions \u003c V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions \u003c V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions \u003c V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions \u003c V7.3 Update 15), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions \u003c flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC \u003c V7.3 Update 15), SINEMA Server (All versions \u003c V14), SINUMERIK 808D Programming Tool (All versions \u003c V4.7 SP4 HF2), SMART PC Access (All versions \u003c V2.3), STEP 7 - Micro/WIN SMART (All versions \u003c V2.3), Security Configuration Tool (SCT) (All versions \u003c V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover. SIMATIC WinCC (TIA Portal), SIMATIC STEP 7, SMART PC Access, SIMATIC Automation Tool, etc. are all industrial automation products from Siemens AG. A number of Siemens industrial products have a denial of service vulnerability. \nAttackers can exploit this issue to crash the affected device, denying service to legitimate users. Siemens SIMATIC WinCC, etc. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6865"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004136"
},
{
"db": "CNVD",
"id": "CNVD-2017-06152"
},
{
"db": "BID",
"id": "98366"
},
{
"db": "IVD",
"id": "1b7b75ad-c1f6-4e73-be28-ff3e458e7677"
},
{
"db": "VULHUB",
"id": "VHN-115068"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6865",
"trust": 3.6
},
{
"db": "BID",
"id": "98366",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-275839",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-129-01",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201703-632",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-06152",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004136",
"trust": 0.8
},
{
"db": "IVD",
"id": "1B7B75AD-C1F6-4E73-BE28-FF3E458E7677",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-115068",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1b7b75ad-c1f6-4e73-be28-ff3e458e7677"
},
{
"db": "CNVD",
"id": "CNVD-2017-06152"
},
{
"db": "VULHUB",
"id": "VHN-115068"
},
{
"db": "BID",
"id": "98366"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004136"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-632"
},
{
"db": "NVD",
"id": "CVE-2017-6865"
}
]
},
"id": "VAR-201705-3973",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1b7b75ad-c1f6-4e73-be28-ff3e458e7677"
},
{
"db": "CNVD",
"id": "CNVD-2017-06152"
},
{
"db": "VULHUB",
"id": "VHN-115068"
}
],
"trust": 1.6053430508000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "1b7b75ad-c1f6-4e73-be28-ff3e458e7677"
},
{
"db": "CNVD",
"id": "CNVD-2017-06152"
}
]
},
"last_update_date": "2025-04-20T23:37:55.656000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-275839",
"trust": 0.8,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-275839.pdf"
},
{
"title": "There are patches for denial of service vulnerabilities in many Siemens products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/93344"
},
{
"title": "Multiple Siemens Fixes for product input validation vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90621"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06152"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004136"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-632"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115068"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004136"
},
{
"db": "NVD",
"id": "CVE-2017-6865"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.securityfocus.com/bid/98366"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-275839.pdf"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-129-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6865"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6865"
},
{
"trust": 0.6,
"url": "http://www.siemens.com/cert/en/cert-security-advisories.htm"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06152"
},
{
"db": "VULHUB",
"id": "VHN-115068"
},
{
"db": "BID",
"id": "98366"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004136"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-632"
},
{
"db": "NVD",
"id": "CVE-2017-6865"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1b7b75ad-c1f6-4e73-be28-ff3e458e7677"
},
{
"db": "CNVD",
"id": "CNVD-2017-06152"
},
{
"db": "VULHUB",
"id": "VHN-115068"
},
{
"db": "BID",
"id": "98366"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004136"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-632"
},
{
"db": "NVD",
"id": "CVE-2017-6865"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-09T00:00:00",
"db": "IVD",
"id": "1b7b75ad-c1f6-4e73-be28-ff3e458e7677"
},
{
"date": "2017-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06152"
},
{
"date": "2017-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-115068"
},
{
"date": "2017-05-09T00:00:00",
"db": "BID",
"id": "98366"
},
{
"date": "2017-06-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004136"
},
{
"date": "2017-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-632"
},
{
"date": "2017-05-11T10:29:00.227000",
"db": "NVD",
"id": "CVE-2017-6865"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06152"
},
{
"date": "2019-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-115068"
},
{
"date": "2017-05-23T16:23:00",
"db": "BID",
"id": "98366"
},
{
"date": "2017-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004136"
},
{
"date": "2019-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-632"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6865"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-632"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens Service disruption in products (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004136"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "1b7b75ad-c1f6-4e73-be28-ff3e458e7677"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-632"
}
],
"trust": 0.8
}
}
VAR-201711-1076
Vulnerability from variot - Updated: 2025-04-20 23:27An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface. SIMATIC PCS 7 is a set of distributed process control systems using WinCC from Siemens AG, Germany. Siemens SIMATIC PCS 7 is prone to a denial-of-service vulnerability. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-1076",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.9,
"vendor": "siemens",
"version": "8.2"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.3,
"vendor": "siemens",
"version": "8.1"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "7.3"
},
{
"model": "simatic pcs 7",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic pcs sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7v8.1\u003cv8.1"
},
{
"model": "simatic pcs upd",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7v7.313"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7v8.2"
},
{
"model": "simatic wincc update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "7.313"
},
{
"model": "simatic pcs7 sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "8.1"
},
{
"model": "simatic pcs siemens simatic pcs upd 13siemens simatic pcs",
"scope": "eq",
"trust": 0.2,
"vendor": "siemens",
"version": "7v8.17v7.37v8.2"
}
],
"sources": [
{
"db": "IVD",
"id": "0fe3415c-af39-4c5b-a5d8-06ff8b01db12"
},
{
"db": "CNVD",
"id": "CNVD-2017-32563"
},
{
"db": "BID",
"id": "101680"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009948"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1252"
},
{
"db": "NVD",
"id": "CVE-2017-14023"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_pcs_7",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009948"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergey Temnikov and Vladimir Dashchenko of Kaspersky Labs.",
"sources": [
{
"db": "BID",
"id": "101680"
}
],
"trust": 0.3
},
"cve": "CVE-2017-14023",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2017-14023",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-32563",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "0fe3415c-af39-4c5b-a5d8-06ff8b01db12",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-104704",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2017-14023",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 4.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-14023",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-14023",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-14023",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-32563",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1252",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "0fe3415c-af39-4c5b-a5d8-06ff8b01db12",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-104704",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0fe3415c-af39-4c5b-a5d8-06ff8b01db12"
},
{
"db": "CNVD",
"id": "CNVD-2017-32563"
},
{
"db": "VULHUB",
"id": "VHN-104704"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009948"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1252"
},
{
"db": "NVD",
"id": "CVE-2017-14023"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface. SIMATIC PCS 7 is a set of distributed process control systems using WinCC from Siemens AG, Germany. Siemens SIMATIC PCS 7 is prone to a denial-of-service vulnerability. \nRemote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14023"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009948"
},
{
"db": "CNVD",
"id": "CNVD-2017-32563"
},
{
"db": "BID",
"id": "101680"
},
{
"db": "IVD",
"id": "0fe3415c-af39-4c5b-a5d8-06ff8b01db12"
},
{
"db": "VULHUB",
"id": "VHN-104704"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14023",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-306-01",
"trust": 3.4
},
{
"db": "BID",
"id": "101680",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1039729",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1252",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-32563",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009948",
"trust": 0.8
},
{
"db": "IVD",
"id": "0FE3415C-AF39-4C5B-A5D8-06FF8B01DB12",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-104704",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "0fe3415c-af39-4c5b-a5d8-06ff8b01db12"
},
{
"db": "CNVD",
"id": "CNVD-2017-32563"
},
{
"db": "VULHUB",
"id": "VHN-104704"
},
{
"db": "BID",
"id": "101680"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009948"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1252"
},
{
"db": "NVD",
"id": "CVE-2017-14023"
}
]
},
"id": "VAR-201711-1076",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0fe3415c-af39-4c5b-a5d8-06ff8b01db12"
},
{
"db": "CNVD",
"id": "CNVD-2017-32563"
},
{
"db": "VULHUB",
"id": "VHN-104704"
}
],
"trust": 1.5482599333333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0fe3415c-af39-4c5b-a5d8-06ff8b01db12"
},
{
"db": "CNVD",
"id": "CNVD-2017-32563"
}
]
},
"last_update_date": "2025-04-20T23:27:24.269000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-523365",
"trust": 0.8,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-523365.pdf"
},
{
"title": "Siemens SIMATIC PCS 7 patch for denial of service vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/105313"
},
{
"title": "Siemens SIMATIC PCS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100013"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32563"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009948"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1252"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-104704"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009948"
},
{
"db": "NVD",
"id": "CVE-2017-14023"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-306-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/101680"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1039729"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14023"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14023"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32563"
},
{
"db": "VULHUB",
"id": "VHN-104704"
},
{
"db": "BID",
"id": "101680"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009948"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1252"
},
{
"db": "NVD",
"id": "CVE-2017-14023"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0fe3415c-af39-4c5b-a5d8-06ff8b01db12"
},
{
"db": "CNVD",
"id": "CNVD-2017-32563"
},
{
"db": "VULHUB",
"id": "VHN-104704"
},
{
"db": "BID",
"id": "101680"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009948"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1252"
},
{
"db": "NVD",
"id": "CVE-2017-14023"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-03T00:00:00",
"db": "IVD",
"id": "0fe3415c-af39-4c5b-a5d8-06ff8b01db12"
},
{
"date": "2017-11-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-32563"
},
{
"date": "2017-11-06T00:00:00",
"db": "VULHUB",
"id": "VHN-104704"
},
{
"date": "2017-11-02T00:00:00",
"db": "BID",
"id": "101680"
},
{
"date": "2017-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009948"
},
{
"date": "2017-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1252"
},
{
"date": "2017-11-06T22:29:00.270000",
"db": "NVD",
"id": "CVE-2017-14023"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-32563"
},
{
"date": "2021-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-104704"
},
{
"date": "2017-12-19T22:00:00",
"db": "BID",
"id": "101680"
},
{
"date": "2017-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009948"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1252"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-14023"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1252"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC PCS 7 Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "0fe3415c-af39-4c5b-a5d8-06ff8b01db12"
},
{
"db": "CNVD",
"id": "CNVD-2017-32563"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "0fe3415c-af39-4c5b-a5d8-06ff8b01db12"
},
{
"db": "BID",
"id": "101680"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1252"
}
],
"trust": 1.1
}
}
VAR-201705-3974
Vulnerability from variot - Updated: 2025-04-20 23:27A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the "administrators" group to crash services by sending specially crafted messages to the DCOM interface. Siemens SIMATIC WinCC and SIMATIC WinCC Runtime Professional are industrial automation products from Siemens AG. SIMATIC WinCC is a monitoring and data acquisition (SCADA) system. SIMATIC WinCC Runtime Professional is the control and monitoring of the operator's visual runtime platform machines and equipment. Multiple SIMATIC WinCC Products are prone to a denial-of-service vulnerability. The following products are vulnerable: SIMATIC WinCC 7.3 versions prior to 7.3 Update 11 SIMATIC WinCC 7.4 versions prior to 7.4 SP1 SIMATIC WinCC Runtime Professional 13 versions prior to 13 SP2 SIMATIC WinCC Runtime Professional 14 versions prior to 14 SP1 SIMATIC WinCC (TIA Portal) Professional 13 versions prior to 13 SP2 SIMATIC WinCC (TIA Portal) Professional 14 versions prior to 14 SP1. Siemens SIMATIC WinCC, etc. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC. Security vulnerabilities exist in several Siemens products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3974",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.9,
"vendor": "siemens",
"version": "7.4"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.9,
"vendor": "siemens",
"version": "7.3"
},
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc runtime",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc runtime",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "14 sp1"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "7.3 update 11"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "7.4 sp1"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.3"
},
{
"model": "simatic wincc runtime professional",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "14 sp1"
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "13 sp2"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.4"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "13 sp2"
},
{
"model": "simatic wincc runtime professional",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc upd",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v7.311"
},
{
"model": "simatic wincc sp1",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v7.4"
},
{
"model": "simatic wincc runtime professional sp2",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v13"
},
{
"model": "simatic wincc runtime professional sp1",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v14"
},
{
"model": "simatic wincc professional sp2",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v13"
},
{
"model": "simatic wincc professional sp1",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v14"
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.32"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.310"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.31"
},
{
"model": "simatic wincc runtime professional sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc runtime professional sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc professional sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc professional sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "7.4"
},
{
"model": "simatic wincc update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "7.311"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc",
"version": "7.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc",
"version": "7.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": "13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": "14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc runtime",
"version": "13"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc runtime",
"version": "14"
}
],
"sources": [
{
"db": "IVD",
"id": "81c5d14f-8537-4b60-aa16-b99aec0c6e39"
},
{
"db": "CNVD",
"id": "CNVD-2017-06154"
},
{
"db": "BID",
"id": "98368"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004058"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-630"
},
{
"db": "NVD",
"id": "CVE-2017-6867"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_runtime_professional",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004058"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergey Temnikov and Vladimir Dashchenko of the Kaspersky Lab Critical Infrastructure Defense Team",
"sources": [
{
"db": "BID",
"id": "98368"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6867",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2017-6867",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-06154",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "81c5d14f-8537-4b60-aa16-b99aec0c6e39",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-115070",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2017-6867",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6867",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-6867",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-06154",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-630",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "81c5d14f-8537-4b60-aa16-b99aec0c6e39",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-115070",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "81c5d14f-8537-4b60-aa16-b99aec0c6e39"
},
{
"db": "CNVD",
"id": "CNVD-2017-06154"
},
{
"db": "VULHUB",
"id": "VHN-115070"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004058"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-630"
},
{
"db": "NVD",
"id": "CVE-2017-6867"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the \"administrators\" group to crash services by sending specially crafted messages to the DCOM interface. Siemens SIMATIC WinCC and SIMATIC WinCC Runtime Professional are industrial automation products from Siemens AG. SIMATIC WinCC is a monitoring and data acquisition (SCADA) system. SIMATIC WinCC Runtime Professional is the control and monitoring of the operator\u0027s visual runtime platform machines and equipment. Multiple SIMATIC WinCC Products are prone to a denial-of-service vulnerability. \nThe following products are vulnerable:\nSIMATIC WinCC 7.3 versions prior to 7.3 Update 11\nSIMATIC WinCC 7.4 versions prior to 7.4 SP1\nSIMATIC WinCC Runtime Professional 13 versions prior to 13 SP2\nSIMATIC WinCC Runtime Professional 14 versions prior to 14 SP1\nSIMATIC WinCC (TIA Portal) Professional 13 versions prior to 13 SP2\nSIMATIC WinCC (TIA Portal) Professional 14 versions prior to 14 SP1. Siemens SIMATIC WinCC, etc. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC. Security vulnerabilities exist in several Siemens products",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6867"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004058"
},
{
"db": "CNVD",
"id": "CNVD-2017-06154"
},
{
"db": "BID",
"id": "98368"
},
{
"db": "IVD",
"id": "81c5d14f-8537-4b60-aa16-b99aec0c6e39"
},
{
"db": "VULHUB",
"id": "VHN-115070"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6867",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-156872",
"trust": 2.3
},
{
"db": "BID",
"id": "98368",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-523365",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201703-630",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-06154",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-306-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004058",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-129-03",
"trust": 0.3
},
{
"db": "IVD",
"id": "81C5D14F-8537-4B60-AA16-B99AEC0C6E39",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-115070",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "81c5d14f-8537-4b60-aa16-b99aec0c6e39"
},
{
"db": "CNVD",
"id": "CNVD-2017-06154"
},
{
"db": "VULHUB",
"id": "VHN-115070"
},
{
"db": "BID",
"id": "98368"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004058"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-630"
},
{
"db": "NVD",
"id": "CVE-2017-6867"
}
]
},
"id": "VAR-201705-3974",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "81c5d14f-8537-4b60-aa16-b99aec0c6e39"
},
{
"db": "CNVD",
"id": "CNVD-2017-06154"
},
{
"db": "VULHUB",
"id": "VHN-115070"
}
],
"trust": 1.576931954
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "81c5d14f-8537-4b60-aa16-b99aec0c6e39"
},
{
"db": "CNVD",
"id": "CNVD-2017-06154"
}
]
},
"last_update_date": "2025-04-20T23:27:24.229000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-156872",
"trust": 0.8,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf"
},
{
"title": "Patch for Siemens SIMATIC WinCC and SIMATIC WinCC Runtime Professional Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/176383"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06154"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004058"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
},
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115070"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004058"
},
{
"db": "NVD",
"id": "CVE-2017-6867"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/98368"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6867"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-306-01"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6867"
},
{
"trust": 0.6,
"url": "http://www.siemens.com/cert/en/cert-security-advisories.htm"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-129-03"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06154"
},
{
"db": "VULHUB",
"id": "VHN-115070"
},
{
"db": "BID",
"id": "98368"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004058"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-630"
},
{
"db": "NVD",
"id": "CVE-2017-6867"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "81c5d14f-8537-4b60-aa16-b99aec0c6e39"
},
{
"db": "CNVD",
"id": "CNVD-2017-06154"
},
{
"db": "VULHUB",
"id": "VHN-115070"
},
{
"db": "BID",
"id": "98368"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004058"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-630"
},
{
"db": "NVD",
"id": "CVE-2017-6867"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-09T00:00:00",
"db": "IVD",
"id": "81c5d14f-8537-4b60-aa16-b99aec0c6e39"
},
{
"date": "2017-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06154"
},
{
"date": "2017-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-115070"
},
{
"date": "2017-05-09T00:00:00",
"db": "BID",
"id": "98368"
},
{
"date": "2017-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004058"
},
{
"date": "2017-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-630"
},
{
"date": "2017-05-11T10:29:00.260000",
"db": "NVD",
"id": "CVE-2017-6867"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06154"
},
{
"date": "2018-06-14T00:00:00",
"db": "VULHUB",
"id": "VHN-115070"
},
{
"date": "2017-05-23T16:23:00",
"db": "BID",
"id": "98368"
},
{
"date": "2018-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004058"
},
{
"date": "2017-05-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-630"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6867"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-630"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens SIMATIC Vulnerability that can crash services in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004058"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "81c5d14f-8537-4b60-aa16-b99aec0c6e39"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-630"
}
],
"trust": 0.8
}
}
VAR-201702-0669
Vulnerability from variot - Updated: 2025-04-20 23:22Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication. SIMATIC WinCC, SIMATIC PCS 7, SIMATIC PDM and SIMATIC IT are all industrial automation products from Siemens AG.
There is a certification bypass vulnerability in SIEMENS SIMATIC Logon. An attacker could exploit the vulnerability to bypass authentication mechanisms and perform unauthorized operations. This may aid in further attacks. Siemens SIMATIC WinCC, etc. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC. A security vulnerability exists in versions prior to SIMATIC Logon 1.5 SP3 Update 2 in several Siemens SIMATIC products. The following products and versions are affected: Siemens SIMATIC WinCC Version 7.x; SIMATIC WinCC Runtime Professional; SIMATIC PCS 7; SIMATIC PDM; SIMATIC IT
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0669",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic logon",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "simatic logon",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "1.5 sp3 update 2"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.x"
},
{
"model": "simatic wincc runtime professional",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7"
},
{
"model": "simatic pdm",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic it",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic logon",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.41"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.4"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.32"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.310"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.31"
},
{
"model": "simatic wincc upd4",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.3"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.3"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.29"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.28"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.21"
},
{
"model": "simatic wincc upd4",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic wincc upd11",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic wincc sp3 upd",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.08"
},
{
"model": "simatic wincc sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc sp2 upd",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.012"
},
{
"model": "simatic wincc sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc sp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.03"
},
{
"model": "simatic wincc sp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.02"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic pdm",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "78.2"
},
{
"model": "simatic pcs sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "78.1"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "78.1"
},
{
"model": "simatic pcs sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "78.0"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "78.0"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "78"
},
{
"model": "simatic pcs sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "77.1"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "77.1"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "77"
},
{
"model": "simatic logon",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic it",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic logon sp3 update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "1.52"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic logon",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "9bc72032-e004-41ac-bce6-0e6ff85b8945"
},
{
"db": "CNVD",
"id": "CNVD-2017-01343"
},
{
"db": "BID",
"id": "96208"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002227"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-612"
},
{
"db": "NVD",
"id": "CVE-2017-2684"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_logon",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002227"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported the issue.",
"sources": [
{
"db": "BID",
"id": "96208"
}
],
"trust": 0.3
},
"cve": "CVE-2017-2684",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-2684",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-01343",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "9bc72032-e004-41ac-bce6-0e6ff85b8945",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-110887",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2017-2684",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-2684",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-2684",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-01343",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-612",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "9bc72032-e004-41ac-bce6-0e6ff85b8945",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-110887",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9bc72032-e004-41ac-bce6-0e6ff85b8945"
},
{
"db": "CNVD",
"id": "CNVD-2017-01343"
},
{
"db": "VULHUB",
"id": "VHN-110887"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002227"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-612"
},
{
"db": "NVD",
"id": "CVE-2017-2684"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication. SIMATIC WinCC, SIMATIC PCS 7, SIMATIC PDM and SIMATIC IT are all industrial automation products from Siemens AG. \n\nThere is a certification bypass vulnerability in SIEMENS SIMATIC Logon. An attacker could exploit the vulnerability to bypass authentication mechanisms and perform unauthorized operations. This may aid in further attacks. Siemens SIMATIC WinCC, etc. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC. A security vulnerability exists in versions prior to SIMATIC Logon 1.5 SP3 Update 2 in several Siemens SIMATIC products. The following products and versions are affected: Siemens SIMATIC WinCC Version 7.x; SIMATIC WinCC Runtime Professional; SIMATIC PCS 7; SIMATIC PDM; SIMATIC IT",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2684"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002227"
},
{
"db": "CNVD",
"id": "CNVD-2017-01343"
},
{
"db": "BID",
"id": "96208"
},
{
"db": "IVD",
"id": "9bc72032-e004-41ac-bce6-0e6ff85b8945"
},
{
"db": "VULHUB",
"id": "VHN-110887"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2684",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-931064",
"trust": 2.3
},
{
"db": "BID",
"id": "96208",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-17-045-03",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201702-612",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-01343",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002227",
"trust": 0.8
},
{
"db": "IVD",
"id": "9BC72032-E004-41AC-BCE6-0E6FF85B8945",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-110887",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "9bc72032-e004-41ac-bce6-0e6ff85b8945"
},
{
"db": "CNVD",
"id": "CNVD-2017-01343"
},
{
"db": "VULHUB",
"id": "VHN-110887"
},
{
"db": "BID",
"id": "96208"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002227"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-612"
},
{
"db": "NVD",
"id": "CVE-2017-2684"
}
]
},
"id": "VAR-201702-0669",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9bc72032-e004-41ac-bce6-0e6ff85b8945"
},
{
"db": "CNVD",
"id": "CNVD-2017-01343"
},
{
"db": "VULHUB",
"id": "VHN-110887"
}
],
"trust": 1.555180057
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "9bc72032-e004-41ac-bce6-0e6ff85b8945"
},
{
"db": "CNVD",
"id": "CNVD-2017-01343"
}
]
},
"last_update_date": "2025-04-20T23:22:30.503000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-931064",
"trust": 0.8,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-931064.pdf"
},
{
"title": "Patch for SIEMENS SIMATIC Logon Certification Bypass Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/176385"
},
{
"title": "Multiple Siemens SIMATIC Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68203"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01343"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002227"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-612"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-592",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110887"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002227"
},
{
"db": "NVD",
"id": "CVE-2017-2684"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-931064.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/96208"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-045-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2684"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2684"
},
{
"trust": 0.6,
"url": "http://www.siemens.com/cert/en/cert-security-advisories.htm"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01343"
},
{
"db": "VULHUB",
"id": "VHN-110887"
},
{
"db": "BID",
"id": "96208"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002227"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-612"
},
{
"db": "NVD",
"id": "CVE-2017-2684"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9bc72032-e004-41ac-bce6-0e6ff85b8945"
},
{
"db": "CNVD",
"id": "CNVD-2017-01343"
},
{
"db": "VULHUB",
"id": "VHN-110887"
},
{
"db": "BID",
"id": "96208"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002227"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-612"
},
{
"db": "NVD",
"id": "CVE-2017-2684"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-14T00:00:00",
"db": "IVD",
"id": "9bc72032-e004-41ac-bce6-0e6ff85b8945"
},
{
"date": "2017-02-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01343"
},
{
"date": "2017-02-22T00:00:00",
"db": "VULHUB",
"id": "VHN-110887"
},
{
"date": "2017-02-14T00:00:00",
"db": "BID",
"id": "96208"
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002227"
},
{
"date": "2017-02-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-612"
},
{
"date": "2017-02-22T02:59:00.153000",
"db": "NVD",
"id": "CVE-2017-2684"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01343"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-110887"
},
{
"date": "2017-03-07T04:02:00",
"db": "BID",
"id": "96208"
},
{
"date": "2017-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002227"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-612"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-2684"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-612"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC Logon Vulnerabilities that bypass application-level authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002227"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-612"
}
],
"trust": 0.6
}
}
VAR-201708-0476
Vulnerability from variot - Updated: 2025-04-20 23:19An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions < V7.4 SP1), SIMATIC WinCC Runtime Professional (All versions < V14 SP1), SIMATIC NET PC Software, and SIMATIC IT Production Suite. By sending specially crafted packets to the OPC Discovery Server at port 4840/tcp, an attacker might cause the system to access various resources chosen by the attacker. Siemens industrial products are based on the OPC UAP protocol based on OPC to discover and configure LAN device information.
The Siemens OPC UA protocol has an XML external entity vulnerability. Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions. Siemens SIMATIC PCS and so on are all products of German Siemens (Siemens). Siemens SIMATIC PCS is a process control system. SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0476",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "local discovery server",
"scope": "lte",
"trust": 1.0,
"vendor": "ocpfoundation",
"version": "1.01.333.0"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.4"
},
{
"model": "ua .net",
"scope": "lte",
"trust": 1.0,
"vendor": "ocpfoundation",
"version": "2017-03-21"
},
{
"model": "simatic pcs7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.1"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "78.0"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "78.1"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "7.3"
},
{
"model": "local discovery server",
"scope": "lt",
"trust": 0.8,
"vendor": "opc",
"version": "1.03.367"
},
{
"model": "ua .net",
"scope": "eq",
"trust": 0.8,
"vendor": "opc",
"version": "2017-03-21"
},
{
"model": "simatic it production suite",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic net pc software",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic pcs 7",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime professional",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic it production suite all",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic net pc-software",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7\u003c=7.1"
},
{
"model": "simatic wincc sp1",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v7.4"
},
{
"model": "simatic wincc runtime professional",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v13"
},
{
"model": "simatic wincc runtime professional sp1",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v14"
},
{
"model": "local discovery server",
"scope": "eq",
"trust": 0.6,
"vendor": "ocpfoundation",
"version": "1.01.333.0"
},
{
"model": "ua .net",
"scope": "eq",
"trust": 0.6,
"vendor": "ocpfoundation",
"version": "2017-03-21"
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.4"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "77.1"
},
{
"model": "simatic net pc-software",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic net pc-software sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc-software hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc-software",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc-software sp2 hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic net pc-software",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic it production suite",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "plant connectivity",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "15.0"
},
{
"model": "simatic wincc runtime professional sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "7.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "local discovery server",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ua net",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"db": "BID",
"id": "100559"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1273"
},
{
"db": "NVD",
"id": "CVE-2017-12069"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:opcfoundation:local_discovery_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:opcfoundation:ua_.net",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_it_production_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_net_pc-software",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_pcs_7",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_runtime_professional",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008019"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergey Temnikov of Kaspersky Lab.",
"sources": [
{
"db": "BID",
"id": "100559"
}
],
"trust": 0.3
},
"cve": "CVE-2017-12069",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-12069",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-24363",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb",
"impactScore": 7.8,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-102554",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2017-12069",
"impactScore": 4.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-12069",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-12069",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-24363",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1273",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-102554",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-12069",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"db": "VULHUB",
"id": "VHN-102554"
},
{
"db": "VULMON",
"id": "CVE-2017-12069"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1273"
},
{
"db": "NVD",
"id": "CVE-2017-12069"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions \u003c V7.4 SP1), SIMATIC WinCC Runtime Professional (All versions \u003c V14 SP1), SIMATIC NET PC Software, and SIMATIC IT Production Suite. By sending specially crafted packets to the OPC Discovery Server at port 4840/tcp, an attacker might cause the system to access various resources chosen by the attacker. Siemens industrial products are based on the OPC UAP protocol based on OPC to discover and configure LAN device information. \n\nThe Siemens OPC UA protocol has an XML external entity vulnerability. \nAttackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions. Siemens SIMATIC PCS and so on are all products of German Siemens (Siemens). Siemens SIMATIC PCS is a process control system. SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12069"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"db": "BID",
"id": "100559"
},
{
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"db": "VULHUB",
"id": "VHN-102554"
},
{
"db": "VULMON",
"id": "CVE-2017-12069"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12069",
"trust": 3.7
},
{
"db": "SIEMENS",
"id": "SSA-535640",
"trust": 1.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-243-01",
"trust": 1.6
},
{
"db": "BID",
"id": "100559",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1039510",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1273",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-24363",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-243-01B",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019",
"trust": 0.8
},
{
"db": "IVD",
"id": "E3C681F4-90BE-4763-9EA0-9BF8B55433BB",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-102554",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-12069",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"db": "VULHUB",
"id": "VHN-102554"
},
{
"db": "VULMON",
"id": "CVE-2017-12069"
},
{
"db": "BID",
"id": "100559"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1273"
},
{
"db": "NVD",
"id": "CVE-2017-12069"
}
]
},
"id": "VAR-201708-0476",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"db": "VULHUB",
"id": "VHN-102554"
}
],
"trust": 1.5183507387500002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"db": "CNVD",
"id": "CNVD-2017-24363"
}
]
},
"last_update_date": "2025-04-20T23:19:53.017000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Update for the OPC UA .NET Sample Code",
"trust": 0.8,
"url": "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-12069.pdf"
},
{
"title": "SSA-535640",
"trust": 0.8,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-535640.pdf"
},
{
"title": "Patch for Siemens OPC UA Protocol XML External Entity Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/176381"
},
{
"title": "Multiple Siemens product OPC Foundation UA .NET Sample Code and Local Discovery Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74833"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=0561e5e7e515f186e8a5589cf02f38a8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"db": "VULMON",
"id": "CVE-2017-12069"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1273"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-611",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102554"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"db": "NVD",
"id": "CVE-2017-12069"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-535640.pdf"
},
{
"trust": 1.5,
"url": "https://opcfoundation-onlineapplications.org/faq/securitybulletins/opc_foundation_security_bulletin_cve-2017-12069.pdf"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/100559"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1039510"
},
{
"trust": 0.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-243-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12069"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-243-01b"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12069"
},
{
"trust": 0.6,
"url": "https://support.industry.siemens.com/cs/ww/en/view/109746038"
},
{
"trust": 0.6,
"url": "https://support.industry.siemens.com/cs/ww/en/view/109746276"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-17-243-01-0"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.3,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=500633095"
},
{
"trust": 0.3,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=499356993"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/611.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=55504"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-17-243-01-0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"db": "VULHUB",
"id": "VHN-102554"
},
{
"db": "VULMON",
"id": "CVE-2017-12069"
},
{
"db": "BID",
"id": "100559"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1273"
},
{
"db": "NVD",
"id": "CVE-2017-12069"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"db": "VULHUB",
"id": "VHN-102554"
},
{
"db": "VULMON",
"id": "CVE-2017-12069"
},
{
"db": "BID",
"id": "100559"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1273"
},
{
"db": "NVD",
"id": "CVE-2017-12069"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-02T00:00:00",
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"date": "2017-09-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"date": "2017-08-30T00:00:00",
"db": "VULHUB",
"id": "VHN-102554"
},
{
"date": "2017-08-30T00:00:00",
"db": "VULMON",
"id": "CVE-2017-12069"
},
{
"date": "2017-08-31T00:00:00",
"db": "BID",
"id": "100559"
},
{
"date": "2017-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"date": "2017-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1273"
},
{
"date": "2017-08-30T19:29:00.210000",
"db": "NVD",
"id": "CVE-2017-12069"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-24363"
},
{
"date": "2017-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-102554"
},
{
"date": "2017-10-06T00:00:00",
"db": "VULMON",
"id": "CVE-2017-12069"
},
{
"date": "2018-10-12T04:00:00",
"db": "BID",
"id": "100559"
},
{
"date": "2017-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008019"
},
{
"date": "2020-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1273"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-12069"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1273"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens OPC UA protocol XML External entity vulnerability",
"sources": [
{
"db": "IVD",
"id": "e3c681f4-90be-4763-9ea0-9bf8b55433bb"
},
{
"db": "CNVD",
"id": "CNVD-2017-24363"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1273"
}
],
"trust": 0.6
}
}
VAR-201611-0180
Vulnerability from variot - Updated: 2025-04-13 23:31A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 V5.X (All versions < V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced (All versions < V14), SIMATIC WinCC (TIA Portal) Professional V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) Professional V14 (All versions < V14 SP1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1), SIMATIC WinCC V7.0 SP2 and earlier versions (All versions < V7.0 SP2 Upd 12), SIMATIC WinCC V7.0 SP3 (All versions < V7.0 SP3 Upd 8), SIMATIC WinCC V7.2 (All versions < V7.2 Upd 14), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 11), SIMATIC WinCC V7.4 (All versions < V7.4 SP1), SIMIT V9.0 (All versions < V9.0 SP1), SINEMA Remote Connect Client (All versions < V1.0 SP3), SINEMA Server (All versions < V13 SP2), SOFTNET Security Client V5.0 (All versions), Security Configuration Tool (SCT) (All versions < V4.3 HF1), TeleControl Server Basic (All versions < V3.0 SP2), WinAC RTX 2010 SP2 (All versions), WinAC RTX F 2010 SP2 (All versions). Unquoted service paths could allow local Microsoft Windows operating system users to escalate their privileges if the affected products are not installed under their default path ("C:\Program Files*" or the localized equivalent). plural Siemens The product has an installation %PROGRAMFILES% If not using a directory, it is not enclosed in quotes Windows There are vulnerabilities whose privileges are obtained by the search path. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) ,and CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. https://cwe.mitre.org/data/definitions/254.html https://cwe.mitre.org/data/definitions/284.htmlA local user may be able to gain privileges through the Trojan executable. Founded in 1847, Siemens AG of Germany focuses on the fields of electrification, automation and digitization. Siemens is a leader in offshore wind turbine construction, gas turbine and steam turbine power generation, transmission solutions, infrastructure solutions, industrial automation, drive and software solutions, and medical imaging equipment and laboratory diagnostics. There are privilege escalation vulnerabilities in many Siemens products. Siemens SIMATIC WinCC, etc. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201611-0180",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simit",
"scope": "eq",
"trust": 3.3,
"vendor": "siemens",
"version": "9.0"
},
{
"model": "softnet security client",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "simatic wincc runtime",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinema remote connect",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.3,
"vendor": "siemens",
"version": "7.4"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.3,
"vendor": "siemens",
"version": "7.3"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.3,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.2"
},
{
"model": "security configuration tool",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.1"
},
{
"model": "primary setup tool",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "telecontrol basic",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "simatic pcs 7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic winac rtx f 2010",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "sinema server",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "13.0"
},
{
"model": "simatic it production suite",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "softnet security client",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "simatic net pc software",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "simatic step 7 \\",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "simatic winac rtx 2010",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc \\",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic step 7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "5.5"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "78.0"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "78.1"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "78.2"
},
{
"model": "security configuration tool",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic winac rtx f 2010",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "sp2"
},
{
"model": "simatic it production suite",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3"
},
{
"model": "simatic winac rtx 2010",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "sp2"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "professional"
},
{
"model": "simatic pcs 7",
"scope": "lte",
"trust": 0.8,
"vendor": "siemens",
"version": "8.2 until"
},
{
"model": "simatic wincc runtime professional",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "7.2 to 7.4"
},
{
"model": "sinema remote connect client",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3 upd 8"
},
{
"model": "simatic step 7",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "5.x"
},
{
"model": "primary setup tool",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic wincc tia portal",
"version": "*"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "75.x"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.3x"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.4x"
},
{
"model": "sinema server",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.2x"
},
{
"model": "simatic wincc sp2 sp2 upd",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.0\u003c7.012"
},
{
"model": "simatic wincc sp3 sp3 upd",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.0\u003c7.08"
},
{
"model": "simatic net pc-software",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc runtime professional all",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7\u003c14"
},
{
"model": "simatic wincc basic",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc comfort",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc advanced",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc professional all",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinema remote connect client all",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic winac rtx sp2 all",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2010"
},
{
"model": "simatic winac rtx f sp2 all",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2010"
},
{
"model": "simatic it production suite all",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "telecontrol server basic sp2",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "softnet security client all",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v5.0"
},
{
"model": "security configuration tool all",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "primary setup tool all",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "telecontrol basic",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "13.0"
},
{
"model": "telecontrol server basic",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "sinema server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v12"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v12"
},
{
"model": "sinema server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12.0"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12.0-"
},
{
"model": "sinema remote connect client",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc comfort",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc basic",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.41"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.32"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.310"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.31"
},
{
"model": "simatic wincc upd4",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.3"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.29"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.28"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.21"
},
{
"model": "simatic wincc upd4",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic wincc upd11",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic wincc sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic winac rtx f sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2010"
},
{
"model": "simatic winac rtx sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2010"
},
{
"model": "simatic step tia portal sp1 upd1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v13"
},
{
"model": "simatic step tia portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v13"
},
{
"model": "simatic step tia portal",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v13"
},
{
"model": "simatic step tia portal",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v12"
},
{
"model": "simatic step sp4 hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp3 hf10",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp2 hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp1 hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic pcs sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "78.1"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "78"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "77.1"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "77"
},
{
"model": "simatic net pc-software sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc-software hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc-software",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc-software sp2 hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic net pc-software",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic it production suite",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "security configuration tool",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "primary setup tool",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "telecontrol server basic sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "sinema server sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc comfort",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc basic",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc advanced",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc sp3 upd",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "7.08"
},
{
"model": "simatic wincc sp2 upd",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "7.012"
},
{
"model": "simatic step tia portal",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "7v14"
},
{
"model": "simatic net pc-software",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "primary setup tool",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "security configuration tool",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic it production suite",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic net pc",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "8.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs 7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7 tia portal",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic winac rtx 2010",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic winac rtx f 2010",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc",
"version": "7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc",
"version": "7.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc",
"version": "7.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc runtime",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simit",
"version": "9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinema remote connect",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinema server",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "softnet security client",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "telecontrol basic",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"db": "BID",
"id": "94158"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301"
},
{
"db": "NVD",
"id": "CVE-2016-7165"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:primary_setup_tool",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:security_configuration_tool",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_it_production_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_net_pc-software",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_pcs_7",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_step_7",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_step_7_%28tia_portal%29",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_winac_rtx_2010",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_winac_rtx_f_2010",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_runtime_professional",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simit",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:sinema_remote_connect",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:sinema_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:softnet_security_client",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:telecontrol_basic",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WATERSURE and KIANDRA IT",
"sources": [
{
"db": "BID",
"id": "94158"
}
],
"trust": 0.3
},
"cve": "CVE-2016-7165",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2016-7165",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.2,
"id": "CNVD-2016-10732",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:M/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "MULTIPLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.2,
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:M/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-95985",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"id": "CVE-2016-7165",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-7165",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-7165",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-10732",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-301",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-95985",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"db": "VULHUB",
"id": "VHN-95985"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301"
},
{
"db": "NVD",
"id": "CVE-2016-7165"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in Primary Setup Tool (PST) (All versions \u003c V4.2 HF1), SIMATIC IT Production Suite (All versions \u003c V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions \u003c V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions \u003c V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions \u003c V13 SP2), SIMATIC STEP 7 V5.X (All versions \u003c V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced (All versions \u003c V14), SIMATIC WinCC (TIA Portal) Professional V13 (All versions \u003c V13 SP2), SIMATIC WinCC (TIA Portal) Professional V14 (All versions \u003c V14 SP1), SIMATIC WinCC Runtime Professional V13 (All versions \u003c V13 SP2), SIMATIC WinCC Runtime Professional V14 (All versions \u003c V14 SP1), SIMATIC WinCC V7.0 SP2 and earlier versions (All versions \u003c V7.0 SP2 Upd 12), SIMATIC WinCC V7.0 SP3 (All versions \u003c V7.0 SP3 Upd 8), SIMATIC WinCC V7.2 (All versions \u003c V7.2 Upd 14), SIMATIC WinCC V7.3 (All versions \u003c V7.3 Upd 11), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1), SIMIT V9.0 (All versions \u003c V9.0 SP1), SINEMA Remote Connect Client (All versions \u003c V1.0 SP3), SINEMA Server (All versions \u003c V13 SP2), SOFTNET Security Client V5.0 (All versions), Security Configuration Tool (SCT) (All versions \u003c V4.3 HF1), TeleControl Server Basic (All versions \u003c V3.0 SP2), WinAC RTX 2010 SP2 (All versions), WinAC RTX F 2010 SP2 (All versions). Unquoted service paths could allow local Microsoft Windows operating system users to escalate their privileges if the affected products are not installed under their default path (\"C:\\Program Files\\*\" or the localized equivalent). plural Siemens The product has an installation %PROGRAMFILES% If not using a directory, it is not enclosed in quotes Windows There are vulnerabilities whose privileges are obtained by the search path. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) ,and CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. https://cwe.mitre.org/data/definitions/254.html https://cwe.mitre.org/data/definitions/284.htmlA local user may be able to gain privileges through the Trojan executable. Founded in 1847, Siemens AG of Germany focuses on the fields of electrification, automation and digitization. Siemens is a leader in offshore wind turbine construction, gas turbine and steam turbine power generation, transmission solutions, infrastructure solutions, industrial automation, drive and software solutions, and medical imaging equipment and laboratory diagnostics. There are privilege escalation vulnerabilities in many Siemens products. Siemens SIMATIC WinCC, etc. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7165"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"db": "BID",
"id": "94158"
},
{
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"db": "VULHUB",
"id": "VHN-95985"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7165",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-313-02",
"trust": 2.8
},
{
"db": "SIEMENS",
"id": "SSA-701708",
"trust": 1.7
},
{
"db": "BID",
"id": "94158",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-10732",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899",
"trust": 0.8
},
{
"db": "IVD",
"id": "B4D8EF0B-EEF6-4E09-9B80-86C9B1224D88",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-95985",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"db": "VULHUB",
"id": "VHN-95985"
},
{
"db": "BID",
"id": "94158"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301"
},
{
"db": "NVD",
"id": "CVE-2016-7165"
}
]
},
"id": "VAR-201611-0180",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"db": "VULHUB",
"id": "VHN-95985"
}
],
"trust": 1.6015931965384613
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"db": "CNVD",
"id": "CNVD-2016-10732"
}
]
},
"last_update_date": "2025-04-13T23:31:24.311000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-701708",
"trust": 0.8,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708.pdf"
},
{
"title": "Patch for a number of Siemens products with privilege escalation vulnerability (CNVD-2016-10732)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/83616"
},
{
"title": "Multiple Siemens Product non-reference Windows Search path vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65670"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95985"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"db": "NVD",
"id": "CVE-2016-7165"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-313-02"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/94158"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-701708.pdf"
},
{
"trust": 1.1,
"url": "http://securityaffairs.co/wordpress/53266/security/cve-2016-7165-siemens.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7165"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7165"
},
{
"trust": 0.6,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708.pdf"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-16-313-02"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"db": "VULHUB",
"id": "VHN-95985"
},
{
"db": "BID",
"id": "94158"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301"
},
{
"db": "NVD",
"id": "CVE-2016-7165"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"db": "VULHUB",
"id": "VHN-95985"
},
{
"db": "BID",
"id": "94158"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301"
},
{
"db": "NVD",
"id": "CVE-2016-7165"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-08T00:00:00",
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"date": "2016-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"date": "2016-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-95985"
},
{
"date": "2016-11-08T00:00:00",
"db": "BID",
"id": "94158"
},
{
"date": "2016-11-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"date": "2016-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-301"
},
{
"date": "2016-11-15T19:30:02.797000",
"db": "NVD",
"id": "CVE-2016-7165"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"date": "2018-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-95985"
},
{
"date": "2016-11-24T01:08:00",
"db": "BID",
"id": "94158"
},
{
"date": "2016-12-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"date": "2019-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-301"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-7165"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "94158"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens Vulnerability gained in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301"
}
],
"trust": 0.8
}
}
VAR-201612-0420
Vulnerability from variot - Updated: 2025-04-13 23:25A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions. Siemens SIMATIC WinCC and SIMATIC PCS 7 are industrial automation products from Siemens AG, Germany. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC. A security bypass vulnerability exists in versions prior to SIMATIC WinCC 7.2 and in versions prior to SIMATIC PCS 7 8.0 SP1. An attacker could exploit this vulnerability to execute ActiveX components. Attackers can exploit this issue to obtain sensitive information or cause denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201612-0420",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic pcs 7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic pcs 7",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "8.0 sp1"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "wincc",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic pcs sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7\u003c8.0"
},
{
"model": "simatic pcs 7",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic wincc sp3 upd",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.08"
},
{
"model": "simatic wincc sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc sp2 upd",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.012"
},
{
"model": "simatic wincc sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc sp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.03"
},
{
"model": "simatic wincc sp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.02"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "78.0"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "78"
},
{
"model": "simatic pcs sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "77.1"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "77.1"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "77"
},
{
"model": "simatic wincc",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic pcs sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "78.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs 7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "f04157cb-edf5-490c-9e17-39c08ea58fa8"
},
{
"db": "CNVD",
"id": "CNVD-2016-12696"
},
{
"db": "BID",
"id": "94825"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006500"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-334"
},
{
"db": "NVD",
"id": "CVE-2016-9160"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_pcs_7",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006500"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mingzheng Li from Acorn Network Security Lab",
"sources": [
{
"db": "BID",
"id": "94825"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-334"
}
],
"trust": 0.9
},
"cve": "CVE-2016-9160",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-9160",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-12696",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "f04157cb-edf5-490c-9e17-39c08ea58fa8",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-97980",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-9160",
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-9160",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-9160",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-12696",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-334",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "f04157cb-edf5-490c-9e17-39c08ea58fa8",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97980",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f04157cb-edf5-490c-9e17-39c08ea58fa8"
},
{
"db": "CNVD",
"id": "CNVD-2016-12696"
},
{
"db": "VULHUB",
"id": "VHN-97980"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006500"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-334"
},
{
"db": "NVD",
"id": "CVE-2016-9160"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in SIEMENS SIMATIC WinCC (All versions \u003c SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions \u003c SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions. Siemens SIMATIC WinCC and SIMATIC PCS 7 are industrial automation products from Siemens AG, Germany. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC. A security bypass vulnerability exists in versions prior to SIMATIC WinCC 7.2 and in versions prior to SIMATIC PCS 7 8.0 SP1. An attacker could exploit this vulnerability to execute ActiveX components. \nAttackers can exploit this issue to obtain sensitive information or cause denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9160"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006500"
},
{
"db": "CNVD",
"id": "CNVD-2016-12696"
},
{
"db": "BID",
"id": "94825"
},
{
"db": "IVD",
"id": "f04157cb-edf5-490c-9e17-39c08ea58fa8"
},
{
"db": "VULHUB",
"id": "VHN-97980"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9160",
"trust": 3.6
},
{
"db": "BID",
"id": "94825",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-348-04",
"trust": 2.2
},
{
"db": "SIEMENS",
"id": "SSA-693129",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1037435",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201612-334",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-12696",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006500",
"trust": 0.8
},
{
"db": "IVD",
"id": "F04157CB-EDF5-490C-9E17-39C08EA58FA8",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-97980",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "f04157cb-edf5-490c-9e17-39c08ea58fa8"
},
{
"db": "CNVD",
"id": "CNVD-2016-12696"
},
{
"db": "VULHUB",
"id": "VHN-97980"
},
{
"db": "BID",
"id": "94825"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006500"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-334"
},
{
"db": "NVD",
"id": "CVE-2016-9160"
}
]
},
"id": "VAR-201612-0420",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f04157cb-edf5-490c-9e17-39c08ea58fa8"
},
{
"db": "CNVD",
"id": "CNVD-2016-12696"
},
{
"db": "VULHUB",
"id": "VHN-97980"
}
],
"trust": 1.5269656166666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "f04157cb-edf5-490c-9e17-39c08ea58fa8"
},
{
"db": "CNVD",
"id": "CNVD-2016-12696"
}
]
},
"last_update_date": "2025-04-13T23:25:03.644000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-693129",
"trust": 0.8,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-693129.pdf"
},
{
"title": "Patch for security bypass bugs in SIMATIC WinCC and SIMATIC PCS 7 ActiveX controls",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/86164"
},
{
"title": "SIMATIC WinCC and SIMATIC PCS 7 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66299"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12696"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006500"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-334"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.9
},
{
"problemtype": "CWE-111",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97980"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006500"
},
{
"db": "NVD",
"id": "CVE-2016-9160"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/94825"
},
{
"trust": 2.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-348-04"
},
{
"trust": 2.0,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-693129.pdf"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037435"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9160"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9160"
},
{
"trust": 0.3,
"url": "http://support.microsoft.com/kb/240797"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12696"
},
{
"db": "VULHUB",
"id": "VHN-97980"
},
{
"db": "BID",
"id": "94825"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006500"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-334"
},
{
"db": "NVD",
"id": "CVE-2016-9160"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f04157cb-edf5-490c-9e17-39c08ea58fa8"
},
{
"db": "CNVD",
"id": "CNVD-2016-12696"
},
{
"db": "VULHUB",
"id": "VHN-97980"
},
{
"db": "BID",
"id": "94825"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006500"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-334"
},
{
"db": "NVD",
"id": "CVE-2016-9160"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-21T00:00:00",
"db": "IVD",
"id": "f04157cb-edf5-490c-9e17-39c08ea58fa8"
},
{
"date": "2016-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12696"
},
{
"date": "2016-12-17T00:00:00",
"db": "VULHUB",
"id": "VHN-97980"
},
{
"date": "2016-12-09T00:00:00",
"db": "BID",
"id": "94825"
},
{
"date": "2017-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006500"
},
{
"date": "2016-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-334"
},
{
"date": "2016-12-17T03:59:00.263000",
"db": "NVD",
"id": "CVE-2016-9160"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12696"
},
{
"date": "2017-07-27T00:00:00",
"db": "VULHUB",
"id": "VHN-97980"
},
{
"date": "2016-12-20T01:09:00",
"db": "BID",
"id": "94825"
},
{
"date": "2017-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006500"
},
{
"date": "2016-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-334"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-9160"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-334"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SIEMENS SIMATIC WinCC and SIEMENS SIMATIC PCS 7 In ActiveX Vulnerability that can crash components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006500"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-334"
}
],
"trust": 0.6
}
}
VAR-201607-0466
Vulnerability from variot - Updated: 2025-04-13 23:17Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC station files via crafted packets. The SIMATIC WinCC (Windows Control Center) window control center is Siemens' process monitoring system, providing complete monitoring and data acquisition (SCADA) functions for the industrial sector. The SIMATIC WinCC presence file contains a vulnerability. Successful exploits may allow an attacker to read arbitrary files in the context of the user running the affected application. This may aid in further attacks. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). A security vulnerability exists in Siemens SIMATIC WinCC versions 7.0 to SP3 and 7.2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0466",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic wincc",
"scope": "eq",
"trust": 3.3,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 2.5,
"vendor": "siemens",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "simatic wincc",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3 for up to 7.0"
},
{
"model": "simatic wincc update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "7.41"
},
{
"model": "simatic wincc update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "7.310"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc",
"version": "7.2"
}
],
"sources": [
{
"db": "IVD",
"id": "c953b84a-1100-47f7-a149-3e8bdff937c4"
},
{
"db": "CNVD",
"id": "CNVD-2016-05345"
},
{
"db": "BID",
"id": "92116"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004096"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-905"
},
{
"db": "NVD",
"id": "CVE-2016-5744"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004096"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergey Temnikov and Vladimir Dashchenko, Critical Infrastructure Defence\nTeam, Kaspersky Lab.",
"sources": [
{
"db": "BID",
"id": "92116"
}
],
"trust": 0.3
},
"cve": "CVE-2016-5744",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5744",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-05345",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "c953b84a-1100-47f7-a149-3e8bdff937c4",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-94563",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5744",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5744",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-5744",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-05345",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-905",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c953b84a-1100-47f7-a149-3e8bdff937c4",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-94563",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c953b84a-1100-47f7-a149-3e8bdff937c4"
},
{
"db": "CNVD",
"id": "CNVD-2016-05345"
},
{
"db": "VULHUB",
"id": "VHN-94563"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004096"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-905"
},
{
"db": "NVD",
"id": "CVE-2016-5744"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC station files via crafted packets. The SIMATIC WinCC (Windows Control Center) window control center is Siemens\u0027 process monitoring system, providing complete monitoring and data acquisition (SCADA) functions for the industrial sector. The SIMATIC WinCC presence file contains a vulnerability. \nSuccessful exploits may allow an attacker to read arbitrary files in the context of the user running the affected application. This may aid in further attacks. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). A security vulnerability exists in Siemens SIMATIC WinCC versions 7.0 to SP3 and 7.2",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5744"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004096"
},
{
"db": "CNVD",
"id": "CNVD-2016-05345"
},
{
"db": "BID",
"id": "92116"
},
{
"db": "IVD",
"id": "c953b84a-1100-47f7-a149-3e8bdff937c4"
},
{
"db": "VULHUB",
"id": "VHN-94563"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5744",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-378531",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-208-01",
"trust": 2.2
},
{
"db": "BID",
"id": "92116",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1036441",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201607-905",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-05345",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004096",
"trust": 0.8
},
{
"db": "IVD",
"id": "C953B84A-1100-47F7-A149-3E8BDFF937C4",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-94563",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c953b84a-1100-47f7-a149-3e8bdff937c4"
},
{
"db": "CNVD",
"id": "CNVD-2016-05345"
},
{
"db": "VULHUB",
"id": "VHN-94563"
},
{
"db": "BID",
"id": "92116"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004096"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-905"
},
{
"db": "NVD",
"id": "CVE-2016-5744"
}
]
},
"id": "VAR-201607-0466",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c953b84a-1100-47f7-a149-3e8bdff937c4"
},
{
"db": "CNVD",
"id": "CNVD-2016-05345"
},
{
"db": "VULHUB",
"id": "VHN-94563"
}
],
"trust": 1.5582639500000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c953b84a-1100-47f7-a149-3e8bdff937c4"
},
{
"db": "CNVD",
"id": "CNVD-2016-05345"
}
]
},
"last_update_date": "2025-04-13T23:17:53.602000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-378531",
"trust": 0.8,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531.pdf"
},
{
"title": "The SIMATIC WinCC presence file contains a patch for the vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/79587"
},
{
"title": "Siemens SIMATIC WinCC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63265"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05345"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004096"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-905"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94563"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004096"
},
{
"db": "NVD",
"id": "CVE-2016-5744"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531.pdf"
},
{
"trust": 2.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-208-01"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92116"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036441"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5744"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5744"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05345"
},
{
"db": "VULHUB",
"id": "VHN-94563"
},
{
"db": "BID",
"id": "92116"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004096"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-905"
},
{
"db": "NVD",
"id": "CVE-2016-5744"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c953b84a-1100-47f7-a149-3e8bdff937c4"
},
{
"db": "CNVD",
"id": "CNVD-2016-05345"
},
{
"db": "VULHUB",
"id": "VHN-94563"
},
{
"db": "BID",
"id": "92116"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004096"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-905"
},
{
"db": "NVD",
"id": "CVE-2016-5744"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-25T00:00:00",
"db": "IVD",
"id": "c953b84a-1100-47f7-a149-3e8bdff937c4"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-05345"
},
{
"date": "2016-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-94563"
},
{
"date": "2016-07-25T00:00:00",
"db": "BID",
"id": "92116"
},
{
"date": "2016-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004096"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-905"
},
{
"date": "2016-07-22T15:59:01.397000",
"db": "NVD",
"id": "CVE-2016-5744"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-05345"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-94563"
},
{
"date": "2016-07-25T00:00:00",
"db": "BID",
"id": "92116"
},
{
"date": "2016-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004096"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-905"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5744"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-905"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC In any WinCC Vulnerability in reading station files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004096"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-905"
}
],
"trust": 0.6
}
}
VAR-201607-0465
Vulnerability from variot - Updated: 2025-04-13 23:17Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets. The SIMATIC WinCC (Windows Control Center) window control center is Siemens' process monitoring system, providing complete monitoring and data acquisition (SCADA) functions for the industrial sector; the PCS 7 system is a seamlessly integrated automation solution for all industrial applications. field. A remote code execution vulnerability exists in SIMATIC WinCC/PCS 7/WinCC Runtime Professional. Multiple Siemens Products are prone to a remote code-execution vulnerability. An attacker can exploit this issue to inject and execute arbitrary code in the context of the affected application. Siemens SIMATIC WinCC, etc. are all industrial automation products of Siemens (Siemens) in Germany
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0465",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.3"
},
{
"model": "simatic batch",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic openpcs 7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.2"
},
{
"model": "simatic wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.4"
},
{
"model": "simatic openpcs 7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.1"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "78.0"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "78.1"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "78.2"
},
{
"model": "simatic wincc sp",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "7.03"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "7.4"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "7.3"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "7.4 update 1"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.4"
},
{
"model": "simatic pcs sp4",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7\u003c=7.1"
},
{
"model": "simatic wincc runtime professional sp update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v1319"
},
{
"model": "simatic wincc sp",
"scope": "lte",
"trust": 0.6,
"vendor": "siemens",
"version": "\u003c=7.02"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.3x\u003c7.310"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.4x\u003c7.41"
},
{
"model": "simatic openpcs 7",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "8.1"
},
{
"model": "simatic batch",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic openpcs 7",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "8.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "simatic wincc",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "simatic openpcs 7",
"version": "*"
},
{
"model": "simatic wincc runtime professional sp1 upd2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.32"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.31"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.29"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.28"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.21"
},
{
"model": "simatic wincc upd4",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic wincc upd11",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic wincc sp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.02"
},
{
"model": "simatic pcs sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "77.1"
},
{
"model": "simatic wincc runtime professional sp update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "1319"
},
{
"model": "simatic wincc update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "7.41"
},
{
"model": "simatic wincc update",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "7.310"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic batch",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "649ab73e-2968-450b-b5d3-31e462571302"
},
{
"db": "CNVD",
"id": "CNVD-2016-05346"
},
{
"db": "BID",
"id": "92112"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004095"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-904"
},
{
"db": "NVD",
"id": "CVE-2016-5743"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_batch",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_openpcs_7",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_runtime_professional",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004095"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergey Temnikov and Vladimir Dashchenko, Critical Infrastructure Defence\nTeam, Kaspersky Lab.",
"sources": [
{
"db": "BID",
"id": "92112"
}
],
"trust": 0.3
},
"cve": "CVE-2016-5743",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5743",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-05346",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "649ab73e-2968-450b-b5d3-31e462571302",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-94562",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5743",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5743",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-5743",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-05346",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-904",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "649ab73e-2968-450b-b5d3-31e462571302",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-94562",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "649ab73e-2968-450b-b5d3-31e462571302"
},
{
"db": "CNVD",
"id": "CNVD-2016-05346"
},
{
"db": "VULHUB",
"id": "VHN-94562"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004095"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-904"
},
{
"db": "NVD",
"id": "CVE-2016-5743"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets. The SIMATIC WinCC (Windows Control Center) window control center is Siemens\u0027 process monitoring system, providing complete monitoring and data acquisition (SCADA) functions for the industrial sector; the PCS 7 system is a seamlessly integrated automation solution for all industrial applications. field. A remote code execution vulnerability exists in SIMATIC WinCC/PCS 7/WinCC Runtime Professional. Multiple Siemens Products are prone to a remote code-execution vulnerability. \nAn attacker can exploit this issue to inject and execute arbitrary code in the context of the affected application. Siemens SIMATIC WinCC, etc. are all industrial automation products of Siemens (Siemens) in Germany",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5743"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004095"
},
{
"db": "CNVD",
"id": "CNVD-2016-05346"
},
{
"db": "BID",
"id": "92112"
},
{
"db": "IVD",
"id": "649ab73e-2968-450b-b5d3-31e462571302"
},
{
"db": "VULHUB",
"id": "VHN-94562"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5743",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-378531",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-208-01",
"trust": 2.2
},
{
"db": "BID",
"id": "92112",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1036441",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201607-904",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-05346",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004095",
"trust": 0.8
},
{
"db": "IVD",
"id": "649AB73E-2968-450B-B5D3-31E462571302",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-94562",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "649ab73e-2968-450b-b5d3-31e462571302"
},
{
"db": "CNVD",
"id": "CNVD-2016-05346"
},
{
"db": "VULHUB",
"id": "VHN-94562"
},
{
"db": "BID",
"id": "92112"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004095"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-904"
},
{
"db": "NVD",
"id": "CVE-2016-5743"
}
]
},
"id": "VAR-201607-0465",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "649ab73e-2968-450b-b5d3-31e462571302"
},
{
"db": "CNVD",
"id": "CNVD-2016-05346"
},
{
"db": "VULHUB",
"id": "VHN-94562"
}
],
"trust": 1.5901556066666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "649ab73e-2968-450b-b5d3-31e462571302"
},
{
"db": "CNVD",
"id": "CNVD-2016-05346"
}
]
},
"last_update_date": "2025-04-13T23:17:53.562000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-378531",
"trust": 0.8,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531.pdf"
},
{
"title": "Patch for remote code execution vulnerability in SIMATIC WinCC/PCS 7/WinCCRuntime Professional",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/79586"
},
{
"title": "Multiple Siemens Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63264"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05346"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004095"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-904"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94562"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004095"
},
{
"db": "NVD",
"id": "CVE-2016-5743"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531.pdf"
},
{
"trust": 2.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-208-01"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92112"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036441"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5743"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5743"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05346"
},
{
"db": "VULHUB",
"id": "VHN-94562"
},
{
"db": "BID",
"id": "92112"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004095"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-904"
},
{
"db": "NVD",
"id": "CVE-2016-5743"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "649ab73e-2968-450b-b5d3-31e462571302"
},
{
"db": "CNVD",
"id": "CNVD-2016-05346"
},
{
"db": "VULHUB",
"id": "VHN-94562"
},
{
"db": "BID",
"id": "92112"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004095"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-904"
},
{
"db": "NVD",
"id": "CVE-2016-5743"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-25T00:00:00",
"db": "IVD",
"id": "649ab73e-2968-450b-b5d3-31e462571302"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-05346"
},
{
"date": "2016-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-94562"
},
{
"date": "2016-07-22T00:00:00",
"db": "BID",
"id": "92112"
},
{
"date": "2016-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004095"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-904"
},
{
"date": "2016-07-22T15:59:00.147000",
"db": "NVD",
"id": "CVE-2016-5743"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-05346"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-94562"
},
{
"date": "2016-07-22T00:00:00",
"db": "BID",
"id": "92112"
},
{
"date": "2016-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004095"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-904"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5743"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-904"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens SIMATIC Vulnerabilities in products that allow arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004095"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "649ab73e-2968-450b-b5d3-31e462571302"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-904"
}
],
"trust": 0.8
}
}
VAR-201407-0606
Vulnerability from variot - Updated: 2025-04-13 23:14The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during the sniffing of network traffic on TCP port 1030. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A privilege elevation vulnerability exists in Siemens SIMATIC WinCC and PCS7 that allows an attacker to exploit the vulnerability to gain administrative access on the affected device. Siemens SIMATIC WinCC and PCS7 are prone to a privilege-escalation vulnerability. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0606",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 2.4,
"vendor": "wincc",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 2.4,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 1.4,
"vendor": "siemens",
"version": "7.3"
},
{
"model": null,
"scope": "eq",
"trust": 1.2,
"vendor": "wincc",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 1.2,
"vendor": "wincc",
"version": "7.1"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic pcs7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic pcs 7",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc",
"version": "*"
},
{
"model": "pcs7",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "8.1"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
}
],
"sources": [
{
"db": "IVD",
"id": "ea209009-7fdb-4811-b130-403cdc16f255"
},
{
"db": "IVD",
"id": "7d720861-463f-11e9-a37c-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ce69a6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-04643"
},
{
"db": "BID",
"id": "68875"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003569"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-606"
},
{
"db": "NVD",
"id": "CVE-2014-4686"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_pcs_7",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003569"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergey Gordeychik, Alexander Tlyapov, Dmitry Nagibin, and Gleb Gritsai from Positive Technologies.",
"sources": [
{
"db": "BID",
"id": "68875"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4686",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-4686",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-04643",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "ea209009-7fdb-4811-b130-403cdc16f255",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "7d720861-463f-11e9-a37c-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "e2ce69a6-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-72627",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-4686",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-4686",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-04643",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-606",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "ea209009-7fdb-4811-b130-403cdc16f255",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d720861-463f-11e9-a37c-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2ce69a6-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-72627",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ea209009-7fdb-4811-b130-403cdc16f255"
},
{
"db": "IVD",
"id": "7d720861-463f-11e9-a37c-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ce69a6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-04643"
},
{
"db": "VULHUB",
"id": "VHN-72627"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003569"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-606"
},
{
"db": "NVD",
"id": "CVE-2014-4686"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during the sniffing of network traffic on TCP port 1030. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A privilege elevation vulnerability exists in Siemens SIMATIC WinCC and PCS7 that allows an attacker to exploit the vulnerability to gain administrative access on the affected device. Siemens SIMATIC WinCC and PCS7 are prone to a privilege-escalation vulnerability. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4686"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003569"
},
{
"db": "CNVD",
"id": "CNVD-2014-04643"
},
{
"db": "BID",
"id": "68875"
},
{
"db": "IVD",
"id": "ea209009-7fdb-4811-b130-403cdc16f255"
},
{
"db": "IVD",
"id": "7d720861-463f-11e9-a37c-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ce69a6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-72627"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4686",
"trust": 4.2
},
{
"db": "SIEMENS",
"id": "SSA-214365",
"trust": 2.3
},
{
"db": "CNNVD",
"id": "CNNVD-201407-606",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2014-04643",
"trust": 1.2
},
{
"db": "BID",
"id": "68875",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSA-14-205-02",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003569",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "60392",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "60388",
"trust": 0.6
},
{
"db": "IVD",
"id": "EA209009-7FDB-4811-B130-403CDC16F255",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D720861-463F-11E9-A37C-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "E2CE69A6-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "130406",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-72627",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127660",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ea209009-7fdb-4811-b130-403cdc16f255"
},
{
"db": "IVD",
"id": "7d720861-463f-11e9-a37c-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ce69a6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-04643"
},
{
"db": "VULHUB",
"id": "VHN-72627"
},
{
"db": "BID",
"id": "68875"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003569"
},
{
"db": "PACKETSTORM",
"id": "130406"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-606"
},
{
"db": "NVD",
"id": "CVE-2014-4686"
}
]
},
"id": "VAR-201407-0606",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ea209009-7fdb-4811-b130-403cdc16f255"
},
{
"db": "IVD",
"id": "7d720861-463f-11e9-a37c-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ce69a6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-04643"
},
{
"db": "VULHUB",
"id": "VHN-72627"
}
],
"trust": 1.9749411600000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "IVD",
"id": "ea209009-7fdb-4811-b130-403cdc16f255"
},
{
"db": "IVD",
"id": "7d720861-463f-11e9-a37c-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ce69a6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-04643"
}
]
},
"last_update_date": "2025-04-13T23:14:45.887000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-214365",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
},
{
"title": "Patch for Siemens SIMATIC WinCC and PCS7 Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/47905"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04643"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003569"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003569"
},
{
"db": "NVD",
"id": "CVE-2014-4686"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4686"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4686"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-205-02"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/68875"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/60388"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/60392"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4686"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4684"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4683"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4682"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04643"
},
{
"db": "VULHUB",
"id": "VHN-72627"
},
{
"db": "BID",
"id": "68875"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003569"
},
{
"db": "PACKETSTORM",
"id": "130406"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-606"
},
{
"db": "NVD",
"id": "CVE-2014-4686"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ea209009-7fdb-4811-b130-403cdc16f255"
},
{
"db": "IVD",
"id": "7d720861-463f-11e9-a37c-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ce69a6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-04643"
},
{
"db": "VULHUB",
"id": "VHN-72627"
},
{
"db": "BID",
"id": "68875"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003569"
},
{
"db": "PACKETSTORM",
"id": "130406"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-606"
},
{
"db": "NVD",
"id": "CVE-2014-4686"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-28T00:00:00",
"db": "IVD",
"id": "ea209009-7fdb-4811-b130-403cdc16f255"
},
{
"date": "2014-07-28T00:00:00",
"db": "IVD",
"id": "7d720861-463f-11e9-a37c-000c29342cb1"
},
{
"date": "2014-07-28T00:00:00",
"db": "IVD",
"id": "e2ce69a6-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04643"
},
{
"date": "2014-07-24T00:00:00",
"db": "VULHUB",
"id": "VHN-72627"
},
{
"date": "2014-07-23T00:00:00",
"db": "BID",
"id": "68875"
},
{
"date": "2014-07-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003569"
},
{
"date": "2015-02-16T17:36:59",
"db": "PACKETSTORM",
"id": "130406"
},
{
"date": "2014-07-29T22:37:22",
"db": "PACKETSTORM",
"id": "127660"
},
{
"date": "2014-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-606"
},
{
"date": "2014-07-24T14:55:08.190000",
"db": "NVD",
"id": "CVE-2014-4686"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04643"
},
{
"date": "2014-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-72627"
},
{
"date": "2015-03-19T09:08:00",
"db": "BID",
"id": "68875"
},
{
"date": "2014-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003569"
},
{
"date": "2014-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-606"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-4686"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "130406"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-606"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC PCS 7 Used in products such as SIMATIC WinCC Vulnerabilities in which important information is obtained in project management applications",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003569"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Encryption issues",
"sources": [
{
"db": "IVD",
"id": "ea209009-7fdb-4811-b130-403cdc16f255"
},
{
"db": "IVD",
"id": "7d720861-463f-11e9-a37c-000c29342cb1"
},
{
"db": "IVD",
"id": "e2ce69a6-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 0.6
}
}
VAR-201407-0604
Vulnerability from variot - Updated: 2025-04-13 23:14The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A remote privilege elevation vulnerability exists in Siemens' product database servers, which can be exploited by remote attackers to escalate privileges and perform unauthorized actions. SIMATIC WinCC and PCS7 are prone to a remote privilege-escalation vulnerability. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions. A security vulnerability exists in the database server of versions prior to Siemens SIMATIC WinCC 7.3 used by PCS7 and other products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0604",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 2.4,
"vendor": "wincc",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 2.4,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 1.4,
"vendor": "siemens",
"version": "7.3"
},
{
"model": null,
"scope": "eq",
"trust": 1.2,
"vendor": "wincc",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 1.2,
"vendor": "wincc",
"version": "7.1"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic pcs7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic pcs 7",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc",
"version": "*"
},
{
"model": "pcs7",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "8.1"
},
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "6.2"
}
],
"sources": [
{
"db": "IVD",
"id": "7d7feb11-463f-11e9-a766-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d4cc60-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2ce952e5-3809-407f-81cb-08454c69b74b"
},
{
"db": "CNVD",
"id": "CNVD-2014-04663"
},
{
"db": "BID",
"id": "68880"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003567"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-604"
},
{
"db": "NVD",
"id": "CVE-2014-4684"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_pcs_7",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003567"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "68880"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4684",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CVE-2014-4684",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2014-04663",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "7d7feb11-463f-11e9-a766-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "e2d4cc60-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "2ce952e5-3809-407f-81cb-08454c69b74b",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-72625",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-4684",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-4684",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-04663",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-604",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d7feb11-463f-11e9-a766-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2d4cc60-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "2ce952e5-3809-407f-81cb-08454c69b74b",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-72625",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d7feb11-463f-11e9-a766-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d4cc60-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2ce952e5-3809-407f-81cb-08454c69b74b"
},
{
"db": "CNVD",
"id": "CNVD-2014-04663"
},
{
"db": "VULHUB",
"id": "VHN-72625"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003567"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-604"
},
{
"db": "NVD",
"id": "CVE-2014-4684"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A remote privilege elevation vulnerability exists in Siemens\u0027 product database servers, which can be exploited by remote attackers to escalate privileges and perform unauthorized actions. SIMATIC WinCC and PCS7 are prone to a remote privilege-escalation vulnerability. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions. A security vulnerability exists in the database server of versions prior to Siemens SIMATIC WinCC 7.3 used by PCS7 and other products",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4684"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003567"
},
{
"db": "CNVD",
"id": "CNVD-2014-04663"
},
{
"db": "BID",
"id": "68880"
},
{
"db": "IVD",
"id": "7d7feb11-463f-11e9-a766-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d4cc60-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2ce952e5-3809-407f-81cb-08454c69b74b"
},
{
"db": "VULHUB",
"id": "VHN-72625"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4684",
"trust": 4.1
},
{
"db": "SIEMENS",
"id": "SSA-214365",
"trust": 2.3
},
{
"db": "CNNVD",
"id": "CNNVD-201407-604",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2014-04663",
"trust": 1.2
},
{
"db": "BID",
"id": "68880",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSA-14-205-02",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003567",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "60392",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "60388",
"trust": 0.6
},
{
"db": "IVD",
"id": "7D7FEB11-463F-11E9-A766-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "E2D4CC60-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "2CE952E5-3809-407F-81CB-08454C69B74B",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-72625",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127660",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d7feb11-463f-11e9-a766-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d4cc60-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2ce952e5-3809-407f-81cb-08454c69b74b"
},
{
"db": "CNVD",
"id": "CNVD-2014-04663"
},
{
"db": "VULHUB",
"id": "VHN-72625"
},
{
"db": "BID",
"id": "68880"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003567"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-604"
},
{
"db": "NVD",
"id": "CVE-2014-4684"
}
]
},
"id": "VAR-201407-0604",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d7feb11-463f-11e9-a766-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d4cc60-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2ce952e5-3809-407f-81cb-08454c69b74b"
},
{
"db": "CNVD",
"id": "CNVD-2014-04663"
},
{
"db": "VULHUB",
"id": "VHN-72625"
}
],
"trust": 2.003642875
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d7feb11-463f-11e9-a766-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d4cc60-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2ce952e5-3809-407f-81cb-08454c69b74b"
},
{
"db": "CNVD",
"id": "CNVD-2014-04663"
}
]
},
"last_update_date": "2025-04-13T23:14:45.835000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-214365",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
},
{
"title": "Siemens product database server remote privilege escalation vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/47900"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04663"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003567"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72625"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003567"
},
{
"db": "NVD",
"id": "CVE-2014-4684"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4684"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4684"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-205-02"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/60388"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/60392"
},
{
"trust": 0.3,
"url": "http://aunz.siemens.com/newscentre/productreleases/pages/iac_pr_simaticwinccv62.aspx"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4684"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4683"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4686"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4682"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04663"
},
{
"db": "VULHUB",
"id": "VHN-72625"
},
{
"db": "BID",
"id": "68880"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003567"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-604"
},
{
"db": "NVD",
"id": "CVE-2014-4684"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d7feb11-463f-11e9-a766-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d4cc60-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2ce952e5-3809-407f-81cb-08454c69b74b"
},
{
"db": "CNVD",
"id": "CNVD-2014-04663"
},
{
"db": "VULHUB",
"id": "VHN-72625"
},
{
"db": "BID",
"id": "68880"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003567"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-604"
},
{
"db": "NVD",
"id": "CVE-2014-4684"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-28T00:00:00",
"db": "IVD",
"id": "7d7feb11-463f-11e9-a766-000c29342cb1"
},
{
"date": "2014-07-28T00:00:00",
"db": "IVD",
"id": "e2d4cc60-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-07-28T00:00:00",
"db": "IVD",
"id": "2ce952e5-3809-407f-81cb-08454c69b74b"
},
{
"date": "2014-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04663"
},
{
"date": "2014-07-24T00:00:00",
"db": "VULHUB",
"id": "VHN-72625"
},
{
"date": "2014-07-23T00:00:00",
"db": "BID",
"id": "68880"
},
{
"date": "2014-07-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003567"
},
{
"date": "2014-07-29T22:37:22",
"db": "PACKETSTORM",
"id": "127660"
},
{
"date": "2014-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-604"
},
{
"date": "2014-07-24T14:55:08.097000",
"db": "NVD",
"id": "CVE-2014-4684"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04663"
},
{
"date": "2014-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-72625"
},
{
"date": "2014-10-08T06:59:00",
"db": "BID",
"id": "68880"
},
{
"date": "2014-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003567"
},
{
"date": "2014-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-604"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-4684"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-604"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC PCS 7 Used in products such as SIMATIC WinCC of Vulnerability that can be obtained privilege in the database server",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003567"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Permission permission and access control",
"sources": [
{
"db": "IVD",
"id": "7d7feb11-463f-11e9-a766-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d4cc60-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "2ce952e5-3809-407f-81cb-08454c69b74b"
}
],
"trust": 0.6
}
}
VAR-201407-0605
Vulnerability from variot - Updated: 2025-04-13 23:14Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A number of Siemens products have local privilege escalation vulnerabilities that allow an attacker to exploit vulnerabilities to escalate permissions on affected computers. Siemens SIMATIC WinCC and PCS 7 are prone to a local privilege-escalation vulnerability. Attackers can exploit this issue to gain elevated privileges on affected computers. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions. A security vulnerability exists in versions prior to Siemens SIMATIC WinCC 7.3 used by PCS7 and other products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0605",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 2.4,
"vendor": "wincc",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 2.4,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 1.4,
"vendor": "siemens",
"version": "7.3"
},
{
"model": null,
"scope": "eq",
"trust": 1.2,
"vendor": "wincc",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 1.2,
"vendor": "wincc",
"version": "7.1"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic pcs7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic pcs 7",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc",
"version": "*"
},
{
"model": "pcs7",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.2"
}
],
"sources": [
{
"db": "IVD",
"id": "7d76ea61-463f-11e9-a2da-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d14a5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "d7eabc36-02a7-4430-8646-7d7359179ce3"
},
{
"db": "CNVD",
"id": "CNVD-2014-04695"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003568"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-605"
},
{
"db": "NVD",
"id": "CVE-2014-4685"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_pcs_7",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003568"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergey Gordeychik, Alexander Tlyapov, Dmitry Nagibin, and Gleb Gritsai\nfrom Positive Technologies",
"sources": [
{
"db": "BID",
"id": "68872"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4685",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2014-4685",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-04695",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d76ea61-463f-11e9-a2da-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2d14a5e-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "d7eabc36-02a7-4430-8646-7d7359179ce3",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-72626",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-4685",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-4685",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-04695",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-605",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d76ea61-463f-11e9-a2da-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2d14a5e-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "d7eabc36-02a7-4430-8646-7d7359179ce3",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-72626",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d76ea61-463f-11e9-a2da-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d14a5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "d7eabc36-02a7-4430-8646-7d7359179ce3"
},
{
"db": "CNVD",
"id": "CNVD-2014-04695"
},
{
"db": "VULHUB",
"id": "VHN-72626"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003568"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-605"
},
{
"db": "NVD",
"id": "CVE-2014-4685"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A number of Siemens products have local privilege escalation vulnerabilities that allow an attacker to exploit vulnerabilities to escalate permissions on affected computers. Siemens SIMATIC WinCC and PCS 7 are prone to a local privilege-escalation vulnerability. \nAttackers can exploit this issue to gain elevated privileges on affected computers. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions. A security vulnerability exists in versions prior to Siemens SIMATIC WinCC 7.3 used by PCS7 and other products",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4685"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003568"
},
{
"db": "CNVD",
"id": "CNVD-2014-04695"
},
{
"db": "BID",
"id": "68872"
},
{
"db": "IVD",
"id": "7d76ea61-463f-11e9-a2da-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d14a5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "d7eabc36-02a7-4430-8646-7d7359179ce3"
},
{
"db": "VULHUB",
"id": "VHN-72626"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4685",
"trust": 4.1
},
{
"db": "SIEMENS",
"id": "SSA-214365",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201407-605",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2014-04695",
"trust": 1.2
},
{
"db": "ICS CERT",
"id": "ICSA-14-205-02",
"trust": 1.1
},
{
"db": "BID",
"id": "68872",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003568",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "60392",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "60388",
"trust": 0.6
},
{
"db": "IVD",
"id": "7D76EA61-463F-11E9-A2DA-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "E2D14A5E-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "D7EABC36-02A7-4430-8646-7D7359179CE3",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-72626",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127660",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d76ea61-463f-11e9-a2da-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d14a5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "d7eabc36-02a7-4430-8646-7d7359179ce3"
},
{
"db": "CNVD",
"id": "CNVD-2014-04695"
},
{
"db": "VULHUB",
"id": "VHN-72626"
},
{
"db": "BID",
"id": "68872"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003568"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-605"
},
{
"db": "NVD",
"id": "CVE-2014-4685"
}
]
},
"id": "VAR-201407-0605",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d76ea61-463f-11e9-a2da-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d14a5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "d7eabc36-02a7-4430-8646-7d7359179ce3"
},
{
"db": "CNVD",
"id": "CNVD-2014-04695"
},
{
"db": "VULHUB",
"id": "VHN-72626"
}
],
"trust": 2.003642875
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d76ea61-463f-11e9-a2da-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d14a5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "d7eabc36-02a7-4430-8646-7d7359179ce3"
},
{
"db": "CNVD",
"id": "CNVD-2014-04695"
}
]
},
"last_update_date": "2025-04-13T23:14:45.783000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-214365",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
},
{
"title": "A patch for Siemens\u0027 local product privilege escalation vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/47934"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04695"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003568"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72626"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003568"
},
{
"db": "NVD",
"id": "CVE-2014-4685"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-205-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4685"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4685"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/68872/info"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/60388"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/60392"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/scada/simatic-wincc/pages/default.aspx"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4684"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4683"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4686"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4682"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04695"
},
{
"db": "VULHUB",
"id": "VHN-72626"
},
{
"db": "BID",
"id": "68872"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003568"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-605"
},
{
"db": "NVD",
"id": "CVE-2014-4685"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d76ea61-463f-11e9-a2da-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d14a5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "d7eabc36-02a7-4430-8646-7d7359179ce3"
},
{
"db": "CNVD",
"id": "CNVD-2014-04695"
},
{
"db": "VULHUB",
"id": "VHN-72626"
},
{
"db": "BID",
"id": "68872"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003568"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-605"
},
{
"db": "NVD",
"id": "CVE-2014-4685"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-30T00:00:00",
"db": "IVD",
"id": "7d76ea61-463f-11e9-a2da-000c29342cb1"
},
{
"date": "2014-07-30T00:00:00",
"db": "IVD",
"id": "e2d14a5e-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-07-30T00:00:00",
"db": "IVD",
"id": "d7eabc36-02a7-4430-8646-7d7359179ce3"
},
{
"date": "2014-07-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04695"
},
{
"date": "2014-07-24T00:00:00",
"db": "VULHUB",
"id": "VHN-72626"
},
{
"date": "2014-07-23T00:00:00",
"db": "BID",
"id": "68872"
},
{
"date": "2014-07-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003568"
},
{
"date": "2014-07-29T22:37:22",
"db": "PACKETSTORM",
"id": "127660"
},
{
"date": "2014-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-605"
},
{
"date": "2014-07-24T14:55:08.143000",
"db": "NVD",
"id": "CVE-2014-4685"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04695"
},
{
"date": "2014-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-72626"
},
{
"date": "2015-03-19T09:46:00",
"db": "BID",
"id": "68872"
},
{
"date": "2014-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003568"
},
{
"date": "2014-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-605"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-4685"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "68872"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-605"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC PCS 7 Used in products such as SIMATIC WinCC Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003568"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Permission permission and access control",
"sources": [
{
"db": "IVD",
"id": "7d76ea61-463f-11e9-a2da-000c29342cb1"
},
{
"db": "IVD",
"id": "e2d14a5e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "d7eabc36-02a7-4430-8646-7d7359179ce3"
}
],
"trust": 0.6
}
}
VAR-201502-0370
Vulnerability from variot - Updated: 2025-04-13 23:14The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. An information disclosure vulnerability exists in Siemens SIMATIC WinCC V13 SP1 that could allow an attacker to obtain sensitive information through man-in-the-middle attacks. Versions prior to Siemens SIMATIC WinCC TIA Portal V13 SP1 are vulnerable. The vulnerability stems from the fact that the program does not properly encrypt the certificate in transmission. A remote attacker could exploit this vulnerability by sniffing the network and performing a decryption attack to obtain clear text certificates
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0370",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "13.0"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "13 sp1"
},
{
"model": "simatic wincc tia portal sp1",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v13"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "13.0"
},
{
"model": "simatic wincc flexible runtime",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc flexible sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2007"
},
{
"model": "simatic wincc flexible sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2005"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2005"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2004"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
}
],
"sources": [
{
"db": "IVD",
"id": "6c5f6ee2-c09b-4c78-a362-83203bbfe346"
},
{
"db": "IVD",
"id": "a11e037c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01296"
},
{
"db": "BID",
"id": "72625"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001537"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-420"
},
{
"db": "NVD",
"id": "CVE-2015-1358"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001537"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gleb Gritsai, Roman Ilin, Aleksandr Tlyapov, and Sergey Gordeychik.",
"sources": [
{
"db": "BID",
"id": "72625"
}
],
"trust": 0.3
},
"cve": "CVE-2015-1358",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-1358",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-01296",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "6c5f6ee2-c09b-4c78-a362-83203bbfe346",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "a11e037c-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-79319",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-1358",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-1358",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-01296",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-420",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "6c5f6ee2-c09b-4c78-a362-83203bbfe346",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a11e037c-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-79319",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "6c5f6ee2-c09b-4c78-a362-83203bbfe346"
},
{
"db": "IVD",
"id": "a11e037c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01296"
},
{
"db": "VULHUB",
"id": "VHN-79319"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001537"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-420"
},
{
"db": "NVD",
"id": "CVE-2015-1358"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. An information disclosure vulnerability exists in Siemens SIMATIC WinCC V13 SP1 that could allow an attacker to obtain sensitive information through man-in-the-middle attacks. \nVersions prior to Siemens SIMATIC WinCC TIA Portal V13 SP1 are vulnerable. The vulnerability stems from the fact that the program does not properly encrypt the certificate in transmission. A remote attacker could exploit this vulnerability by sniffing the network and performing a decryption attack to obtain clear text certificates",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1358"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001537"
},
{
"db": "CNVD",
"id": "CNVD-2015-01296"
},
{
"db": "BID",
"id": "72625"
},
{
"db": "IVD",
"id": "6c5f6ee2-c09b-4c78-a362-83203bbfe346"
},
{
"db": "IVD",
"id": "a11e037c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-79319"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-1358",
"trust": 3.9
},
{
"db": "SIEMENS",
"id": "SSA-543623",
"trust": 2.3
},
{
"db": "BID",
"id": "72625",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-16-161-02",
"trust": 1.9
},
{
"db": "SIEMENS",
"id": "SSA-526760",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201502-420",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036090",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2015-01296",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001537",
"trust": 0.8
},
{
"db": "IVD",
"id": "6C5F6EE2-C09B-4C78-A362-83203BBFE346",
"trust": 0.2
},
{
"db": "IVD",
"id": "A11E037C-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-79319",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "130406",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "6c5f6ee2-c09b-4c78-a362-83203bbfe346"
},
{
"db": "IVD",
"id": "a11e037c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01296"
},
{
"db": "VULHUB",
"id": "VHN-79319"
},
{
"db": "BID",
"id": "72625"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001537"
},
{
"db": "PACKETSTORM",
"id": "130406"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-420"
},
{
"db": "NVD",
"id": "CVE-2015-1358"
}
]
},
"id": "VAR-201502-0370",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "6c5f6ee2-c09b-4c78-a362-83203bbfe346"
},
{
"db": "IVD",
"id": "a11e037c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01296"
},
{
"db": "VULHUB",
"id": "VHN-79319"
}
],
"trust": 1.7615187142857143
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "6c5f6ee2-c09b-4c78-a362-83203bbfe346"
},
{
"db": "IVD",
"id": "a11e037c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01296"
}
]
},
"last_update_date": "2025-04-13T23:14:45.736000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-543623",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-543623.pdf"
},
{
"title": "Patch for Siemens SIMATIC WinCC TIA Portal Man-in-the-Middle Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/55531"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01296"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001537"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79319"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001537"
},
{
"db": "NVD",
"id": "CVE-2015-1358"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-543623.pdf"
},
{
"trust": 1.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-161-02"
},
{
"trust": 1.7,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-526760.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/72625"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036090"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1358"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4686"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01296"
},
{
"db": "VULHUB",
"id": "VHN-79319"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001537"
},
{
"db": "PACKETSTORM",
"id": "130406"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-420"
},
{
"db": "NVD",
"id": "CVE-2015-1358"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "6c5f6ee2-c09b-4c78-a362-83203bbfe346"
},
{
"db": "IVD",
"id": "a11e037c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01296"
},
{
"db": "VULHUB",
"id": "VHN-79319"
},
{
"db": "BID",
"id": "72625"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001537"
},
{
"db": "PACKETSTORM",
"id": "130406"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-420"
},
{
"db": "NVD",
"id": "CVE-2015-1358"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-27T00:00:00",
"db": "IVD",
"id": "6c5f6ee2-c09b-4c78-a362-83203bbfe346"
},
{
"date": "2015-02-27T00:00:00",
"db": "IVD",
"id": "a11e037c-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01296"
},
{
"date": "2015-02-18T00:00:00",
"db": "VULHUB",
"id": "VHN-79319"
},
{
"date": "2015-02-13T00:00:00",
"db": "BID",
"id": "72625"
},
{
"date": "2015-02-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001537"
},
{
"date": "2015-02-16T17:36:59",
"db": "PACKETSTORM",
"id": "130406"
},
{
"date": "2015-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-420"
},
{
"date": "2015-02-18T02:59:07.813000",
"db": "NVD",
"id": "CVE-2015-1358"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01296"
},
{
"date": "2016-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-79319"
},
{
"date": "2016-07-06T14:57:00",
"db": "BID",
"id": "72625"
},
{
"date": "2016-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001537"
},
{
"date": "2015-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-420"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-1358"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "130406"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-420"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC TIA Portal Man-in-the-middle information disclosure vulnerability",
"sources": [
{
"db": "IVD",
"id": "6c5f6ee2-c09b-4c78-a362-83203bbfe346"
},
{
"db": "IVD",
"id": "a11e037c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01296"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-420"
}
],
"trust": 0.6
}
}
VAR-201407-0603
Vulnerability from variot - Updated: 2025-04-13 23:14The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A remote privilege elevation vulnerability exists in Siemens SIMATIC WinCC And PCS7 that can be exploited by remote attackers to gain elevated privileges on affected devices. Siemens SIMATIC WinCC and PCS7 are prone to a remote privilege-escalation vulnerability. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions. There is a security hole in the WebNavigator server used by Siemens SIMATIC WinCC versions prior to 7.3 for PCS7 and other products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0603",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 2.4,
"vendor": "wincc",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 2.4,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 1.4,
"vendor": "siemens",
"version": "7.3"
},
{
"model": null,
"scope": "eq",
"trust": 1.2,
"vendor": "wincc",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 1.2,
"vendor": "wincc",
"version": "7.1"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic pcs7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic pcs 7",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc",
"version": "*"
},
{
"model": "pcs7",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "8.1"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "6.2"
}
],
"sources": [
{
"db": "IVD",
"id": "e2d78202-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c0a709a9-648b-4fbc-869e-37cd7064012b"
},
{
"db": "IVD",
"id": "7d71e153-463f-11e9-be10-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04644"
},
{
"db": "BID",
"id": "68879"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003566"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-603"
},
{
"db": "NVD",
"id": "CVE-2014-4683"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_pcs_7",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003566"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergey Gordeychik, Alexander Tlyapov, Dmitry Nagibin, and Gleb Gritsai from Positive Technologies.",
"sources": [
{
"db": "BID",
"id": "68879"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4683",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CVE-2014-4683",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2014-04644",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "e2d78202-2351-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "c0a709a9-648b-4fbc-869e-37cd7064012b",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "7d71e153-463f-11e9-be10-000c29342cb1",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-72624",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-4683",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-4683",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-04644",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-603",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2d78202-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c0a709a9-648b-4fbc-869e-37cd7064012b",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d71e153-463f-11e9-be10-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-72624",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2d78202-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c0a709a9-648b-4fbc-869e-37cd7064012b"
},
{
"db": "IVD",
"id": "7d71e153-463f-11e9-be10-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04644"
},
{
"db": "VULHUB",
"id": "VHN-72624"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003566"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-603"
},
{
"db": "NVD",
"id": "CVE-2014-4683"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A remote privilege elevation vulnerability exists in Siemens SIMATIC WinCC And PCS7 that can be exploited by remote attackers to gain elevated privileges on affected devices. Siemens SIMATIC WinCC and PCS7 are prone to a remote privilege-escalation vulnerability. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions. There is a security hole in the WebNavigator server used by Siemens SIMATIC WinCC versions prior to 7.3 for PCS7 and other products",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4683"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003566"
},
{
"db": "CNVD",
"id": "CNVD-2014-04644"
},
{
"db": "BID",
"id": "68879"
},
{
"db": "IVD",
"id": "e2d78202-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c0a709a9-648b-4fbc-869e-37cd7064012b"
},
{
"db": "IVD",
"id": "7d71e153-463f-11e9-be10-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-72624"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4683",
"trust": 4.1
},
{
"db": "SIEMENS",
"id": "SSA-214365",
"trust": 2.3
},
{
"db": "CNNVD",
"id": "CNNVD-201407-603",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2014-04644",
"trust": 1.2
},
{
"db": "BID",
"id": "68879",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSA-14-205-02",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003566",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "60392",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "60388",
"trust": 0.6
},
{
"db": "IVD",
"id": "E2D78202-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "C0A709A9-648B-4FBC-869E-37CD7064012B",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D71E153-463F-11E9-BE10-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-72624",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127660",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2d78202-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c0a709a9-648b-4fbc-869e-37cd7064012b"
},
{
"db": "IVD",
"id": "7d71e153-463f-11e9-be10-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04644"
},
{
"db": "VULHUB",
"id": "VHN-72624"
},
{
"db": "BID",
"id": "68879"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003566"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-603"
},
{
"db": "NVD",
"id": "CVE-2014-4683"
}
]
},
"id": "VAR-201407-0603",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2d78202-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c0a709a9-648b-4fbc-869e-37cd7064012b"
},
{
"db": "IVD",
"id": "7d71e153-463f-11e9-be10-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04644"
},
{
"db": "VULHUB",
"id": "VHN-72624"
}
],
"trust": 2.003642875
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2d78202-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c0a709a9-648b-4fbc-869e-37cd7064012b"
},
{
"db": "IVD",
"id": "7d71e153-463f-11e9-be10-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04644"
}
]
},
"last_update_date": "2025-04-13T23:14:45.684000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-214365",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
},
{
"title": "Patch for Siemens SIMATIC Multiple Products Remote Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/47899"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04644"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003566"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72624"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003566"
},
{
"db": "NVD",
"id": "CVE-2014-4683"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4683"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4683"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-205-02"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/68879/info"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/60388"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/60392"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.3,
"url": "http://aunz.siemens.com/newscentre/productreleases/pages/iac_pr_simaticwinccv62.aspx"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4684"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4683"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4686"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4682"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04644"
},
{
"db": "VULHUB",
"id": "VHN-72624"
},
{
"db": "BID",
"id": "68879"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003566"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-603"
},
{
"db": "NVD",
"id": "CVE-2014-4683"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2d78202-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c0a709a9-648b-4fbc-869e-37cd7064012b"
},
{
"db": "IVD",
"id": "7d71e153-463f-11e9-be10-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04644"
},
{
"db": "VULHUB",
"id": "VHN-72624"
},
{
"db": "BID",
"id": "68879"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003566"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-603"
},
{
"db": "NVD",
"id": "CVE-2014-4683"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-28T00:00:00",
"db": "IVD",
"id": "e2d78202-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-07-28T00:00:00",
"db": "IVD",
"id": "c0a709a9-648b-4fbc-869e-37cd7064012b"
},
{
"date": "2014-07-28T00:00:00",
"db": "IVD",
"id": "7d71e153-463f-11e9-be10-000c29342cb1"
},
{
"date": "2014-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04644"
},
{
"date": "2014-07-24T00:00:00",
"db": "VULHUB",
"id": "VHN-72624"
},
{
"date": "2014-07-23T00:00:00",
"db": "BID",
"id": "68879"
},
{
"date": "2014-07-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003566"
},
{
"date": "2014-07-29T22:37:22",
"db": "PACKETSTORM",
"id": "127660"
},
{
"date": "2014-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-603"
},
{
"date": "2014-07-24T14:55:08.050000",
"db": "NVD",
"id": "CVE-2014-4683"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04644"
},
{
"date": "2014-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-72624"
},
{
"date": "2015-03-19T09:40:00",
"db": "BID",
"id": "68879"
},
{
"date": "2014-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003566"
},
{
"date": "2014-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-603"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-4683"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-603"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC PCS 7 Used in products such as SIMATIC WinCC of WebNavigator Vulnerability that can be obtained privilege in the server",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003566"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Permission permission and access control",
"sources": [
{
"db": "IVD",
"id": "e2d78202-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "c0a709a9-648b-4fbc-869e-37cd7064012b"
},
{
"db": "IVD",
"id": "7d71e153-463f-11e9-be10-000c29342cb1"
}
],
"trust": 0.6
}
}
VAR-201407-0602
Vulnerability from variot - Updated: 2025-04-13 23:14The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. Siemens SIMATIC WinCC and PCS7 are prone to an information-disclosure vulnerability. Siemens SIMATIC WinCC is the German Siemens ( Siemens ) The company's set of automated data collection and monitoring ( SCADA )system. The system provides process monitoring, data acquisition and other functions. PCS7 used with other products Siemens SIMATIC WinCC 7.3 previous version of WebNavigator There is a security hole in the server
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0602",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 2.4,
"vendor": "wincc",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 2.4,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 1.4,
"vendor": "siemens",
"version": "7.3"
},
{
"model": null,
"scope": "eq",
"trust": 1.2,
"vendor": "wincc",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 1.2,
"vendor": "wincc",
"version": "7.1"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic pcs7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic pcs 7",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc",
"version": "*"
},
{
"model": "pcs7",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "8.1"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "6.2"
}
],
"sources": [
{
"db": "IVD",
"id": "e2da5658-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "00716b3e-ff45-48a1-bc94-7cbfc25e11ed"
},
{
"db": "IVD",
"id": "7d801221-463f-11e9-a98b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04662"
},
{
"db": "BID",
"id": "68876"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003565"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-602"
},
{
"db": "NVD",
"id": "CVE-2014-4682"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_pcs_7",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003565"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergey Gordeychik, Alexander Tlyapov, Dmitry Nagibin, and Gleb Gritsai from Positive Technologies.",
"sources": [
{
"db": "BID",
"id": "68876"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4682",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-4682",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-04662",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e2da5658-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "00716b3e-ff45-48a1-bc94-7cbfc25e11ed",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d801221-463f-11e9-a98b-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-72623",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-4682",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-4682",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-04662",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-602",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2da5658-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "00716b3e-ff45-48a1-bc94-7cbfc25e11ed",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d801221-463f-11e9-a98b-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-72623",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2da5658-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "00716b3e-ff45-48a1-bc94-7cbfc25e11ed"
},
{
"db": "IVD",
"id": "7d801221-463f-11e9-a98b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04662"
},
{
"db": "VULHUB",
"id": "VHN-72623"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003565"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-602"
},
{
"db": "NVD",
"id": "CVE-2014-4682"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. Siemens SIMATIC WinCC and PCS7 are prone to an information-disclosure vulnerability. Siemens SIMATIC WinCC is the German Siemens ( Siemens ) The company\u0027s set of automated data collection and monitoring ( SCADA )system. The system provides process monitoring, data acquisition and other functions. PCS7 used with other products Siemens SIMATIC WinCC 7.3 previous version of WebNavigator There is a security hole in the server",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4682"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003565"
},
{
"db": "CNVD",
"id": "CNVD-2014-04662"
},
{
"db": "BID",
"id": "68876"
},
{
"db": "IVD",
"id": "e2da5658-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "00716b3e-ff45-48a1-bc94-7cbfc25e11ed"
},
{
"db": "IVD",
"id": "7d801221-463f-11e9-a98b-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-72623"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4682",
"trust": 4.1
},
{
"db": "SIEMENS",
"id": "SSA-214365",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201407-602",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2014-04662",
"trust": 1.2
},
{
"db": "ICS CERT",
"id": "ICSA-14-205-02",
"trust": 1.1
},
{
"db": "BID",
"id": "68876",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003565",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "60392",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "60388",
"trust": 0.6
},
{
"db": "IVD",
"id": "E2DA5658-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "00716B3E-FF45-48A1-BC94-7CBFC25E11ED",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D801221-463F-11E9-A98B-000C29342CB1",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "127660",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-72623",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2da5658-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "00716b3e-ff45-48a1-bc94-7cbfc25e11ed"
},
{
"db": "IVD",
"id": "7d801221-463f-11e9-a98b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04662"
},
{
"db": "VULHUB",
"id": "VHN-72623"
},
{
"db": "BID",
"id": "68876"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003565"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-602"
},
{
"db": "NVD",
"id": "CVE-2014-4682"
}
]
},
"id": "VAR-201407-0602",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2da5658-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "00716b3e-ff45-48a1-bc94-7cbfc25e11ed"
},
{
"db": "IVD",
"id": "7d801221-463f-11e9-a98b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04662"
},
{
"db": "VULHUB",
"id": "VHN-72623"
}
],
"trust": 2.003642875
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2da5658-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "00716b3e-ff45-48a1-bc94-7cbfc25e11ed"
},
{
"db": "IVD",
"id": "7d801221-463f-11e9-a98b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04662"
}
]
},
"last_update_date": "2025-04-13T23:14:45.632000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-214365",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
},
{
"title": "Patch for Siemens SIMATIC WinCC and PCS7 WebNavigator Server Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/47904"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04662"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003565"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72623"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003565"
},
{
"db": "NVD",
"id": "CVE-2014-4682"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4682"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-205-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4682"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/68876"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/60388"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/60392"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/scada/simatic-wincc/pages/default.aspx"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4684"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4683"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4686"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4682"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04662"
},
{
"db": "VULHUB",
"id": "VHN-72623"
},
{
"db": "BID",
"id": "68876"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003565"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-602"
},
{
"db": "NVD",
"id": "CVE-2014-4682"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2da5658-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "00716b3e-ff45-48a1-bc94-7cbfc25e11ed"
},
{
"db": "IVD",
"id": "7d801221-463f-11e9-a98b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04662"
},
{
"db": "VULHUB",
"id": "VHN-72623"
},
{
"db": "BID",
"id": "68876"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003565"
},
{
"db": "PACKETSTORM",
"id": "127660"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-602"
},
{
"db": "NVD",
"id": "CVE-2014-4682"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-28T00:00:00",
"db": "IVD",
"id": "e2da5658-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-07-28T00:00:00",
"db": "IVD",
"id": "00716b3e-ff45-48a1-bc94-7cbfc25e11ed"
},
{
"date": "2014-07-28T00:00:00",
"db": "IVD",
"id": "7d801221-463f-11e9-a98b-000c29342cb1"
},
{
"date": "2014-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04662"
},
{
"date": "2014-07-24T00:00:00",
"db": "VULHUB",
"id": "VHN-72623"
},
{
"date": "2014-07-24T00:00:00",
"db": "BID",
"id": "68876"
},
{
"date": "2014-07-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003565"
},
{
"date": "2014-07-29T22:37:22",
"db": "PACKETSTORM",
"id": "127660"
},
{
"date": "2014-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-602"
},
{
"date": "2014-07-24T14:55:08.020000",
"db": "NVD",
"id": "CVE-2014-4682"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04662"
},
{
"date": "2014-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-72623"
},
{
"date": "2015-03-19T08:39:00",
"db": "BID",
"id": "68876"
},
{
"date": "2014-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003565"
},
{
"date": "2014-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-602"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-4682"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-602"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC and PCS7 WebNavigator Server Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04662"
},
{
"db": "BID",
"id": "68876"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Information leakage",
"sources": [
{
"db": "IVD",
"id": "e2da5658-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "00716b3e-ff45-48a1-bc94-7cbfc25e11ed"
},
{
"db": "IVD",
"id": "7d801221-463f-11e9-a98b-000c29342cb1"
}
],
"trust": 0.6
}
}
VAR-201504-0235
Vulnerability from variot - Updated: 2025-04-13 23:09Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password. plural SIMATIC HMI Products and SIMATIC WinCC Contains a vulnerability that allows authentication to be completed.Even if there is no related password information, a third party may use the password hash to complete the authentication. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. Siemens SIMATIC and SIMATIC WinCC HMI Comfort Panels have verification bypass vulnerabilities that allow remote attackers to exploit vulnerabilities to bypass authentication. Multiple Siemens SIMATIC products are prone to an authentication-bypass vulnerability. This may aid in further attacks. The SIMATIC HMI Panel series, SIMATIC WinCC Runtime Advanced and Professional are all HMI software for operating and monitoring machines and plants. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. A remote attacker could exploit this vulnerability to authenticate using a known hashed password
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0235",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 2.2,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 2.2,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "wincc",
"scope": "eq",
"trust": 2.2,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "wincc",
"scope": "eq",
"trust": 2.2,
"vendor": "siemens",
"version": "7.3"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "13.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "*"
},
{
"model": "simatic hmi basic panels 2nd generation",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "(wincc 13 sp1 upd2"
},
{
"model": "simatic hmi mobile panel 277",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "(wincc all versions )"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "7.3 upd4"
},
{
"model": "simatic hmi comfort panels",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": ")"
},
{
"model": "simatic hmi multi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "(wincc all versions )"
},
{
"model": "simatic hmi comfort panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "(wincc 13 sp1 upd2"
},
{
"model": "simatic hmi basic panels 1st generation",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "(wincc all versions )"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.x"
},
{
"model": "simatic hmi basic panels 2nd generation",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": ")"
},
{
"model": "simatic hmi basic panels generation",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "1"
},
{
"model": "simatic hmi basic panels generation",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2"
},
{
"model": "simatic hmi comfort panels",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi mobile panel",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "277"
},
{
"model": "simatic hmi mobile panels",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "13.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.3"
}
],
"sources": [
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
},
{
"db": "NVD",
"id": "CVE-2015-2823"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:siemens:simatic_hmi_basic_panels_generation_1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:siemens:simatic_hmi_basic_panels_generation_2",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:siemens:simatic_hmi_comfort_panels",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:siemens:simatic_hmi_mobile_panel_277",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:siemens:simatic_hmi_multi_panels",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quarkslab team and Ilya Karpov from Positive Technologies.",
"sources": [
{
"db": "BID",
"id": "74040"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2823",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2015-2823",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-02291",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "9844de6a-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-80784",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2823",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-2823",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-02291",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-097",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-80784",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-2823",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "VULHUB",
"id": "VHN-80784"
},
{
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
},
{
"db": "NVD",
"id": "CVE-2015-2823"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password. plural SIMATIC HMI Products and SIMATIC WinCC Contains a vulnerability that allows authentication to be completed.Even if there is no related password information, a third party may use the password hash to complete the authentication. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. Siemens SIMATIC and SIMATIC WinCC HMI Comfort Panels have verification bypass vulnerabilities that allow remote attackers to exploit vulnerabilities to bypass authentication. Multiple Siemens SIMATIC products are prone to an authentication-bypass vulnerability. This may aid in further attacks. The SIMATIC HMI Panel series, SIMATIC WinCC Runtime Advanced and Professional are all HMI software for operating and monitoring machines and plants. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. A remote attacker could exploit this vulnerability to authenticate using a known hashed password",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2823"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "BID",
"id": "74040"
},
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-80784"
},
{
"db": "VULMON",
"id": "CVE-2015-2823"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2823",
"trust": 3.9
},
{
"db": "BID",
"id": "74040",
"trust": 2.1
},
{
"db": "SIEMENS",
"id": "SSA-487246",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-097",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2015-02291",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSA-15-099-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126",
"trust": 0.8
},
{
"db": "IVD",
"id": "344280CB-0461-40FA-A3C6-537FF0CE4AFF",
"trust": 0.2
},
{
"db": "IVD",
"id": "9844DE6A-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-80784",
"trust": 0.1
},
{
"db": "ICS CERT",
"id": "ICSA-15-099-01E",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-2823",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "VULHUB",
"id": "VHN-80784"
},
{
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"db": "BID",
"id": "74040"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
},
{
"db": "NVD",
"id": "CVE-2015-2823"
}
]
},
"id": "VAR-201504-0235",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "VULHUB",
"id": "VHN-80784"
}
],
"trust": 1.8226849
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
}
]
},
"last_update_date": "2025-04-13T23:09:55.643000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-487246",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf"
},
{
"title": "Siemens SIMATIC and SIMATIC WinCC HMI Comfort Panels verify patches for bypassing vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/57127"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2015/08/31/ruskie_ics_hacker_drops_nine_holes_in_popular_siemens_power_plant_kit/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80784"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "NVD",
"id": "CVE-2015-2823"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2823"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/74040"
},
{
"trust": 1.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2823"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-099-01"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.theregister.co.uk/2015/08/31/ruskie_ics_hacker_drops_nine_holes_in_popular_siemens_power_plant_kit/"
},
{
"trust": 0.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-099-01e"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "VULHUB",
"id": "VHN-80784"
},
{
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"db": "BID",
"id": "74040"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
},
{
"db": "NVD",
"id": "CVE-2015-2823"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"db": "VULHUB",
"id": "VHN-80784"
},
{
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"db": "BID",
"id": "74040"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
},
{
"db": "NVD",
"id": "CVE-2015-2823"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-10T00:00:00",
"db": "IVD",
"id": "344280cb-0461-40fa-a3c6-537ff0ce4aff"
},
{
"date": "2015-04-10T00:00:00",
"db": "IVD",
"id": "9844de6a-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"date": "2015-04-08T00:00:00",
"db": "VULHUB",
"id": "VHN-80784"
},
{
"date": "2015-04-08T00:00:00",
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"date": "2015-04-10T00:00:00",
"db": "BID",
"id": "74040"
},
{
"date": "2015-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"date": "2015-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-097"
},
{
"date": "2015-04-08T16:59:01.270000",
"db": "NVD",
"id": "CVE-2015-2823"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02291"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-80784"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULMON",
"id": "CVE-2015-2823"
},
{
"date": "2015-11-03T19:21:00",
"db": "BID",
"id": "74040"
},
{
"date": "2015-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002126"
},
{
"date": "2015-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-097"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-2823"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SIMATIC HMI Products and SIMATIC WinCC Vulnerabilities that complete authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002126"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-097"
}
],
"trust": 0.6
}
}
VAR-201504-0234
Vulnerability from variot - Updated: 2025-04-13 23:09Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A port that can cause a denial of service attack. Multiple Siemens SIMATIC products are prone to a denial-of-service vulnerability. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. Siemens SIMATIC HMI Comfort Panels and SIMATIC WinCC Runtime Advanced are HMI software for controlling and monitoring machines and equipment from Siemens, Germany
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0234",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "13.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "*"
},
{
"model": "simatic hmi comfort panels",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "runtime advanced 13 sp1 upd2"
},
{
"model": "simatic hmi comfort panels before wincc sp1 upd2",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc runtime advanced sp1 upd2",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "13"
},
{
"model": "wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "13.0"
}
],
"sources": [
{
"db": "IVD",
"id": "984ee090-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "cda955ed-285a-41f6-a455-3a71c5e4729a"
},
{
"db": "CNVD",
"id": "CNVD-2015-02292"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002125"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-096"
},
{
"db": "NVD",
"id": "CVE-2015-2822"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:siemens:simatic_hmi_comfort_panels",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002125"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Quarkslab team and Ilya Karpov from Positive Technologies.",
"sources": [
{
"db": "BID",
"id": "74028"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2822",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-2822",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-02292",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "984ee090-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "cda955ed-285a-41f6-a455-3a71c5e4729a",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-80783",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2822",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-2822",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-02292",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-096",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "984ee090-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "cda955ed-285a-41f6-a455-3a71c5e4729a",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-80783",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "984ee090-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "cda955ed-285a-41f6-a455-3a71c5e4729a"
},
{
"db": "CNVD",
"id": "CNVD-2015-02292"
},
{
"db": "VULHUB",
"id": "VHN-80783"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002125"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-096"
},
{
"db": "NVD",
"id": "CVE-2015-2822"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A port that can cause a denial of service attack. Multiple Siemens SIMATIC products are prone to a denial-of-service vulnerability. \nRemote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. Siemens SIMATIC HMI Comfort Panels and SIMATIC WinCC Runtime Advanced are HMI software for controlling and monitoring machines and equipment from Siemens, Germany",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2822"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002125"
},
{
"db": "CNVD",
"id": "CNVD-2015-02292"
},
{
"db": "BID",
"id": "74028"
},
{
"db": "IVD",
"id": "984ee090-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "cda955ed-285a-41f6-a455-3a71c5e4729a"
},
{
"db": "VULHUB",
"id": "VHN-80783"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2822",
"trust": 3.8
},
{
"db": "BID",
"id": "74028",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-487246",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201504-096",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2015-02292",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSA-15-099-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002125",
"trust": 0.8
},
{
"db": "IVD",
"id": "984EE090-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "CDA955ED-285A-41F6-A455-3A71C5E4729A",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-80783",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "984ee090-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "cda955ed-285a-41f6-a455-3a71c5e4729a"
},
{
"db": "CNVD",
"id": "CNVD-2015-02292"
},
{
"db": "VULHUB",
"id": "VHN-80783"
},
{
"db": "BID",
"id": "74028"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002125"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-096"
},
{
"db": "NVD",
"id": "CVE-2015-2822"
}
]
},
"id": "VAR-201504-0234",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "984ee090-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "cda955ed-285a-41f6-a455-3a71c5e4729a"
},
{
"db": "CNVD",
"id": "CNVD-2015-02292"
},
{
"db": "VULHUB",
"id": "VHN-80783"
}
],
"trust": 1.6778299
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "984ee090-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "cda955ed-285a-41f6-a455-3a71c5e4729a"
},
{
"db": "CNVD",
"id": "CNVD-2015-02292"
}
]
},
"last_update_date": "2025-04-13T23:09:55.595000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-487246",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf"
},
{
"title": "Patch for Siemens SIMATIC and SIMATIC WinCC HMI Comfort Panels denial of service vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/57131"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02292"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002125"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80783"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002125"
},
{
"db": "NVD",
"id": "CVE-2015-2822"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2822"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/74028"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2822"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-099-01"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02292"
},
{
"db": "VULHUB",
"id": "VHN-80783"
},
{
"db": "BID",
"id": "74028"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002125"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-096"
},
{
"db": "NVD",
"id": "CVE-2015-2822"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "984ee090-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "cda955ed-285a-41f6-a455-3a71c5e4729a"
},
{
"db": "CNVD",
"id": "CNVD-2015-02292"
},
{
"db": "VULHUB",
"id": "VHN-80783"
},
{
"db": "BID",
"id": "74028"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002125"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-096"
},
{
"db": "NVD",
"id": "CVE-2015-2822"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-10T00:00:00",
"db": "IVD",
"id": "984ee090-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-04-10T00:00:00",
"db": "IVD",
"id": "cda955ed-285a-41f6-a455-3a71c5e4729a"
},
{
"date": "2015-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02292"
},
{
"date": "2015-04-08T00:00:00",
"db": "VULHUB",
"id": "VHN-80783"
},
{
"date": "2015-04-09T00:00:00",
"db": "BID",
"id": "74028"
},
{
"date": "2015-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002125"
},
{
"date": "2015-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-096"
},
{
"date": "2015-04-08T16:59:00.067000",
"db": "NVD",
"id": "CVE-2015-2822"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02292"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-80783"
},
{
"date": "2015-10-26T16:22:00",
"db": "BID",
"id": "74028"
},
{
"date": "2015-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002125"
},
{
"date": "2015-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-096"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-2822"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-096"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC HMI Comfort Panels and SIMATIC WinCC Runtime Advanced Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002125"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "984ee090-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "cda955ed-285a-41f6-a455-3a71c5e4729a"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-096"
}
],
"trust": 1.0
}
}
VAR-201411-0460
Vulnerability from variot - Updated: 2025-04-13 23:04The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. Siemens SIMATIC WinCC, SIMATIC PCS 7 and TIA Portal (Botu) are all industrial automation products of German Siemens (Siemens). SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC; TIA Portal is a software platform that can quickly develop and debug automation systems. WinCC server is an option for it, which can operate multiple operating systems and monitoring stations in the network connected to the automation system. There are security vulnerabilities in the WinCC server of several Siemens products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0460",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 3.2,
"vendor": "simatic wincc",
"version": "7.2"
},
{
"model": null,
"scope": "eq",
"trust": 1.6,
"vendor": "simatic wincc",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic pcs 7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.2"
},
{
"model": null,
"scope": "eq",
"trust": 1.2,
"vendor": "simatic tiaportal",
"version": "13.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "7.3"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.1"
},
{
"model": "simatic tiaportal",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "13.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "simatic pcs7",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "7.3 update 2"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "7.2 update 9"
},
{
"model": "simatic pcs 7",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "7.1 to 7.1 sp4"
},
{
"model": "simatic pcs 7",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "8.0 to 8.0 sp2"
},
{
"model": "totally integrated automation portal",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.3"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic pcs 7",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "8.1"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 to 7.0 sp3"
},
{
"model": "totally integrated automation portal",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "13 update 6"
},
{
"model": "wincc 7.0-sp3",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "wincc (\u003cupdate",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.29)"
},
{
"model": "wincc (\u003cupdate",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.32)"
},
{
"model": "simatic pcs 7.1-sp4",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7"
},
{
"model": "simatic pcs 8.0-sp2",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "78.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "simatic pcs7",
"version": "8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "simatic pcs 7",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "simatic wincc",
"version": "7.3"
}
],
"sources": [
{
"db": "IVD",
"id": "b4bc03b6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "633e044b-7adf-4adf-9ca1-7d68e531ed2f"
},
{
"db": "CNVD",
"id": "CNVD-2014-08594"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005645"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-501"
},
{
"db": "NVD",
"id": "CVE-2014-8552"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_pcs_7",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_tiaportal",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005645"
}
]
},
"cve": "CVE-2014-8552",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-8552",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-08594",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "b4bc03b6-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "633e044b-7adf-4adf-9ca1-7d68e531ed2f",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-76497",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-8552",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-8552",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-08594",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201411-501",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "b4bc03b6-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "633e044b-7adf-4adf-9ca1-7d68e531ed2f",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-76497",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b4bc03b6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "633e044b-7adf-4adf-9ca1-7d68e531ed2f"
},
{
"db": "CNVD",
"id": "CNVD-2014-08594"
},
{
"db": "VULHUB",
"id": "VHN-76497"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005645"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-501"
},
{
"db": "NVD",
"id": "CVE-2014-8552"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. Siemens SIMATIC WinCC, SIMATIC PCS 7 and TIA Portal (Botu) are all industrial automation products of German Siemens (Siemens). SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC; TIA Portal is a software platform that can quickly develop and debug automation systems. WinCC server is an option for it, which can operate multiple operating systems and monitoring stations in the network connected to the automation system. There are security vulnerabilities in the WinCC server of several Siemens products",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8552"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005645"
},
{
"db": "CNVD",
"id": "CNVD-2014-08594"
},
{
"db": "IVD",
"id": "b4bc03b6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "633e044b-7adf-4adf-9ca1-7d68e531ed2f"
},
{
"db": "VULHUB",
"id": "VHN-76497"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8552",
"trust": 3.5
},
{
"db": "SIEMENS",
"id": "SSA-134508",
"trust": 2.3
},
{
"db": "CNNVD",
"id": "CNNVD-201411-501",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2014-08594",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSA-14-329-02",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005645",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "60068",
"trust": 0.6
},
{
"db": "IVD",
"id": "B4BC03B6-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "633E044B-7ADF-4ADF-9CA1-7D68E531ED2F",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-76497",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b4bc03b6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "633e044b-7adf-4adf-9ca1-7d68e531ed2f"
},
{
"db": "CNVD",
"id": "CNVD-2014-08594"
},
{
"db": "VULHUB",
"id": "VHN-76497"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005645"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-501"
},
{
"db": "NVD",
"id": "CVE-2014-8552"
}
]
},
"id": "VAR-201411-0460",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b4bc03b6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "633e044b-7adf-4adf-9ca1-7d68e531ed2f"
},
{
"db": "CNVD",
"id": "CNVD-2014-08594"
},
{
"db": "VULHUB",
"id": "VHN-76497"
}
],
"trust": 1.7048571666666668
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "b4bc03b6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "633e044b-7adf-4adf-9ca1-7d68e531ed2f"
},
{
"db": "CNVD",
"id": "CNVD-2014-08594"
}
]
},
"last_update_date": "2025-04-13T23:04:40.410000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-134508",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-134508.pdf"
},
{
"title": "Patch for Siemens SIMATIC WinCC/PCS 7 directory traversal vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/52283"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08594"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005645"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76497"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005645"
},
{
"db": "NVD",
"id": "CVE-2014-8552"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-134508.pdf"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8552"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8552"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-329-02"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/60068"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08594"
},
{
"db": "VULHUB",
"id": "VHN-76497"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005645"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-501"
},
{
"db": "NVD",
"id": "CVE-2014-8552"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b4bc03b6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "633e044b-7adf-4adf-9ca1-7d68e531ed2f"
},
{
"db": "CNVD",
"id": "CNVD-2014-08594"
},
{
"db": "VULHUB",
"id": "VHN-76497"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005645"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-501"
},
{
"db": "NVD",
"id": "CVE-2014-8552"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-01T00:00:00",
"db": "IVD",
"id": "b4bc03b6-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-12-01T00:00:00",
"db": "IVD",
"id": "633e044b-7adf-4adf-9ca1-7d68e531ed2f"
},
{
"date": "2014-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08594"
},
{
"date": "2014-11-26T00:00:00",
"db": "VULHUB",
"id": "VHN-76497"
},
{
"date": "2014-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005645"
},
{
"date": "2014-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-501"
},
{
"date": "2014-11-26T11:59:01.373000",
"db": "NVD",
"id": "CVE-2014-8552"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08594"
},
{
"date": "2014-11-26T00:00:00",
"db": "VULHUB",
"id": "VHN-76497"
},
{
"date": "2014-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005645"
},
{
"date": "2014-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-501"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-8552"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-501"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC/PCS 7 Directory Traversal Vulnerability",
"sources": [
{
"db": "IVD",
"id": "b4bc03b6-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "633e044b-7adf-4adf-9ca1-7d68e531ed2f"
},
{
"db": "CNVD",
"id": "CNVD-2014-08594"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-501"
}
],
"trust": 0.6
}
}
VAR-201411-0459
Vulnerability from variot - Updated: 2025-04-13 23:04The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. Siemens SIMATIC WinCC, SIMATIC PCS 7 and TIA Portal (Botu) are all industrial automation products of German Siemens (Siemens). SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC; TIA Portal is a software platform that can quickly develop and debug automation systems. WinCC server is an option for it, which can operate multiple operating systems and monitoring stations in the network connected to the automation system. There are security vulnerabilities in the WinCC server of several Siemens products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0459",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": "eq",
"trust": 3.2,
"vendor": "simatic wincc",
"version": "7.2"
},
{
"model": null,
"scope": "eq",
"trust": 1.6,
"vendor": "simatic wincc",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.3"
},
{
"model": "simatic tiaportal",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "13.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "8.1"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.2"
},
{
"model": null,
"scope": "eq",
"trust": 1.2,
"vendor": "simatic tiaportal",
"version": "13.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic pcs 7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "simatic pcs7",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "7.3 update 2"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "7.2 update 9"
},
{
"model": "simatic pcs 7",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "7.1 to 7.1 sp4"
},
{
"model": "simatic pcs 7",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "8.0 to 8.0 sp2"
},
{
"model": "totally integrated automation portal",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.3"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic pcs 7",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "8.1"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 to 7.0 sp3"
},
{
"model": "totally integrated automation portal",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "13 update 6"
},
{
"model": "wincc 7.0-sp3",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "wincc (\u003cupdate",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.29)"
},
{
"model": "wincc (\u003cupdate",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.32)"
},
{
"model": "simatic pcs 7.1-sp4",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7"
},
{
"model": "simatic pcs 8.0-sp2",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "78.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "simatic pcs7",
"version": "8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "simatic pcs 7",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "simatic wincc",
"version": "7.3"
}
],
"sources": [
{
"db": "IVD",
"id": "b4b94e28-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5c884bc4-e541-45c1-9c37-0147460766ff"
},
{
"db": "CNVD",
"id": "CNVD-2014-08593"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005644"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-500"
},
{
"db": "NVD",
"id": "CVE-2014-8551"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_pcs_7",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_tiaportal",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005644"
}
]
},
"cve": "CVE-2014-8551",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-8551",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-08593",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "b4b94e28-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "5c884bc4-e541-45c1-9c37-0147460766ff",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-76496",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-8551",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-8551",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-08593",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201411-500",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "b4b94e28-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "5c884bc4-e541-45c1-9c37-0147460766ff",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-76496",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-8551",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b4b94e28-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5c884bc4-e541-45c1-9c37-0147460766ff"
},
{
"db": "CNVD",
"id": "CNVD-2014-08593"
},
{
"db": "VULHUB",
"id": "VHN-76496"
},
{
"db": "VULMON",
"id": "CVE-2014-8551"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005644"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-500"
},
{
"db": "NVD",
"id": "CVE-2014-8551"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. Siemens SIMATIC WinCC, SIMATIC PCS 7 and TIA Portal (Botu) are all industrial automation products of German Siemens (Siemens). SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC; TIA Portal is a software platform that can quickly develop and debug automation systems. WinCC server is an option for it, which can operate multiple operating systems and monitoring stations in the network connected to the automation system. There are security vulnerabilities in the WinCC server of several Siemens products",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8551"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005644"
},
{
"db": "CNVD",
"id": "CNVD-2014-08593"
},
{
"db": "IVD",
"id": "b4b94e28-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5c884bc4-e541-45c1-9c37-0147460766ff"
},
{
"db": "VULHUB",
"id": "VHN-76496"
},
{
"db": "VULMON",
"id": "CVE-2014-8551"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8551",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-134508",
"trust": 2.4
},
{
"db": "CNNVD",
"id": "CNNVD-201411-500",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2014-08593",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSA-14-329-02",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005644",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "60068",
"trust": 0.6
},
{
"db": "IVD",
"id": "B4B94E28-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "5C884BC4-E541-45C1-9C37-0147460766FF",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-76496",
"trust": 0.1
},
{
"db": "ICS CERT",
"id": "ICSA-14-329-02D",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-8551",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b4b94e28-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5c884bc4-e541-45c1-9c37-0147460766ff"
},
{
"db": "CNVD",
"id": "CNVD-2014-08593"
},
{
"db": "VULHUB",
"id": "VHN-76496"
},
{
"db": "VULMON",
"id": "CVE-2014-8551"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005644"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-500"
},
{
"db": "NVD",
"id": "CVE-2014-8551"
}
]
},
"id": "VAR-201411-0459",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b4b94e28-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5c884bc4-e541-45c1-9c37-0147460766ff"
},
{
"db": "CNVD",
"id": "CNVD-2014-08593"
},
{
"db": "VULHUB",
"id": "VHN-76496"
}
],
"trust": 1.7048571666666668
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "b4b94e28-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5c884bc4-e541-45c1-9c37-0147460766ff"
},
{
"db": "CNVD",
"id": "CNVD-2014-08593"
}
]
},
"last_update_date": "2025-04-13T23:04:40.367000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-134508",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-134508.pdf"
},
{
"title": "Patch for Siemens SIMATIC WinCC/PCS 7 arbitrary code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/52284"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/siemens-patches-wincc-vulnerabilities-likely-being-exploited/109631/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08593"
},
{
"db": "VULMON",
"id": "CVE-2014-8551"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005644"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76496"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005644"
},
{
"db": "NVD",
"id": "CVE-2014-8551"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-134508.pdf"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8551"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8551"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-329-02"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/60068"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/94.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/siemens-patches-wincc-vulnerabilities-likely-being-exploited/109631/"
},
{
"trust": 0.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-329-02d"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08593"
},
{
"db": "VULHUB",
"id": "VHN-76496"
},
{
"db": "VULMON",
"id": "CVE-2014-8551"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005644"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-500"
},
{
"db": "NVD",
"id": "CVE-2014-8551"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b4b94e28-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5c884bc4-e541-45c1-9c37-0147460766ff"
},
{
"db": "CNVD",
"id": "CNVD-2014-08593"
},
{
"db": "VULHUB",
"id": "VHN-76496"
},
{
"db": "VULMON",
"id": "CVE-2014-8551"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005644"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-500"
},
{
"db": "NVD",
"id": "CVE-2014-8551"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-01T00:00:00",
"db": "IVD",
"id": "b4b94e28-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-12-01T00:00:00",
"db": "IVD",
"id": "5c884bc4-e541-45c1-9c37-0147460766ff"
},
{
"date": "2014-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08593"
},
{
"date": "2014-11-26T00:00:00",
"db": "VULHUB",
"id": "VHN-76496"
},
{
"date": "2014-11-26T00:00:00",
"db": "VULMON",
"id": "CVE-2014-8551"
},
{
"date": "2014-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005644"
},
{
"date": "2014-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-500"
},
{
"date": "2014-11-26T11:59:00.093000",
"db": "NVD",
"id": "CVE-2014-8551"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08593"
},
{
"date": "2014-11-26T00:00:00",
"db": "VULHUB",
"id": "VHN-76496"
},
{
"date": "2014-11-26T00:00:00",
"db": "VULMON",
"id": "CVE-2014-8551"
},
{
"date": "2014-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005644"
},
{
"date": "2014-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-500"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-8551"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-500"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC/PCS 7 Arbitrary code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "b4b94e28-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5c884bc4-e541-45c1-9c37-0147460766ff"
},
{
"db": "CNVD",
"id": "CNVD-2014-08593"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code injection",
"sources": [
{
"db": "IVD",
"id": "b4b94e28-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5c884bc4-e541-45c1-9c37-0147460766ff"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-500"
}
],
"trust": 1.0
}
}
VAR-201007-0198
Vulnerability from variot - Updated: 2025-04-11 23:15Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. The Siemens SIMATIC WinCC data uses the built-in user name and password and does not inform the user that it needs to be modified. An attacker can use this information to read database data or inject code into a database. Siemens SIMATIC WinCC is affected by a vulnerability that allows attackers to bypass security. Successfully exploiting this issue may lead to further attacks. ----------------------------------------------------------------------
"From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420."
Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more:
http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf
TITLE: Siemens SIMATIC WinCC Undocumented Database User Account
SECUNIA ADVISORY ID: SA40682
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40682/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40682
RELEASE DATE: 2010-07-24
DISCUSS ADVISORY: http://secunia.com/advisories/40682/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/40682/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40682
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A security issue has been reported in Siemens SIMATIC WinCC, which can be exploited by malicious people to gain unauthorised access.
SOLUTION: Restrict network access to the database to trusted users only.
PROVIDED AND/OR DISCOVERED BY: Discovered in the wild.
ORIGINAL ADVISORY: http://www.wilderssecurity.com/showpost.php?p=1712134&postcount=22 http://www.f-secure.com/weblog/archives/00001987.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201007-0198",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic wincc",
"scope": "eq",
"trust": 2.5,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "simatic pcs 7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "simatic pcs 7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.1"
},
{
"model": "simatic pcs 7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic pcs 7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 1.2,
"vendor": "simatic pcs 7",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 1.2,
"vendor": "simatic pcs 7",
"version": "7.1"
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "simatic pcs 7",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic wincc",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic wincc",
"version": "6.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic wincc",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs 7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs 7",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic pcs 7",
"version": "6.1"
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic pcs 7",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
}
],
"sources": [
{
"db": "IVD",
"id": "06a89dde-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70cfdf-463f-11e9-ad83-000c29342cb1"
},
{
"db": "IVD",
"id": "407e95f0-1fb3-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2010-1369"
},
{
"db": "BID",
"id": "41753"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001829"
},
{
"db": "CNNVD",
"id": "CNNVD-201007-241"
},
{
"db": "NVD",
"id": "CVE-2010-2772"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens",
"sources": [
{
"db": "BID",
"id": "41753"
}
],
"trust": 0.3
},
"cve": "CVE-2010-2772",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2010-2772",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "06a89dde-2356-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "7d70cfdf-463f-11e9-ad83-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "407e95f0-1fb3-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-45377",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2010-2772",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2010-2772",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-2772",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2010-2772",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201007-241",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "06a89dde-2356-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d70cfdf-463f-11e9-ad83-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "407e95f0-1fb3-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-45377",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2010-2772",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "06a89dde-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70cfdf-463f-11e9-ad83-000c29342cb1"
},
{
"db": "IVD",
"id": "407e95f0-1fb3-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-45377"
},
{
"db": "VULMON",
"id": "CVE-2010-2772"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001829"
},
{
"db": "CNNVD",
"id": "CNNVD-201007-241"
},
{
"db": "NVD",
"id": "CVE-2010-2772"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. The Siemens SIMATIC WinCC data uses the built-in user name and password and does not inform the user that it needs to be modified. An attacker can use this information to read database data or inject code into a database. Siemens SIMATIC WinCC is affected by a vulnerability that allows attackers to bypass security. Successfully exploiting this issue may lead to further attacks. ----------------------------------------------------------------------\n\n\n\"From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420.\"\n\nNon-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more:\n\nhttp://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf\n\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens SIMATIC WinCC Undocumented Database User Account\n\nSECUNIA ADVISORY ID:\nSA40682\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/40682/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40682\n\nRELEASE DATE:\n2010-07-24\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/40682/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/40682/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40682\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA security issue has been reported in Siemens SIMATIC WinCC, which\ncan be exploited by malicious people to gain unauthorised access. \n\nSOLUTION:\nRestrict network access to the database to trusted users only. \n\nPROVIDED AND/OR DISCOVERED BY:\nDiscovered in the wild. \n\nORIGINAL ADVISORY:\nhttp://www.wilderssecurity.com/showpost.php?p=1712134\u0026postcount=22\nhttp://www.f-secure.com/weblog/archives/00001987.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2772"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001829"
},
{
"db": "CNVD",
"id": "CNVD-2010-1369"
},
{
"db": "BID",
"id": "41753"
},
{
"db": "IVD",
"id": "06a89dde-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70cfdf-463f-11e9-ad83-000c29342cb1"
},
{
"db": "IVD",
"id": "407e95f0-1fb3-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-45377"
},
{
"db": "VULMON",
"id": "CVE-2010-2772"
},
{
"db": "PACKETSTORM",
"id": "92130"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-2772",
"trust": 4.3
},
{
"db": "BID",
"id": "41753",
"trust": 2.9
},
{
"db": "SECUNIA",
"id": "40682",
"trust": 2.1
},
{
"db": "ICS CERT",
"id": "ICSA-12-205-01",
"trust": 2.0
},
{
"db": "VUPEN",
"id": "ADV-2010-1893",
"trust": 1.9
},
{
"db": "CNNVD",
"id": "CNNVD-201007-241",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2010-1369",
"trust": 1.0
},
{
"db": "XF",
"id": "60587",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001829",
"trust": 0.8
},
{
"db": "IVD",
"id": "06A89DDE-2356-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D70CFDF-463F-11E9-AD83-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "407E95F0-1FB3-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-45377",
"trust": 0.1
},
{
"db": "VUPEN",
"id": "2010/1893",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2010-2772",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "92130",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "06a89dde-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70cfdf-463f-11e9-ad83-000c29342cb1"
},
{
"db": "IVD",
"id": "407e95f0-1fb3-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2010-1369"
},
{
"db": "VULHUB",
"id": "VHN-45377"
},
{
"db": "VULMON",
"id": "CVE-2010-2772"
},
{
"db": "BID",
"id": "41753"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001829"
},
{
"db": "PACKETSTORM",
"id": "92130"
},
{
"db": "CNNVD",
"id": "CNNVD-201007-241"
},
{
"db": "NVD",
"id": "CVE-2010-2772"
}
]
},
"id": "VAR-201007-0198",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "06a89dde-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70cfdf-463f-11e9-ad83-000c29342cb1"
},
{
"db": "IVD",
"id": "407e95f0-1fb3-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2010-1369"
},
{
"db": "VULHUB",
"id": "VHN-45377"
}
],
"trust": 1.9286399
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "IVD",
"id": "06a89dde-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70cfdf-463f-11e9-ad83-000c29342cb1"
},
{
"db": "IVD",
"id": "407e95f0-1fb3-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2010-1369"
}
]
},
"last_update_date": "2025-04-11T23:15:38.428000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Product\u00a0Support",
"trust": 0.8,
"url": "http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo\u0026aktprim=0\u0026siteid=cseus\u0026lang=en\u0026siteid=cseus\u0026groupid=4000003\u0026groupid=4000003\u0026groupid=4000003\u0026extranet=standard\u0026viewreg=WW\u0026nodeid0=10805583"
},
{
"title": "Siemens SIMATIC WinCC default password security bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/81338"
},
{
"title": "win32-stuxnet",
"trust": 0.1,
"url": "https://github.com/uraninite/win32-stuxnet "
},
{
"title": "welivesecurity",
"trust": 0.1,
"url": "https://www.welivesecurity.com/2016/06/07/infrastructure-attacks-next-generation/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/kelihos-update-includes-new-tld-and-usb-infection-capabilities-121112/77299/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1369"
},
{
"db": "VULMON",
"id": "CVE-2010-2772"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001829"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Use hard-coded credentials (CWE-798) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-255",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-45377"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001829"
},
{
"db": "NVD",
"id": "CVE-2010-2772"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.securityfocus.com/bid/41753"
},
{
"trust": 2.0,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-12-205-01"
},
{
"trust": 2.0,
"url": "http://secunia.com/advisories/40682"
},
{
"trust": 2.0,
"url": "http://www.vupen.com/english/advisories/2010/1893"
},
{
"trust": 1.8,
"url": "http://www.sea.siemens.com/us/news/industrial/pages/wincc_update.aspx"
},
{
"trust": 1.8,
"url": "http://infoworld.com/d/security-central/new-weaponized-virus-targets-industrial-secrets-725"
},
{
"trust": 1.8,
"url": "http://infoworld.com/d/security-central/siemens-warns-users-dont-change-passwords-after-worm-attack-915?sourcefssr"
},
{
"trust": 1.8,
"url": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/"
},
{
"trust": 1.8,
"url": "http://www.wired.com/threatlevel/2010/07/siemens-scada/"
},
{
"trust": 1.7,
"url": "http://www.automation.siemens.com/forum/guests/postshow.aspx?postid=16127\u002616127\u0026language=en\u0026pageindex=1"
},
{
"trust": 1.4,
"url": "http://support.automation.siemens.com/ww/llisapi.dll?func=cslib.csinfo\u0026lang=en\u0026objid=43876783\u0026caller=viewhttp://support.automation.siemens.com/ww/llisapi.dll?func=cslib.csinfo\u0026lang=en\u0026objid=43876783\u0026c"
},
{
"trust": 1.3,
"url": "http://www.f-secure.com/weblog/archives/00001987.html"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60587"
},
{
"trust": 1.2,
"url": "http://www.wilderssecurity.com/showpost.php?p=1712134\u0026postcount=22"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2772"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/60587"
},
{
"trust": 0.6,
"url": "http://it.slashdot.org/comments.pl?sid=1721020"
},
{
"trust": 0.3,
"url": "http://it.slashdot.org/comments.pl?sid=1721020\u0026cid=32920758"
},
{
"trust": 0.3,
"url": "http://aunz.siemens.com/newscentre/productreleases/pages/iac_pr_simaticwinccv62.aspx"
},
{
"trust": 0.3,
"url": "https://www.automation.siemens.com/forum/guests/postshow.aspx?postid=16127\u0026language=en\u0026pageindex=2"
},
{
"trust": 0.1,
"url": "http://support.automation.siemens.com/ww/llisapi.dll?func=cslib.csinfo\u0026amp;lang=en\u0026amp;objid=43876783\u0026amp;caller=viewhttp://support.automation.siemens.com/ww/llisapi.dll?func=cslib.csinfo\u0026amp;lang=en\u0026amp;objid=43876783\u0026amp;c"
},
{
"trust": 0.1,
"url": "http://www.automation.siemens.com/forum/guests/postshow.aspx?postid=16127\u0026amp;16127\u0026amp;language=en\u0026amp;pageindex=1"
},
{
"trust": 0.1,
"url": "http://www.wilderssecurity.com/showpost.php?p=1712134\u0026amp;postcount=22"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://github.com/uraninite/win32-stuxnet"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=20969"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/kelihos-update-includes-new-tld-and-usb-infection-capabilities-121112/77299/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=40682"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/40682/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/40682/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/gfx/pdf/secunia_half_year_report_2010.pdf"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-1369"
},
{
"db": "VULHUB",
"id": "VHN-45377"
},
{
"db": "VULMON",
"id": "CVE-2010-2772"
},
{
"db": "BID",
"id": "41753"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001829"
},
{
"db": "PACKETSTORM",
"id": "92130"
},
{
"db": "CNNVD",
"id": "CNNVD-201007-241"
},
{
"db": "NVD",
"id": "CVE-2010-2772"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "06a89dde-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70cfdf-463f-11e9-ad83-000c29342cb1"
},
{
"db": "IVD",
"id": "407e95f0-1fb3-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2010-1369"
},
{
"db": "VULHUB",
"id": "VHN-45377"
},
{
"db": "VULMON",
"id": "CVE-2010-2772"
},
{
"db": "BID",
"id": "41753"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001829"
},
{
"db": "PACKETSTORM",
"id": "92130"
},
{
"db": "CNNVD",
"id": "CNNVD-201007-241"
},
{
"db": "NVD",
"id": "CVE-2010-2772"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-07-23T00:00:00",
"db": "IVD",
"id": "06a89dde-2356-11e6-abef-000c29c66e3d"
},
{
"date": "2010-07-18T00:00:00",
"db": "IVD",
"id": "7d70cfdf-463f-11e9-ad83-000c29342cb1"
},
{
"date": "2010-07-18T00:00:00",
"db": "IVD",
"id": "407e95f0-1fb3-11e6-abef-000c29c66e3d"
},
{
"date": "2010-07-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1369"
},
{
"date": "2010-07-22T00:00:00",
"db": "VULHUB",
"id": "VHN-45377"
},
{
"date": "2010-07-22T00:00:00",
"db": "VULMON",
"id": "CVE-2010-2772"
},
{
"date": "2010-07-16T00:00:00",
"db": "BID",
"id": "41753"
},
{
"date": "2010-08-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001829"
},
{
"date": "2010-07-26T12:08:47",
"db": "PACKETSTORM",
"id": "92130"
},
{
"date": "2010-07-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201007-241"
},
{
"date": "2010-07-22T05:43:58.250000",
"db": "NVD",
"id": "CVE-2010-2772"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-1369"
},
{
"date": "2017-08-17T00:00:00",
"db": "VULHUB",
"id": "VHN-45377"
},
{
"date": "2017-08-17T00:00:00",
"db": "VULMON",
"id": "CVE-2010-2772"
},
{
"date": "2015-03-19T09:27:00",
"db": "BID",
"id": "41753"
},
{
"date": "2024-03-01T04:05:00",
"db": "JVNDB",
"id": "JVNDB-2010-001829"
},
{
"date": "2010-07-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201007-241"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2010-2772"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201007-241"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC Default Password Security Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d70cfdf-463f-11e9-ad83-000c29342cb1"
},
{
"db": "IVD",
"id": "407e95f0-1fb3-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2010-1369"
},
{
"db": "BID",
"id": "41753"
}
],
"trust": 1.3
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trust management",
"sources": [
{
"db": "IVD",
"id": "06a89dde-2356-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d70cfdf-463f-11e9-ad83-000c29342cb1"
},
{
"db": "IVD",
"id": "407e95f0-1fb3-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201007-241"
}
],
"trust": 1.2
}
}
VAR-201206-0071
Vulnerability from variot - Updated: 2025-04-11 23:04Multiple cross-site scripting (XSS) vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors involving special characters in parameters. WinCC flexible is a human-machine interface for use in some machine or process applications. Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible.
The vulnerability is caused due to an input sanitisation error within the DiagAgent web server and can be exploited to cause a buffer overflow and crash the DiagAgent.
Successful exploitation requires the DiagAgent web server to be enabled (disabled by default). ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA49341
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49341/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
RELEASE DATE: 2012-06-07
DISCUSS ADVISORY: http://secunia.com/advisories/49341/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49341/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A weakness and some vulnerabilities have been reported in Siemens SIMATIC WinCC, which can be exploited by malicious users to disclose potentially sensitive information and system information and manipulate certain data and by malicious people to conduct spoofing and cross-site scripting attacks.
1) Certain input passed via URL parameters to two unspecified web applications is not properly sanitised before being used to construct a XPath query for XML data. This can be exploited to manipulate XPath queries by injecting arbitrary XPath code and e.g. read or write certain system settings.
2) Certain input passed via a filename to two unspecified web applications is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences.
3) Certain input passed to two unspecified web applications is not properly sanitised before being returned to the user.
4) Certain input is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.
The weakness and the vulnerabilities are reported in version 7.0 SP3.
SOLUTION: Apply "Update 2" (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: 1-3) The vendor credits Gleb Gritsai, Alexander Zaitsev, Sergey Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, and Andrey Medov, Positive Technologies. 4) Reported by the vendor.
ORIGINAL ADVISORY: Siemens: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf
ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0071",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc sp3",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "update 2"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.0"
}
],
"sources": [
{
"db": "IVD",
"id": "c4cebbde-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3211"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002658"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-084"
},
{
"db": "NVD",
"id": "CVE-2012-2595"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002658"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gleb Gritsai, Alexander Zaitsev, Sergey Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, Andrey Medov and Siemens",
"sources": [
{
"db": "BID",
"id": "53837"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-084"
}
],
"trust": 0.9
},
"cve": "CVE-2012-2595",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2012-2595",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "c4cebbde-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-55876",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-2595",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-2595",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201206-084",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c4cebbde-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-55876",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c4cebbde-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-55876"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002658"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-084"
},
{
"db": "NVD",
"id": "CVE-2012-2595"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors involving special characters in parameters. WinCC flexible is a human-machine interface for use in some machine or process applications. Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible. \n\nThe vulnerability is caused due to an input sanitisation error within\nthe DiagAgent web server and can be exploited to cause a buffer\noverflow and crash the DiagAgent. \n\nSuccessful exploitation requires the DiagAgent web server to be\nenabled (disabled by default). ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens SIMATIC WinCC Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA49341\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49341/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341\n\nRELEASE DATE:\n2012-06-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49341/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49341/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA weakness and some vulnerabilities have been reported in Siemens\nSIMATIC WinCC, which can be exploited by malicious users to disclose\npotentially sensitive information and system information and\nmanipulate certain data and by malicious people to conduct spoofing\nand cross-site scripting attacks. \n\n1) Certain input passed via URL parameters to two unspecified web\napplications is not properly sanitised before being used to construct\na XPath query for XML data. This can be exploited to manipulate XPath\nqueries by injecting arbitrary XPath code and e.g. read or write\ncertain system settings. \n\n2) Certain input passed via a filename to two unspecified web\napplications is not properly verified before being used to display\nfiles. This can be exploited to disclose the contents of arbitrary\nfiles via directory traversal sequences. \n\n3) Certain input passed to two unspecified web applications is not\nproperly sanitised before being returned to the user. \n\n4) Certain input is not properly verified before being used to\nredirect users. This can be exploited to redirect a user to an\narbitrary website e.g. when a user clicks a specially crafted link to\nthe affected script hosted on a trusted domain. \n\nThe weakness and the vulnerabilities are reported in version 7.0 SP3. \n\nSOLUTION:\nApply \"Update 2\" (please see the vendor\u0027s advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\n1-3) The vendor credits Gleb Gritsai, Alexander Zaitsev, Sergey\nScherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis\nBaranov, and Andrey Medov, Positive Technologies. \n4) Reported by the vendor. \n\nORIGINAL ADVISORY:\nSiemens:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf\n\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2595"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002658"
},
{
"db": "CNVD",
"id": "CNVD-2012-3211"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "IVD",
"id": "c4cebbde-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-55876"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-2595",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-158-01",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-223158",
"trust": 1.9
},
{
"db": "CNNVD",
"id": "CNNVD-201206-084",
"trust": 0.9
},
{
"db": "BID",
"id": "53837",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "49341",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-3211",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002658",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "19751",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "49359",
"trust": 0.3
},
{
"db": "IVD",
"id": "C4CEBBDE-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-55876",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113374",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113371",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c4cebbde-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3211"
},
{
"db": "VULHUB",
"id": "VHN-55876"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002658"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-084"
},
{
"db": "NVD",
"id": "CVE-2012-2595"
}
]
},
"id": "VAR-201206-0071",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c4cebbde-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3211"
},
{
"db": "VULHUB",
"id": "VHN-55876"
}
],
"trust": 1.6009954333333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c4cebbde-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3211"
}
]
},
"last_update_date": "2025-04-11T23:04:13.791000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-223158: Multiple Vulnerabilities in WinCC 7.0 SP3",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens WinCC Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/18131"
},
{
"title": "Update 2 for WinCC V7.0 SP3 und WinCC V7.0 SP3 ASIA",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=43310"
},
{
"title": "Update 2 for WinCC V7.0 SP3 und WinCC V7.0 SP3 ASIA",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=43309"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3211"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002658"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-084"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55876"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002658"
},
{
"db": "NVD",
"id": "CVE-2012-2595"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-158-01.pdf"
},
{
"trust": 1.9,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2595"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2595"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/49341"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/53837"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19751"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/pages/default.aspx"
},
{
"trust": 0.2,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49359/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49359/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49359"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49341/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49341/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3211"
},
{
"db": "VULHUB",
"id": "VHN-55876"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002658"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-084"
},
{
"db": "NVD",
"id": "CVE-2012-2595"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c4cebbde-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3211"
},
{
"db": "VULHUB",
"id": "VHN-55876"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002658"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-084"
},
{
"db": "NVD",
"id": "CVE-2012-2595"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-19T00:00:00",
"db": "IVD",
"id": "c4cebbde-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3211"
},
{
"date": "2012-06-08T00:00:00",
"db": "VULHUB",
"id": "VHN-55876"
},
{
"date": "2012-06-06T00:00:00",
"db": "BID",
"id": "53837"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002658"
},
{
"date": "2012-06-08T07:05:53",
"db": "PACKETSTORM",
"id": "113374"
},
{
"date": "2012-06-08T07:05:43",
"db": "PACKETSTORM",
"id": "113371"
},
{
"date": "2012-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-084"
},
{
"date": "2012-06-08T18:55:02.173000",
"db": "NVD",
"id": "CVE-2012-2595"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3211"
},
{
"date": "2012-06-12T00:00:00",
"db": "VULHUB",
"id": "VHN-55876"
},
{
"date": "2012-06-06T00:00:00",
"db": "BID",
"id": "53837"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002658"
},
{
"date": "2012-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-084"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-2595"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201206-084"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens WinCC Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "c4cebbde-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3211"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-084"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201206-084"
}
],
"trust": 0.6
}
}
VAR-201206-0073
Vulnerability from variot - Updated: 2025-04-11 23:04Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL. WinCC flexible is a human-machine interface for use in some machine or process applications. An attacker can exploit the vulnerability to read arbitrary files. Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible.
The vulnerability is caused due to an input sanitisation error within the DiagAgent web server and can be exploited to cause a buffer overflow and crash the DiagAgent.
Successful exploitation requires the DiagAgent web server to be enabled (disabled by default). ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA49341
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49341/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
RELEASE DATE: 2012-06-07
DISCUSS ADVISORY: http://secunia.com/advisories/49341/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49341/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A weakness and some vulnerabilities have been reported in Siemens SIMATIC WinCC, which can be exploited by malicious users to disclose potentially sensitive information and system information and manipulate certain data and by malicious people to conduct spoofing and cross-site scripting attacks.
1) Certain input passed via URL parameters to two unspecified web applications is not properly sanitised before being used to construct a XPath query for XML data. This can be exploited to manipulate XPath queries by injecting arbitrary XPath code and e.g. read or write certain system settings.
2) Certain input passed via a filename to two unspecified web applications is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences.
3) Certain input passed to two unspecified web applications is not properly sanitised before being returned to the user.
4) Certain input is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.
The weakness and the vulnerabilities are reported in version 7.0 SP3.
SOLUTION: Apply "Update 2" (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: 1-3) The vendor credits Gleb Gritsai, Alexander Zaitsev, Sergey Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, and Andrey Medov, Positive Technologies. 4) Reported by the vendor.
ORIGINAL ADVISORY: Siemens: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf
ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0073",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc sp3",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "update 2"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.0"
}
],
"sources": [
{
"db": "IVD",
"id": "c4c1d040-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3213"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002660"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-086"
},
{
"db": "NVD",
"id": "CVE-2012-2597"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002660"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gleb Gritsai, Alexander Zaitsev, Sergey Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, Andrey Medov and Siemens",
"sources": [
{
"db": "BID",
"id": "53837"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-086"
}
],
"trust": 0.9
},
"cve": "CVE-2012-2597",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2012-2597",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "c4c1d040-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-55878",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-2597",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-2597",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201206-086",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c4c1d040-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-55878",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c4c1d040-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-55878"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002660"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-086"
},
{
"db": "NVD",
"id": "CVE-2012-2597"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL. WinCC flexible is a human-machine interface for use in some machine or process applications. An attacker can exploit the vulnerability to read arbitrary files. Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible. \n\nThe vulnerability is caused due to an input sanitisation error within\nthe DiagAgent web server and can be exploited to cause a buffer\noverflow and crash the DiagAgent. \n\nSuccessful exploitation requires the DiagAgent web server to be\nenabled (disabled by default). ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens SIMATIC WinCC Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA49341\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49341/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341\n\nRELEASE DATE:\n2012-06-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49341/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49341/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA weakness and some vulnerabilities have been reported in Siemens\nSIMATIC WinCC, which can be exploited by malicious users to disclose\npotentially sensitive information and system information and\nmanipulate certain data and by malicious people to conduct spoofing\nand cross-site scripting attacks. \n\n1) Certain input passed via URL parameters to two unspecified web\napplications is not properly sanitised before being used to construct\na XPath query for XML data. This can be exploited to manipulate XPath\nqueries by injecting arbitrary XPath code and e.g. read or write\ncertain system settings. \n\n2) Certain input passed via a filename to two unspecified web\napplications is not properly verified before being used to display\nfiles. This can be exploited to disclose the contents of arbitrary\nfiles via directory traversal sequences. \n\n3) Certain input passed to two unspecified web applications is not\nproperly sanitised before being returned to the user. \n\n4) Certain input is not properly verified before being used to\nredirect users. This can be exploited to redirect a user to an\narbitrary website e.g. when a user clicks a specially crafted link to\nthe affected script hosted on a trusted domain. \n\nThe weakness and the vulnerabilities are reported in version 7.0 SP3. \n\nSOLUTION:\nApply \"Update 2\" (please see the vendor\u0027s advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\n1-3) The vendor credits Gleb Gritsai, Alexander Zaitsev, Sergey\nScherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis\nBaranov, and Andrey Medov, Positive Technologies. \n4) Reported by the vendor. \n\nORIGINAL ADVISORY:\nSiemens:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf\n\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2597"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002660"
},
{
"db": "CNVD",
"id": "CNVD-2012-3213"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "IVD",
"id": "c4c1d040-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-55878"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-2597",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-158-01",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-223158",
"trust": 1.9
},
{
"db": "CNNVD",
"id": "CNNVD-201206-086",
"trust": 0.9
},
{
"db": "BID",
"id": "53837",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "49341",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-3213",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002660",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "19751",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "49359",
"trust": 0.3
},
{
"db": "IVD",
"id": "C4C1D040-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-55878",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113374",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113371",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c4c1d040-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3213"
},
{
"db": "VULHUB",
"id": "VHN-55878"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002660"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-086"
},
{
"db": "NVD",
"id": "CVE-2012-2597"
}
]
},
"id": "VAR-201206-0073",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c4c1d040-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3213"
},
{
"db": "VULHUB",
"id": "VHN-55878"
}
],
"trust": 1.6009954333333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c4c1d040-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3213"
}
]
},
"last_update_date": "2025-04-11T23:04:13.743000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-223158: Multiple Vulnerabilities in WinCC 7.0 SP3",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for the Siemens WinCC Directory Traversal Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/18133"
},
{
"title": "Update 2 for WinCC V7.0 SP3 und WinCC V7.0 SP3 ASIA",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=43310"
},
{
"title": "Update 2 for WinCC V7.0 SP3 und WinCC V7.0 SP3 ASIA",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=43309"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3213"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002660"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-086"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55878"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002660"
},
{
"db": "NVD",
"id": "CVE-2012-2597"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-158-01.pdf"
},
{
"trust": 1.9,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2597"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2597"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/49341"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/53837"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19751"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/pages/default.aspx"
},
{
"trust": 0.2,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49359/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49359/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49359"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49341/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49341/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3213"
},
{
"db": "VULHUB",
"id": "VHN-55878"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002660"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-086"
},
{
"db": "NVD",
"id": "CVE-2012-2597"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c4c1d040-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3213"
},
{
"db": "VULHUB",
"id": "VHN-55878"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002660"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-086"
},
{
"db": "NVD",
"id": "CVE-2012-2597"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-19T00:00:00",
"db": "IVD",
"id": "c4c1d040-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3213"
},
{
"date": "2012-06-08T00:00:00",
"db": "VULHUB",
"id": "VHN-55878"
},
{
"date": "2012-06-06T00:00:00",
"db": "BID",
"id": "53837"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002660"
},
{
"date": "2012-06-08T07:05:53",
"db": "PACKETSTORM",
"id": "113374"
},
{
"date": "2012-06-08T07:05:43",
"db": "PACKETSTORM",
"id": "113371"
},
{
"date": "2012-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-086"
},
{
"date": "2012-06-08T18:55:02.267000",
"db": "NVD",
"id": "CVE-2012-2597"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3213"
},
{
"date": "2012-06-12T00:00:00",
"db": "VULHUB",
"id": "VHN-55878"
},
{
"date": "2012-06-06T00:00:00",
"db": "BID",
"id": "53837"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002660"
},
{
"date": "2012-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-086"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-2597"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201206-086"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens WinCC Directory Traversal Vulnerability",
"sources": [
{
"db": "IVD",
"id": "c4c1d040-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3213"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-086"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "c4c1d040-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-086"
}
],
"trust": 0.8
}
}
VAR-201206-0115
Vulnerability from variot - Updated: 2025-04-11 23:04Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request. WinCC flexible is a human-machine interface for use in some machine or process applications. Siemens SIMATIC WinCC Flexible does not filter out specially crafted characters when parsing URL parameters, and there is a security hole in implementation. An attacker could exploit a vulnerability to redirect a user to a malicious site. Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible.
The vulnerability is caused due to an input sanitisation error within the DiagAgent web server and can be exploited to cause a buffer overflow and crash the DiagAgent.
Successful exploitation requires the DiagAgent web server to be enabled (disabled by default). ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA49341
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49341/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
RELEASE DATE: 2012-06-07
DISCUSS ADVISORY: http://secunia.com/advisories/49341/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49341/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A weakness and some vulnerabilities have been reported in Siemens SIMATIC WinCC, which can be exploited by malicious users to disclose potentially sensitive information and system information and manipulate certain data and by malicious people to conduct spoofing and cross-site scripting attacks.
1) Certain input passed via URL parameters to two unspecified web applications is not properly sanitised before being used to construct a XPath query for XML data. This can be exploited to manipulate XPath queries by injecting arbitrary XPath code and e.g. read or write certain system settings.
2) Certain input passed via a filename to two unspecified web applications is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences.
3) Certain input passed to two unspecified web applications is not properly sanitised before being returned to the user.
4) Certain input is not properly verified before being used to redirect users. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.
The weakness and the vulnerabilities are reported in version 7.0 SP3.
SOLUTION: Apply "Update 2" (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: 1-3) The vendor credits Gleb Gritsai, Alexander Zaitsev, Sergey Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, and Andrey Medov, Positive Technologies. 4) Reported by the vendor.
ORIGINAL ADVISORY: Siemens: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf
ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0115",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc sp3",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "update 2"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.0"
}
],
"sources": [
{
"db": "IVD",
"id": "c4a98de6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3215"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002662"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-088"
},
{
"db": "NVD",
"id": "CVE-2012-3003"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002662"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gleb Gritsai, Alexander Zaitsev, Sergey Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, Andrey Medov and Siemens",
"sources": [
{
"db": "BID",
"id": "53837"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-088"
}
],
"trust": 0.9
},
"cve": "CVE-2012-3003",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2012-3003",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "c4a98de6-2353-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-56284",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-3003",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-3003",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201206-088",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c4a98de6-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-56284",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c4a98de6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-56284"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002662"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-088"
},
{
"db": "NVD",
"id": "CVE-2012-3003"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request. WinCC flexible is a human-machine interface for use in some machine or process applications. Siemens SIMATIC WinCC Flexible does not filter out specially crafted characters when parsing URL parameters, and there is a security hole in implementation. An attacker could exploit a vulnerability to redirect a user to a malicious site. Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible. \n\nThe vulnerability is caused due to an input sanitisation error within\nthe DiagAgent web server and can be exploited to cause a buffer\noverflow and crash the DiagAgent. \n\nSuccessful exploitation requires the DiagAgent web server to be\nenabled (disabled by default). ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens SIMATIC WinCC Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA49341\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49341/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341\n\nRELEASE DATE:\n2012-06-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49341/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49341/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA weakness and some vulnerabilities have been reported in Siemens\nSIMATIC WinCC, which can be exploited by malicious users to disclose\npotentially sensitive information and system information and\nmanipulate certain data and by malicious people to conduct spoofing\nand cross-site scripting attacks. \n\n1) Certain input passed via URL parameters to two unspecified web\napplications is not properly sanitised before being used to construct\na XPath query for XML data. This can be exploited to manipulate XPath\nqueries by injecting arbitrary XPath code and e.g. read or write\ncertain system settings. \n\n2) Certain input passed via a filename to two unspecified web\napplications is not properly verified before being used to display\nfiles. This can be exploited to disclose the contents of arbitrary\nfiles via directory traversal sequences. \n\n3) Certain input passed to two unspecified web applications is not\nproperly sanitised before being returned to the user. \n\n4) Certain input is not properly verified before being used to\nredirect users. when a user clicks a specially crafted link to\nthe affected script hosted on a trusted domain. \n\nThe weakness and the vulnerabilities are reported in version 7.0 SP3. \n\nSOLUTION:\nApply \"Update 2\" (please see the vendor\u0027s advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\n1-3) The vendor credits Gleb Gritsai, Alexander Zaitsev, Sergey\nScherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis\nBaranov, and Andrey Medov, Positive Technologies. \n4) Reported by the vendor. \n\nORIGINAL ADVISORY:\nSiemens:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf\n\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3003"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002662"
},
{
"db": "CNVD",
"id": "CNVD-2012-3215"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "IVD",
"id": "c4a98de6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-56284"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3003",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-158-01",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-223158",
"trust": 1.9
},
{
"db": "CNNVD",
"id": "CNNVD-201206-088",
"trust": 0.9
},
{
"db": "BID",
"id": "53837",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "49341",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-3215",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002662",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "19751",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "49359",
"trust": 0.3
},
{
"db": "IVD",
"id": "C4A98DE6-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-56284",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113374",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113371",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c4a98de6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3215"
},
{
"db": "VULHUB",
"id": "VHN-56284"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002662"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-088"
},
{
"db": "NVD",
"id": "CVE-2012-3003"
}
]
},
"id": "VAR-201206-0115",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c4a98de6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3215"
},
{
"db": "VULHUB",
"id": "VHN-56284"
}
],
"trust": 1.6009954333333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c4a98de6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3215"
}
]
},
"last_update_date": "2025-04-11T23:04:13.696000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-223158: Multiple Vulnerabilities in WinCC 7.0 SP3",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens WinCC Vulnerability (CNVD-2012-3215)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/18135"
},
{
"title": "Update 2 for WinCC V7.0 SP3 und WinCC V7.0 SP3 ASIA",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=43310"
},
{
"title": "Update 2 for WinCC V7.0 SP3 und WinCC V7.0 SP3 ASIA",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=43309"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3215"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002662"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-088"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56284"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002662"
},
{
"db": "NVD",
"id": "CVE-2012-3003"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-158-01.pdf"
},
{
"trust": 1.9,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3003"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3003"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/49341"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/53837"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19751"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/pages/default.aspx"
},
{
"trust": 0.2,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49359/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49359/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49359"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49341/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49341/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3215"
},
{
"db": "VULHUB",
"id": "VHN-56284"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002662"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-088"
},
{
"db": "NVD",
"id": "CVE-2012-3003"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c4a98de6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3215"
},
{
"db": "VULHUB",
"id": "VHN-56284"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002662"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-088"
},
{
"db": "NVD",
"id": "CVE-2012-3003"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-19T00:00:00",
"db": "IVD",
"id": "c4a98de6-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3215"
},
{
"date": "2012-06-08T00:00:00",
"db": "VULHUB",
"id": "VHN-56284"
},
{
"date": "2012-06-06T00:00:00",
"db": "BID",
"id": "53837"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002662"
},
{
"date": "2012-06-08T07:05:53",
"db": "PACKETSTORM",
"id": "113374"
},
{
"date": "2012-06-08T07:05:43",
"db": "PACKETSTORM",
"id": "113371"
},
{
"date": "2012-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-088"
},
{
"date": "2012-06-08T18:55:02.347000",
"db": "NVD",
"id": "CVE-2012-3003"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3215"
},
{
"date": "2012-06-12T00:00:00",
"db": "VULHUB",
"id": "VHN-56284"
},
{
"date": "2012-06-06T00:00:00",
"db": "BID",
"id": "53837"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002662"
},
{
"date": "2012-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-088"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-3003"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201206-088"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens WinCC of Web Application open redirect vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002662"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "c4a98de6-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-088"
}
],
"trust": 0.8
}
}
VAR-201206-0074
Vulnerability from variot - Updated: 2025-04-11 23:04Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input. WinCC flexible is a human-machine interface for use in some machine or process applications. Siemens SIMATIC WinCC Flexible does not filter out specially crafted characters when parsing URL parameters, and there is a buffer overflow vulnerability in implementation. An attacker could exploit the vulnerability to cause a denial of service. Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible.
Successful exploitation requires the DiagAgent web server to be enabled (disabled by default). ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA49341
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49341/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
RELEASE DATE: 2012-06-07
DISCUSS ADVISORY: http://secunia.com/advisories/49341/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49341/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A weakness and some vulnerabilities have been reported in Siemens SIMATIC WinCC, which can be exploited by malicious users to disclose potentially sensitive information and system information and manipulate certain data and by malicious people to conduct spoofing and cross-site scripting attacks.
1) Certain input passed via URL parameters to two unspecified web applications is not properly sanitised before being used to construct a XPath query for XML data. This can be exploited to manipulate XPath queries by injecting arbitrary XPath code and e.g. read or write certain system settings.
2) Certain input passed via a filename to two unspecified web applications is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences.
3) Certain input passed to two unspecified web applications is not properly sanitised before being returned to the user.
4) Certain input is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.
The weakness and the vulnerabilities are reported in version 7.0 SP3.
SOLUTION: Apply "Update 2" (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: 1-3) The vendor credits Gleb Gritsai, Alexander Zaitsev, Sergey Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, and Andrey Medov, Positive Technologies. 4) Reported by the vendor.
ORIGINAL ADVISORY: Siemens: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf
ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0074",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc sp3",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3 to update 2"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc",
"version": "7.0"
}
],
"sources": [
{
"db": "IVD",
"id": "c4b582fe-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3214"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002661"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-087"
},
{
"db": "NVD",
"id": "CVE-2012-2598"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002661"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gleb Gritsai, Alexander Zaitsev, Sergey Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, Andrey Medov and Siemens",
"sources": [
{
"db": "BID",
"id": "53837"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-087"
}
],
"trust": 0.9
},
"cve": "CVE-2012-2598",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2012-2598",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "c4b582fe-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-55879",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-2598",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-2598",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201206-087",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c4b582fe-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-55879",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c4b582fe-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-55879"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002661"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-087"
},
{
"db": "NVD",
"id": "CVE-2012-2598"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input. WinCC flexible is a human-machine interface for use in some machine or process applications. Siemens SIMATIC WinCC Flexible does not filter out specially crafted characters when parsing URL parameters, and there is a buffer overflow vulnerability in implementation. An attacker could exploit the vulnerability to cause a denial of service. Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible. \n\nSuccessful exploitation requires the DiagAgent web server to be\nenabled (disabled by default). ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens SIMATIC WinCC Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA49341\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49341/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341\n\nRELEASE DATE:\n2012-06-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49341/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49341/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA weakness and some vulnerabilities have been reported in Siemens\nSIMATIC WinCC, which can be exploited by malicious users to disclose\npotentially sensitive information and system information and\nmanipulate certain data and by malicious people to conduct spoofing\nand cross-site scripting attacks. \n\n1) Certain input passed via URL parameters to two unspecified web\napplications is not properly sanitised before being used to construct\na XPath query for XML data. This can be exploited to manipulate XPath\nqueries by injecting arbitrary XPath code and e.g. read or write\ncertain system settings. \n\n2) Certain input passed via a filename to two unspecified web\napplications is not properly verified before being used to display\nfiles. This can be exploited to disclose the contents of arbitrary\nfiles via directory traversal sequences. \n\n3) Certain input passed to two unspecified web applications is not\nproperly sanitised before being returned to the user. \n\n4) Certain input is not properly verified before being used to\nredirect users. This can be exploited to redirect a user to an\narbitrary website e.g. when a user clicks a specially crafted link to\nthe affected script hosted on a trusted domain. \n\nThe weakness and the vulnerabilities are reported in version 7.0 SP3. \n\nSOLUTION:\nApply \"Update 2\" (please see the vendor\u0027s advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\n1-3) The vendor credits Gleb Gritsai, Alexander Zaitsev, Sergey\nScherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis\nBaranov, and Andrey Medov, Positive Technologies. \n4) Reported by the vendor. \n\nORIGINAL ADVISORY:\nSiemens:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf\n\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2598"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002661"
},
{
"db": "CNVD",
"id": "CNVD-2012-3214"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "IVD",
"id": "c4b582fe-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-55879"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-2598",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-158-01",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-223158",
"trust": 1.9
},
{
"db": "CNNVD",
"id": "CNNVD-201206-087",
"trust": 0.9
},
{
"db": "BID",
"id": "53837",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "49359",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-3214",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002661",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "19751",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "49341",
"trust": 0.3
},
{
"db": "IVD",
"id": "C4B582FE-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-55879",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113374",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113371",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c4b582fe-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3214"
},
{
"db": "VULHUB",
"id": "VHN-55879"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002661"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-087"
},
{
"db": "NVD",
"id": "CVE-2012-2598"
}
]
},
"id": "VAR-201206-0074",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c4b582fe-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3214"
},
{
"db": "VULHUB",
"id": "VHN-55879"
}
],
"trust": 1.6009954333333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c4b582fe-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3214"
}
]
},
"last_update_date": "2025-04-11T23:04:13.648000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-223158: Multiple Vulnerabilities in WinCC 7.0 SP3",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens WinCC Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/18134"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3214"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002661"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55879"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002661"
},
{
"db": "NVD",
"id": "CVE-2012-2598"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-158-01.pdf"
},
{
"trust": 1.9,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2598"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2598"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/49359"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/53837"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19751"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/pages/default.aspx"
},
{
"trust": 0.2,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49359/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49359/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49359"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49341/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49341/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3214"
},
{
"db": "VULHUB",
"id": "VHN-55879"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002661"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-087"
},
{
"db": "NVD",
"id": "CVE-2012-2598"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c4b582fe-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3214"
},
{
"db": "VULHUB",
"id": "VHN-55879"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002661"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-087"
},
{
"db": "NVD",
"id": "CVE-2012-2598"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-19T00:00:00",
"db": "IVD",
"id": "c4b582fe-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3214"
},
{
"date": "2012-06-08T00:00:00",
"db": "VULHUB",
"id": "VHN-55879"
},
{
"date": "2012-06-06T00:00:00",
"db": "BID",
"id": "53837"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002661"
},
{
"date": "2012-06-08T07:05:53",
"db": "PACKETSTORM",
"id": "113374"
},
{
"date": "2012-06-08T07:05:43",
"db": "PACKETSTORM",
"id": "113371"
},
{
"date": "2012-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-087"
},
{
"date": "2012-06-08T18:55:02.317000",
"db": "NVD",
"id": "CVE-2012-2598"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3214"
},
{
"date": "2012-06-12T00:00:00",
"db": "VULHUB",
"id": "VHN-55879"
},
{
"date": "2012-06-06T00:00:00",
"db": "BID",
"id": "53837"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002661"
},
{
"date": "2012-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-087"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-2598"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201206-087"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens WinCC Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "c4b582fe-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3214"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-087"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "c4b582fe-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-087"
}
],
"trust": 0.8
}
}
VAR-201206-0072
Vulnerability from variot - Updated: 2025-04-11 23:04The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML injection" attack. WinCC flexible is a human-machine interface for use in some machine or process applications. Siemens SIMATIC WinCC Flexible does not filter out specially crafted characters when parsing URL parameters. There is a security vulnerability in the implementation, and an attacker can use the vulnerability to read or write system settings. Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible. The vulnerability is related to 'XML injection' attacks.
The vulnerability is caused due to an input sanitisation error within the DiagAgent web server and can be exploited to cause a buffer overflow and crash the DiagAgent.
Successful exploitation requires the DiagAgent web server to be enabled (disabled by default). ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA49341
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49341/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
RELEASE DATE: 2012-06-07
DISCUSS ADVISORY: http://secunia.com/advisories/49341/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/49341/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=49341
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A weakness and some vulnerabilities have been reported in Siemens SIMATIC WinCC, which can be exploited by malicious users to disclose potentially sensitive information and system information and manipulate certain data and by malicious people to conduct spoofing and cross-site scripting attacks. This can be exploited to manipulate XPath queries by injecting arbitrary XPath code and e.g.
2) Certain input passed via a filename to two unspecified web applications is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences.
3) Certain input passed to two unspecified web applications is not properly sanitised before being returned to the user.
4) Certain input is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.
The weakness and the vulnerabilities are reported in version 7.0 SP3.
SOLUTION: Apply "Update 2" (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: 1-3) The vendor credits Gleb Gritsai, Alexander Zaitsev, Sergey Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, and Andrey Medov, Positive Technologies. 4) Reported by the vendor.
ORIGINAL ADVISORY: Siemens: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf
ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201206-0072",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc sp3",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "update 2"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "7.0"
}
],
"sources": [
{
"db": "IVD",
"id": "c4c81518-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3212"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002659"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-085"
},
{
"db": "NVD",
"id": "CVE-2012-2596"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002659"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gleb Gritsai, Alexander Zaitsev, Sergey Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, Andrey Medov and Siemens",
"sources": [
{
"db": "BID",
"id": "53837"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-085"
}
],
"trust": 0.9
},
"cve": "CVE-2012-2596",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2012-2596",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "c4c81518-2353-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-55877",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-2596",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-2596",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201206-085",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c4c81518-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-55877",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c4c81518-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-55877"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002659"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-085"
},
{
"db": "NVD",
"id": "CVE-2012-2596"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an \"XML injection\" attack. WinCC flexible is a human-machine interface for use in some machine or process applications. Siemens SIMATIC WinCC Flexible does not filter out specially crafted characters when parsing URL parameters. There is a security vulnerability in the implementation, and an attacker can use the vulnerability to read or write system settings. Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, execute arbitrary code in the context of the affected application, read arbitrary files on the system, redirect users to a potentially malicious site, access or modify data of an XML document, or cause denial-of-service conditions; other attacks may also be possible. The vulnerability is related to \u0027XML injection\u0027 attacks. \n\nThe vulnerability is caused due to an input sanitisation error within\nthe DiagAgent web server and can be exploited to cause a buffer\noverflow and crash the DiagAgent. \n\nSuccessful exploitation requires the DiagAgent web server to be\nenabled (disabled by default). ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens SIMATIC WinCC Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA49341\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49341/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341\n\nRELEASE DATE:\n2012-06-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49341/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49341/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA weakness and some vulnerabilities have been reported in Siemens\nSIMATIC WinCC, which can be exploited by malicious users to disclose\npotentially sensitive information and system information and\nmanipulate certain data and by malicious people to conduct spoofing\nand cross-site scripting attacks. This can be exploited to manipulate XPath\nqueries by injecting arbitrary XPath code and e.g. \n\n2) Certain input passed via a filename to two unspecified web\napplications is not properly verified before being used to display\nfiles. This can be exploited to disclose the contents of arbitrary\nfiles via directory traversal sequences. \n\n3) Certain input passed to two unspecified web applications is not\nproperly sanitised before being returned to the user. \n\n4) Certain input is not properly verified before being used to\nredirect users. This can be exploited to redirect a user to an\narbitrary website e.g. when a user clicks a specially crafted link to\nthe affected script hosted on a trusted domain. \n\nThe weakness and the vulnerabilities are reported in version 7.0 SP3. \n\nSOLUTION:\nApply \"Update 2\" (please see the vendor\u0027s advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\n1-3) The vendor credits Gleb Gritsai, Alexander Zaitsev, Sergey\nScherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis\nBaranov, and Andrey Medov, Positive Technologies. \n4) Reported by the vendor. \n\nORIGINAL ADVISORY:\nSiemens:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf\n\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2596"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002659"
},
{
"db": "CNVD",
"id": "CNVD-2012-3212"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "IVD",
"id": "c4c81518-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-55877"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-2596",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-158-01",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-223158",
"trust": 1.9
},
{
"db": "CNNVD",
"id": "CNNVD-201206-085",
"trust": 0.9
},
{
"db": "BID",
"id": "53837",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "49341",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-3212",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002659",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "19751",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "49359",
"trust": 0.3
},
{
"db": "IVD",
"id": "C4C81518-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-55877",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113374",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113371",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c4c81518-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3212"
},
{
"db": "VULHUB",
"id": "VHN-55877"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002659"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-085"
},
{
"db": "NVD",
"id": "CVE-2012-2596"
}
]
},
"id": "VAR-201206-0072",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c4c81518-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3212"
},
{
"db": "VULHUB",
"id": "VHN-55877"
}
],
"trust": 1.6009954333333334
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c4c81518-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3212"
}
]
},
"last_update_date": "2025-04-11T23:04:13.599000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-223158: Multiple Vulnerabilities in WinCC 7.0 SP3",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens WinCC Vulnerability (CNVD-2012-3212)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/18132"
},
{
"title": "Update 2 for WinCC V7.0 SP3 und WinCC V7.0 SP3 ASIA",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=43310"
},
{
"title": "Update 2 for WinCC V7.0 SP3 und WinCC V7.0 SP3 ASIA",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=43309"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3212"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002659"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-085"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55877"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002659"
},
{
"db": "NVD",
"id": "CVE-2012-2596"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-158-01.pdf"
},
{
"trust": 1.9,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2596"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2596"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/49341"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/53837"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19751"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/pages/default.aspx"
},
{
"trust": 0.2,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49359/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49359/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49359"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49341/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49341"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/49341/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-3212"
},
{
"db": "VULHUB",
"id": "VHN-55877"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002659"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-085"
},
{
"db": "NVD",
"id": "CVE-2012-2596"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c4c81518-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-3212"
},
{
"db": "VULHUB",
"id": "VHN-55877"
},
{
"db": "BID",
"id": "53837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002659"
},
{
"db": "PACKETSTORM",
"id": "113374"
},
{
"db": "PACKETSTORM",
"id": "113371"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-085"
},
{
"db": "NVD",
"id": "CVE-2012-2596"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-19T00:00:00",
"db": "IVD",
"id": "c4c81518-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3212"
},
{
"date": "2012-06-08T00:00:00",
"db": "VULHUB",
"id": "VHN-55877"
},
{
"date": "2012-06-06T00:00:00",
"db": "BID",
"id": "53837"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002659"
},
{
"date": "2012-06-08T07:05:53",
"db": "PACKETSTORM",
"id": "113374"
},
{
"date": "2012-06-08T07:05:43",
"db": "PACKETSTORM",
"id": "113371"
},
{
"date": "2012-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-085"
},
{
"date": "2012-06-08T18:55:02.220000",
"db": "NVD",
"id": "CVE-2012-2596"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-3212"
},
{
"date": "2012-06-12T00:00:00",
"db": "VULHUB",
"id": "VHN-55877"
},
{
"date": "2012-06-06T00:00:00",
"db": "BID",
"id": "53837"
},
{
"date": "2012-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002659"
},
{
"date": "2012-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201206-085"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-2596"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201206-085"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens WinCC of Web Application XPath Vulnerability to read settings in function",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002659"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code injection",
"sources": [
{
"db": "IVD",
"id": "c4c81518-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201206-085"
}
],
"trust": 0.8
}
}
VAR-201209-0222
Vulnerability from variot - Updated: 2025-04-11 23:01Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service. (DoS) There is a possibility of being put into a state. Siemens SIMATIC is an automation software in a single engineering environment. Siemens SIMATIC WinCC is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. Siemens SIMATIC WinCC 7.0 SP3 and prior versions are vulnerable.
The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to perform certain unspecified actions when a logged-in administrative user visits a specially crafted web page. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA50568
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50568/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
RELEASE DATE: 2012-09-11
DISCUSS ADVISORY: http://secunia.com/advisories/50568/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/50568/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Siemens SIMATIC WinCC, which can be exploited by malicious people to conduct cross-site scripting attacks, conduct SQL injection attacks, and disclose certain sensitive information.
1) Certain unspecified input passed to the WebNavigator component is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Certain input passed to the WebNavigator component is not properly verified before being used to read files. This can be exploited to read arbitrary files via directory traversal sequences.
3) Certain input passed via SOAP messages to the WebNavigator component is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
4) An error within the ActiveX control can be exploited to disclose the username and password of an authenticated user.
SOLUTION: Apply Update 3.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: The vendor credits Denis Baranov, Sergey Bobrov, Artem Chaykin, Vladimir Kochetkov, Pavel Toporkov, and Timur Yunusov, Positive Technologies.
ORIGINAL ADVISORY: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201209-0222",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "6.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "6.0"
},
{
"model": "simatic pcs 7",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "lte",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "5ddc3ec4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "BID",
"id": "55493"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004446"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-303"
},
{
"db": "NVD",
"id": "CVE-2012-3028"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_pcs_7",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004446"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Denis Baranov, Sergey Bobrov, Artem Chaykin, Vladimir Kochetkov, Pavel Toporkov, and Timur Yunusov from Positive Technologies",
"sources": [
{
"db": "BID",
"id": "55493"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-303"
}
],
"trust": 0.9
},
"cve": "CVE-2012-3028",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2012-3028",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2012-5088",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "5ddc3ec4-2353-11e6-abef-000c29c66e3d",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-56309",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-3028",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-3028",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2012-5088",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201209-303",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5ddc3ec4-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-56309",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5ddc3ec4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "VULHUB",
"id": "VHN-56309"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004446"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-303"
},
{
"db": "NVD",
"id": "CVE-2012-3028"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service. (DoS) There is a possibility of being put into a state. Siemens SIMATIC is an automation software in a single engineering environment. Siemens SIMATIC WinCC is prone to a cross-site request-forgery vulnerability. \nExploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. \nSiemens SIMATIC WinCC 7.0 SP3 and prior versions are vulnerable. \n\nThe application allows users to perform certain actions via HTTP\nrequests without performing proper validity checks to verify the\nrequests. This can be exploited to perform certain unspecified\nactions when a logged-in administrative user visits a specially\ncrafted web page. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens SIMATIC WinCC Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA50568\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50568/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568\n\nRELEASE DATE:\n2012-09-11\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50568/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50568/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Siemens SIMATIC WinCC,\nwhich can be exploited by malicious people to conduct cross-site\nscripting attacks, conduct SQL injection attacks, and disclose\ncertain sensitive information. \n\n1) Certain unspecified input passed to the WebNavigator component is\nnot properly sanitised before being returned to the user. This can be\nexploited to execute arbitrary HTML and script code in a user\u0027s\nbrowser session in context of an affected site. \n\n2) Certain input passed to the WebNavigator component is not properly\nverified before being used to read files. This can be exploited to\nread arbitrary files via directory traversal sequences. \n\n3) Certain input passed via SOAP messages to the WebNavigator\ncomponent is not properly sanitised before being used in SQL queries. \nThis can be exploited to manipulate SQL queries by injecting arbitrary\nSQL code. \n\n4) An error within the ActiveX control can be exploited to disclose\nthe username and password of an authenticated user. \n\nSOLUTION:\nApply Update 3. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Denis Baranov, Sergey Bobrov, Artem Chaykin,\nVladimir Kochetkov, Pavel Toporkov, and Timur Yunusov, Positive\nTechnologies. \n\nORIGINAL ADVISORY:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3028"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004446"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "BID",
"id": "55493"
},
{
"db": "IVD",
"id": "5ddc3ec4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-56309"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3028",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-864051",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSA-12-256-01",
"trust": 2.5
},
{
"db": "BID",
"id": "55493",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201209-303",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-5088",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004446",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "50581",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "20652",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "20933",
"trust": 0.6
},
{
"db": "IVD",
"id": "5DDC3EC4-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "50568",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-56309",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116445",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116447",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5ddc3ec4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "VULHUB",
"id": "VHN-56309"
},
{
"db": "BID",
"id": "55493"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004446"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-303"
},
{
"db": "NVD",
"id": "CVE-2012-3028"
}
]
},
"id": "VAR-201209-0222",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5ddc3ec4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "VULHUB",
"id": "VHN-56309"
}
],
"trust": 1.5048571666666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "5ddc3ec4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
}
]
},
"last_update_date": "2025-04-11T23:01:54.293000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/"
},
{
"title": "SSA-864051: Multiple Vulnerabilities in WinCC 7.0 SP3",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens SIMATIC WinCC Cross-Site Request Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/80787"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004446"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56309"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004446"
},
{
"db": "NVD",
"id": "CVE-2012-3028"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-256-01.pdf"
},
{
"trust": 2.2,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"trust": 1.7,
"url": "http://en.securitylab.ru/lab/pt-2012-42"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3028"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3028"
},
{
"trust": 0.6,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-864051.pdf"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/50581"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/55493"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20933"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20652"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/scada/simatic-wincc/pages/default.aspx"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50581"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50581/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50581/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50568/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50568/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "VULHUB",
"id": "VHN-56309"
},
{
"db": "BID",
"id": "55493"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004446"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-303"
},
{
"db": "NVD",
"id": "CVE-2012-3028"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5ddc3ec4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "VULHUB",
"id": "VHN-56309"
},
{
"db": "BID",
"id": "55493"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004446"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-303"
},
{
"db": "NVD",
"id": "CVE-2012-3028"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-13T00:00:00",
"db": "IVD",
"id": "5ddc3ec4-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"date": "2012-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-56309"
},
{
"date": "2012-09-11T00:00:00",
"db": "BID",
"id": "55493"
},
{
"date": "2012-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004446"
},
{
"date": "2012-09-11T07:30:00",
"db": "PACKETSTORM",
"id": "116445"
},
{
"date": "2012-09-11T07:30:06",
"db": "PACKETSTORM",
"id": "116447"
},
{
"date": "2012-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-303"
},
{
"date": "2012-09-18T14:55:01.397000",
"db": "NVD",
"id": "CVE-2012-3028"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"date": "2012-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-56309"
},
{
"date": "2015-03-19T09:33:00",
"db": "BID",
"id": "55493"
},
{
"date": "2012-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004446"
},
{
"date": "2012-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-303"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-3028"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-303"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "IVD",
"id": "5ddc3ec4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "BID",
"id": "55493"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-303"
}
],
"trust": 1.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-303"
}
],
"trust": 0.6
}
}
VAR-201209-0223
Vulnerability from variot - Updated: 2025-04-11 23:01WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote attackers to read a (1) log file or (2) configuration file via a direct request. Siemens SIMATIC is an automation software in a single engineering environment. The Siemens SIMATIC WinCC WebNavigator component incorrectly handles input, allowing an attacker to read system files using a directory traversal sequence. Siemens SIMATIC WinCC is prone to information-disclosure, SQL-injection, directory-traversal, and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. The attacker may exploit the information-disclosure issue and directory-traversal issues to gain access to sensitive information that may lead to further attacks. The attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Siemens SIMATIC WinCC 7.0 SP3 and prior versions are vulnerable. WinCC flexible is a human-machine interface used in some machine or process applications.
The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to perform certain unspecified actions when a logged-in administrative user visits a specially crafted web page. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA50568
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50568/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
RELEASE DATE: 2012-09-11
DISCUSS ADVISORY: http://secunia.com/advisories/50568/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/50568/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Siemens SIMATIC WinCC, which can be exploited by malicious people to conduct cross-site scripting attacks, conduct SQL injection attacks, and disclose certain sensitive information.
1) Certain unspecified input passed to the WebNavigator component is not properly sanitised before being returned to the user.
3) Certain input passed via SOAP messages to the WebNavigator component is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
4) An error within the ActiveX control can be exploited to disclose the username and password of an authenticated user.
SOLUTION: Apply Update 3.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: The vendor credits Denis Baranov, Sergey Bobrov, Artem Chaykin, Vladimir Kochetkov, Pavel Toporkov, and Timur Yunusov, Positive Technologies.
ORIGINAL ADVISORY: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201209-0223",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "6.0"
},
{
"model": "simatic pcs 7",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "lte",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.x"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "77.x"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "5dd6af86-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5083"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004447"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-293"
},
{
"db": "NVD",
"id": "CVE-2012-3030"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_pcs_7",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004447"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Denis Baranov Sergey Bobrov, Artem Chaykin, Vladimir Kochetkov, Pavel Toporkov,Timur Yunusov from Positive Technologies",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-293"
}
],
"trust": 0.6
},
"cve": "CVE-2012-3030",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2012-3030",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "5dd6af86-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-56311",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-3030",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-3030",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201209-293",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5dd6af86-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-56311",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5dd6af86-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-56311"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004447"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-293"
},
{
"db": "NVD",
"id": "CVE-2012-3030"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote attackers to read a (1) log file or (2) configuration file via a direct request. Siemens SIMATIC is an automation software in a single engineering environment. The Siemens SIMATIC WinCC WebNavigator component incorrectly handles input, allowing an attacker to read system files using a directory traversal sequence. Siemens SIMATIC WinCC is prone to information-disclosure, SQL-injection, directory-traversal, and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. \nThe attacker may exploit the information-disclosure issue and directory-traversal issues to gain access to sensitive information that may lead to further attacks. \nThe attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nAn attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nSiemens SIMATIC WinCC 7.0 SP3 and prior versions are vulnerable. WinCC flexible is a human-machine interface used in some machine or process applications. \n\nThe application allows users to perform certain actions via HTTP\nrequests without performing proper validity checks to verify the\nrequests. This can be exploited to perform certain unspecified\nactions when a logged-in administrative user visits a specially\ncrafted web page. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens SIMATIC WinCC Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA50568\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50568/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568\n\nRELEASE DATE:\n2012-09-11\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50568/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50568/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Siemens SIMATIC WinCC,\nwhich can be exploited by malicious people to conduct cross-site\nscripting attacks, conduct SQL injection attacks, and disclose\ncertain sensitive information. \n\n1) Certain unspecified input passed to the WebNavigator component is\nnot properly sanitised before being returned to the user. \n\n3) Certain input passed via SOAP messages to the WebNavigator\ncomponent is not properly sanitised before being used in SQL queries. \nThis can be exploited to manipulate SQL queries by injecting arbitrary\nSQL code. \n\n4) An error within the ActiveX control can be exploited to disclose\nthe username and password of an authenticated user. \n\nSOLUTION:\nApply Update 3. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Denis Baranov, Sergey Bobrov, Artem Chaykin,\nVladimir Kochetkov, Pavel Toporkov, and Timur Yunusov, Positive\nTechnologies. \n\nORIGINAL ADVISORY:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3030"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004447"
},
{
"db": "CNVD",
"id": "CNVD-2012-5083"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "IVD",
"id": "5dd6af86-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-56311"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3030",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-864051",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-256-01",
"trust": 2.5
},
{
"db": "CNNVD",
"id": "CNNVD-201209-293",
"trust": 0.9
},
{
"db": "BID",
"id": "55492",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-5083",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004447",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "50568",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "20651",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "20932",
"trust": 0.6
},
{
"db": "IVD",
"id": "5DD6AF86-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "50581",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-56311",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116445",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116447",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5dd6af86-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5083"
},
{
"db": "VULHUB",
"id": "VHN-56311"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004447"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-293"
},
{
"db": "NVD",
"id": "CVE-2012-3030"
}
]
},
"id": "VAR-201209-0223",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5dd6af86-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5083"
},
{
"db": "VULHUB",
"id": "VHN-56311"
}
],
"trust": 1.5048571666666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "5dd6af86-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5083"
}
]
},
"last_update_date": "2025-04-11T23:01:54.244000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/"
},
{
"title": "SSA-864051: Multiple Vulnerabilities in WinCC 7.0 SP3",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens SIMATIC WinCC arbitrary file read vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/22131"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5083"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004447"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56311"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004447"
},
{
"db": "NVD",
"id": "CVE-2012-3030"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-256-01.pdf"
},
{
"trust": 1.9,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"trust": 1.7,
"url": "http://en.securitylab.ru/lab/pt-2012-43"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3030"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3030"
},
{
"trust": 0.6,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdfhttp"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/50568"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/55492"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20932"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20651"
},
{
"trust": 0.3,
"url": "http://aunz.siemens.com/newscentre/productreleases/pages/iac_pr_simaticwinccv62.aspx"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50581"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50581/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50581/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50568/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50568/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5083"
},
{
"db": "VULHUB",
"id": "VHN-56311"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004447"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-293"
},
{
"db": "NVD",
"id": "CVE-2012-3030"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5dd6af86-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5083"
},
{
"db": "VULHUB",
"id": "VHN-56311"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004447"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-293"
},
{
"db": "NVD",
"id": "CVE-2012-3030"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-13T00:00:00",
"db": "IVD",
"id": "5dd6af86-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5083"
},
{
"date": "2012-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-56311"
},
{
"date": "2012-09-11T00:00:00",
"db": "BID",
"id": "55492"
},
{
"date": "2012-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004447"
},
{
"date": "2012-09-11T07:30:00",
"db": "PACKETSTORM",
"id": "116445"
},
{
"date": "2012-09-11T07:30:06",
"db": "PACKETSTORM",
"id": "116447"
},
{
"date": "2012-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-293"
},
{
"date": "2012-09-18T14:55:01.443000",
"db": "NVD",
"id": "CVE-2012-3030"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5083"
},
{
"date": "2012-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-56311"
},
{
"date": "2012-09-12T22:50:00",
"db": "BID",
"id": "55492"
},
{
"date": "2012-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004447"
},
{
"date": "2012-09-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-293"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-3030"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-293"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC Arbitrary File Read Vulnerability",
"sources": [
{
"db": "IVD",
"id": "5dd6af86-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5083"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-293"
}
],
"trust": 0.6
}
}
VAR-201209-0225
Vulnerability from variot - Updated: 2025-04-11 23:01SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message. Siemens SIMATIC is an automation software in a single engineering environment. Siemens SIMATIC WinCC is prone to information-disclosure, SQL-injection, directory-traversal, and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. The attacker may exploit the information-disclosure issue and directory-traversal issues to gain access to sensitive information that may lead to further attacks. The attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Siemens SIMATIC WinCC 7.0 SP3 and prior versions are vulnerable. WinCC flexible is a human-machine interface used in some machine or process applications.
The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to perform certain unspecified actions when a logged-in administrative user visits a specially crafted web page. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA50568
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50568/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
RELEASE DATE: 2012-09-11
DISCUSS ADVISORY: http://secunia.com/advisories/50568/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/50568/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Siemens SIMATIC WinCC, which can be exploited by malicious people to conduct cross-site scripting attacks, conduct SQL injection attacks, and disclose certain sensitive information.
1) Certain unspecified input passed to the WebNavigator component is not properly sanitised before being returned to the user.
2) Certain input passed to the WebNavigator component is not properly verified before being used to read files. This can be exploited to read arbitrary files via directory traversal sequences. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
4) An error within the ActiveX control can be exploited to disclose the username and password of an authenticated user.
SOLUTION: Apply Update 3.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: The vendor credits Denis Baranov, Sergey Bobrov, Artem Chaykin, Vladimir Kochetkov, Pavel Toporkov, and Timur Yunusov, Positive Technologies.
ORIGINAL ADVISORY: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201209-0225",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "6.0"
},
{
"model": "simatic pcs 7",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "lte",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.x"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "77.x"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "5e1894b4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5086"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004449"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-295"
},
{
"db": "NVD",
"id": "CVE-2012-3032"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_pcs_7",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004449"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Denis Baranov Sergey Bobrov, Artem Chaykin, Vladimir Kochetkov, Pavel Toporkov,Timur Yunusov from Positive Technologies",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-295"
}
],
"trust": 0.6
},
"cve": "CVE-2012-3032",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2012-3032",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "5e1894b4-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-56313",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-3032",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-3032",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201209-295",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "5e1894b4-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-56313",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5e1894b4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-56313"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004449"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-295"
},
{
"db": "NVD",
"id": "CVE-2012-3032"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message. Siemens SIMATIC is an automation software in a single engineering environment. Siemens SIMATIC WinCC is prone to information-disclosure, SQL-injection, directory-traversal, and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. \nThe attacker may exploit the information-disclosure issue and directory-traversal issues to gain access to sensitive information that may lead to further attacks. \nThe attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nAn attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nSiemens SIMATIC WinCC 7.0 SP3 and prior versions are vulnerable. WinCC flexible is a human-machine interface used in some machine or process applications. \n\nThe application allows users to perform certain actions via HTTP\nrequests without performing proper validity checks to verify the\nrequests. This can be exploited to perform certain unspecified\nactions when a logged-in administrative user visits a specially\ncrafted web page. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens SIMATIC WinCC Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA50568\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50568/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568\n\nRELEASE DATE:\n2012-09-11\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50568/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50568/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Siemens SIMATIC WinCC,\nwhich can be exploited by malicious people to conduct cross-site\nscripting attacks, conduct SQL injection attacks, and disclose\ncertain sensitive information. \n\n1) Certain unspecified input passed to the WebNavigator component is\nnot properly sanitised before being returned to the user. \n\n2) Certain input passed to the WebNavigator component is not properly\nverified before being used to read files. This can be exploited to\nread arbitrary files via directory traversal sequences. \nThis can be exploited to manipulate SQL queries by injecting arbitrary\nSQL code. \n\n4) An error within the ActiveX control can be exploited to disclose\nthe username and password of an authenticated user. \n\nSOLUTION:\nApply Update 3. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Denis Baranov, Sergey Bobrov, Artem Chaykin,\nVladimir Kochetkov, Pavel Toporkov, and Timur Yunusov, Positive\nTechnologies. \n\nORIGINAL ADVISORY:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3032"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004449"
},
{
"db": "CNVD",
"id": "CNVD-2012-5086"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "IVD",
"id": "5e1894b4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-56313"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3032",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-864051",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-256-01",
"trust": 2.5
},
{
"db": "CNNVD",
"id": "CNNVD-201209-295",
"trust": 0.9
},
{
"db": "BID",
"id": "55492",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-5086",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004449",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "50568",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "20935",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "20651",
"trust": 0.6
},
{
"db": "IVD",
"id": "5E1894B4-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "50581",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-56313",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116445",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116447",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5e1894b4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5086"
},
{
"db": "VULHUB",
"id": "VHN-56313"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004449"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-295"
},
{
"db": "NVD",
"id": "CVE-2012-3032"
}
]
},
"id": "VAR-201209-0225",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5e1894b4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5086"
},
{
"db": "VULHUB",
"id": "VHN-56313"
}
],
"trust": 1.5048571666666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "5e1894b4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5086"
}
]
},
"last_update_date": "2025-04-11T23:01:54.195000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/"
},
{
"title": "SSA-864051: Multiple Vulnerabilities in WinCC 7.0 SP3",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens SIMATIC WinCC SOAP SQL Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/22133"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5086"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004449"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56313"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004449"
},
{
"db": "NVD",
"id": "CVE-2012-3032"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-256-01.pdf"
},
{
"trust": 1.9,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"trust": 1.7,
"url": "http://en.securitylab.ru/lab/pt-2012-44"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3032"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3032"
},
{
"trust": 0.6,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdfhttp"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/50568"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/55492"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20935"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20651"
},
{
"trust": 0.3,
"url": "http://aunz.siemens.com/newscentre/productreleases/pages/iac_pr_simaticwinccv62.aspx"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50581"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50581/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50581/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50568/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50568/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5086"
},
{
"db": "VULHUB",
"id": "VHN-56313"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004449"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-295"
},
{
"db": "NVD",
"id": "CVE-2012-3032"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5e1894b4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5086"
},
{
"db": "VULHUB",
"id": "VHN-56313"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004449"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-295"
},
{
"db": "NVD",
"id": "CVE-2012-3032"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-13T00:00:00",
"db": "IVD",
"id": "5e1894b4-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5086"
},
{
"date": "2012-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-56313"
},
{
"date": "2012-09-11T00:00:00",
"db": "BID",
"id": "55492"
},
{
"date": "2012-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004449"
},
{
"date": "2012-09-11T07:30:00",
"db": "PACKETSTORM",
"id": "116445"
},
{
"date": "2012-09-11T07:30:06",
"db": "PACKETSTORM",
"id": "116447"
},
{
"date": "2012-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-295"
},
{
"date": "2012-09-18T14:55:01.537000",
"db": "NVD",
"id": "CVE-2012-3032"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5086"
},
{
"date": "2012-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-56313"
},
{
"date": "2012-09-12T22:50:00",
"db": "BID",
"id": "55492"
},
{
"date": "2012-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004449"
},
{
"date": "2012-09-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-295"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-3032"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-295"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens WinCC of WebNavigator In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004449"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "5e1894b4-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-295"
}
],
"trust": 0.8
}
}
VAR-201209-0226
Vulnerability from variot - Updated: 2025-04-11 23:01WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified methods in ActiveX controls. Siemens SIMATIC is an automation software in a single engineering environment. Siemens SIMATIC WinCC is prone to information-disclosure, SQL-injection, directory-traversal, and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. The attacker may exploit the information-disclosure issue and directory-traversal issues to gain access to sensitive information that may lead to further attacks. The attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Siemens SIMATIC WinCC 7.0 SP3 and prior versions are vulnerable. WinCC flexible is a human-machine interface used in some machine or process applications.
The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to perform certain unspecified actions when a logged-in administrative user visits a specially crafted web page. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA50568
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50568/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
RELEASE DATE: 2012-09-11
DISCUSS ADVISORY: http://secunia.com/advisories/50568/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/50568/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Siemens SIMATIC WinCC, which can be exploited by malicious people to conduct cross-site scripting attacks, conduct SQL injection attacks, and disclose certain sensitive information.
1) Certain unspecified input passed to the WebNavigator component is not properly sanitised before being returned to the user.
2) Certain input passed to the WebNavigator component is not properly verified before being used to read files. This can be exploited to read arbitrary files via directory traversal sequences.
3) Certain input passed via SOAP messages to the WebNavigator component is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
SOLUTION: Apply Update 3.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: The vendor credits Denis Baranov, Sergey Bobrov, Artem Chaykin, Vladimir Kochetkov, Pavel Toporkov, and Timur Yunusov, Positive Technologies.
ORIGINAL ADVISORY: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201209-0226",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "6.0"
},
{
"model": "simatic pcs 7",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "lte",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.x"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "77.x"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "5e11d08e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5087"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004450"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-296"
},
{
"db": "NVD",
"id": "CVE-2012-3034"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_pcs_7",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004450"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Denis Baranov Sergey Bobrov, Artem Chaykin, Vladimir Kochetkov, Pavel Toporkov,Timur Yunusov from Positive Technologies",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-296"
}
],
"trust": 0.6
},
"cve": "CVE-2012-3034",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2012-3034",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "5e11d08e-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-56315",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-3034",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-3034",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201209-296",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5e11d08e-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-56315",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2012-3034",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5e11d08e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-56315"
},
{
"db": "VULMON",
"id": "CVE-2012-3034"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004450"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-296"
},
{
"db": "NVD",
"id": "CVE-2012-3034"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified methods in ActiveX controls. Siemens SIMATIC is an automation software in a single engineering environment. Siemens SIMATIC WinCC is prone to information-disclosure, SQL-injection, directory-traversal, and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. \nThe attacker may exploit the information-disclosure issue and directory-traversal issues to gain access to sensitive information that may lead to further attacks. \nThe attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nAn attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nSiemens SIMATIC WinCC 7.0 SP3 and prior versions are vulnerable. WinCC flexible is a human-machine interface used in some machine or process applications. \n\nThe application allows users to perform certain actions via HTTP\nrequests without performing proper validity checks to verify the\nrequests. This can be exploited to perform certain unspecified\nactions when a logged-in administrative user visits a specially\ncrafted web page. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens SIMATIC WinCC Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA50568\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50568/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568\n\nRELEASE DATE:\n2012-09-11\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50568/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50568/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Siemens SIMATIC WinCC,\nwhich can be exploited by malicious people to conduct cross-site\nscripting attacks, conduct SQL injection attacks, and disclose\ncertain sensitive information. \n\n1) Certain unspecified input passed to the WebNavigator component is\nnot properly sanitised before being returned to the user. \n\n2) Certain input passed to the WebNavigator component is not properly\nverified before being used to read files. This can be exploited to\nread arbitrary files via directory traversal sequences. \n\n3) Certain input passed via SOAP messages to the WebNavigator\ncomponent is not properly sanitised before being used in SQL queries. \nThis can be exploited to manipulate SQL queries by injecting arbitrary\nSQL code. \n\nSOLUTION:\nApply Update 3. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Denis Baranov, Sergey Bobrov, Artem Chaykin,\nVladimir Kochetkov, Pavel Toporkov, and Timur Yunusov, Positive\nTechnologies. \n\nORIGINAL ADVISORY:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3034"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004450"
},
{
"db": "CNVD",
"id": "CNVD-2012-5087"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "IVD",
"id": "5e11d08e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-56315"
},
{
"db": "VULMON",
"id": "CVE-2012-3034"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3034",
"trust": 3.7
},
{
"db": "SIEMENS",
"id": "SSA-864051",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-256-01",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201209-296",
"trust": 0.9
},
{
"db": "BID",
"id": "55492",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-5087",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004450",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "50568",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "20651",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "20931",
"trust": 0.6
},
{
"db": "IVD",
"id": "5E11D08E-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "50581",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-56315",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2012-3034",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116445",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116447",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5e11d08e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5087"
},
{
"db": "VULHUB",
"id": "VHN-56315"
},
{
"db": "VULMON",
"id": "CVE-2012-3034"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004450"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-296"
},
{
"db": "NVD",
"id": "CVE-2012-3034"
}
]
},
"id": "VAR-201209-0226",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5e11d08e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5087"
},
{
"db": "VULHUB",
"id": "VHN-56315"
}
],
"trust": 1.5048571666666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "5e11d08e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5087"
}
]
},
"last_update_date": "2025-04-11T23:01:54.144000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/"
},
{
"title": "SSA-864051: Multiple Vulnerabilities in WinCC 7.0 SP3",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens SIMATIC WinCC ActiveX Control Account Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/22134"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5087"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004450"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56315"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004450"
},
{
"db": "NVD",
"id": "CVE-2012-3034"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-256-01.pdf"
},
{
"trust": 2.0,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"trust": 1.8,
"url": "http://en.securitylab.ru/lab/pt-2012-45"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3034"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3034"
},
{
"trust": 0.6,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdfhttp"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/50568"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/55492"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20931"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/20651"
},
{
"trust": 0.3,
"url": "http://aunz.siemens.com/newscentre/productreleases/pages/iac_pr_simaticwinccv62.aspx"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=26911"
},
{
"trust": 0.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-12-256-01"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50581"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50581/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50581/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50568/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50568/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5087"
},
{
"db": "VULHUB",
"id": "VHN-56315"
},
{
"db": "VULMON",
"id": "CVE-2012-3034"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004450"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-296"
},
{
"db": "NVD",
"id": "CVE-2012-3034"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5e11d08e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5087"
},
{
"db": "VULHUB",
"id": "VHN-56315"
},
{
"db": "VULMON",
"id": "CVE-2012-3034"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004450"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-296"
},
{
"db": "NVD",
"id": "CVE-2012-3034"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-13T00:00:00",
"db": "IVD",
"id": "5e11d08e-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5087"
},
{
"date": "2012-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-56315"
},
{
"date": "2012-09-18T00:00:00",
"db": "VULMON",
"id": "CVE-2012-3034"
},
{
"date": "2012-09-11T00:00:00",
"db": "BID",
"id": "55492"
},
{
"date": "2012-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004450"
},
{
"date": "2012-09-11T07:30:00",
"db": "PACKETSTORM",
"id": "116445"
},
{
"date": "2012-09-11T07:30:06",
"db": "PACKETSTORM",
"id": "116447"
},
{
"date": "2012-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-296"
},
{
"date": "2012-09-18T14:55:01.583000",
"db": "NVD",
"id": "CVE-2012-3034"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5087"
},
{
"date": "2012-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-56315"
},
{
"date": "2012-09-19T00:00:00",
"db": "VULMON",
"id": "CVE-2012-3034"
},
{
"date": "2012-09-12T22:50:00",
"db": "BID",
"id": "55492"
},
{
"date": "2012-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004450"
},
{
"date": "2012-09-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-296"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-3034"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-296"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC ActiveX Control Account Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "5e11d08e-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5087"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-296"
}
],
"trust": 0.6
}
}
VAR-201209-0224
Vulnerability from variot - Updated: 2025-04-11 23:01Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a (1) GET parameter, (2) POST parameter, or (3) Referer HTTP header. Siemens SIMATIC PCS7 And used in other products Siemens WinCC of WebNavigator Contains a cross-site scripting vulnerability.By any third party, any Web Script or HTML May be inserted. (1) GET Parameters (2) POST Parameters (3) Referer HTTP header. A cross-site request forgery vulnerability exists in Siemens SIMATIC WinCC that allows an attacker to build a malicious web page, trick the user into parsing, and perform malicious actions in the target user context. Siemens SIMATIC is an automation software in a single engineering environment. Part of the input passed to the WebNavigator component lacks filtering before returning to the user, and can be exploited for cross-site scripting attacks to obtain sensitive information or hijack user sessions. Siemens SIMATIC WinCC is prone to information-disclosure, SQL-injection, directory-traversal, and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. The attacker may exploit the information-disclosure issue and directory-traversal issues to gain access to sensitive information that may lead to further attacks. The attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Siemens SIMATIC WinCC 7.0 SP3 and prior versions are vulnerable. WinCC flexible is a human-machine interface used in some machine or process applications.
The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to perform certain unspecified actions when a logged-in administrative user visits a specially crafted web page. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Siemens SIMATIC WinCC Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA50568
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50568/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
RELEASE DATE: 2012-09-11
DISCUSS ADVISORY: http://secunia.com/advisories/50568/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/50568/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50568
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Siemens SIMATIC WinCC, which can be exploited by malicious people to conduct cross-site scripting attacks, conduct SQL injection attacks, and disclose certain sensitive information.
2) Certain input passed to the WebNavigator component is not properly verified before being used to read files. This can be exploited to read arbitrary files via directory traversal sequences.
3) Certain input passed via SOAP messages to the WebNavigator component is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
4) An error within the ActiveX control can be exploited to disclose the username and password of an authenticated user.
SOLUTION: Apply Update 3.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: The vendor credits Denis Baranov, Sergey Bobrov, Artem Chaykin, Vladimir Kochetkov, Pavel Toporkov, and Timur Yunusov, Positive Technologies.
ORIGINAL ADVISORY: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201209-0224",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "wincc",
"version": "6.0"
},
{
"model": "simatic pcs 7",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "lte",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc",
"version": "7.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.x"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "77.x"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "5.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "5dd0e308-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "CNVD",
"id": "CNVD-2012-5084"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004448"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-294"
},
{
"db": "NVD",
"id": "CVE-2012-3031"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_pcs_7",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004448"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pavel Toporkov,Denis Baranov Sergey Bobrov, Artem Chaykin,Timur Yunusov from Positive Technologies, Vladimir Kochetkov",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-294"
}
],
"trust": 0.6
},
"cve": "CVE-2012-3031",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2012-3031",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2012-5088",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "5dd0e308-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-56312",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-3031",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-3031",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2012-5088",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201209-294",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5dd0e308-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-56312",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5dd0e308-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "VULHUB",
"id": "VHN-56312"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004448"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-294"
},
{
"db": "NVD",
"id": "CVE-2012-3031"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a (1) GET parameter, (2) POST parameter, or (3) Referer HTTP header. Siemens SIMATIC PCS7 And used in other products Siemens WinCC of WebNavigator Contains a cross-site scripting vulnerability.By any third party, any Web Script or HTML May be inserted. (1) GET Parameters (2) POST Parameters (3) Referer HTTP header. A cross-site request forgery vulnerability exists in Siemens SIMATIC WinCC that allows an attacker to build a malicious web page, trick the user into parsing, and perform malicious actions in the target user context. Siemens SIMATIC is an automation software in a single engineering environment. Part of the input passed to the WebNavigator component lacks filtering before returning to the user, and can be exploited for cross-site scripting attacks to obtain sensitive information or hijack user sessions. Siemens SIMATIC WinCC is prone to information-disclosure, SQL-injection, directory-traversal, and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. \nThe attacker may exploit the information-disclosure issue and directory-traversal issues to gain access to sensitive information that may lead to further attacks. \nThe attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nAn attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nSiemens SIMATIC WinCC 7.0 SP3 and prior versions are vulnerable. WinCC flexible is a human-machine interface used in some machine or process applications. \n\nThe application allows users to perform certain actions via HTTP\nrequests without performing proper validity checks to verify the\nrequests. This can be exploited to perform certain unspecified\nactions when a logged-in administrative user visits a specially\ncrafted web page. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens SIMATIC WinCC Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA50568\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50568/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568\n\nRELEASE DATE:\n2012-09-11\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50568/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50568/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Siemens SIMATIC WinCC,\nwhich can be exploited by malicious people to conduct cross-site\nscripting attacks, conduct SQL injection attacks, and disclose\ncertain sensitive information. \n\n2) Certain input passed to the WebNavigator component is not properly\nverified before being used to read files. This can be exploited to\nread arbitrary files via directory traversal sequences. \n\n3) Certain input passed via SOAP messages to the WebNavigator\ncomponent is not properly sanitised before being used in SQL queries. \nThis can be exploited to manipulate SQL queries by injecting arbitrary\nSQL code. \n\n4) An error within the ActiveX control can be exploited to disclose\nthe username and password of an authenticated user. \n\nSOLUTION:\nApply Update 3. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Denis Baranov, Sergey Bobrov, Artem Chaykin,\nVladimir Kochetkov, Pavel Toporkov, and Timur Yunusov, Positive\nTechnologies. \n\nORIGINAL ADVISORY:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3031"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004448"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "CNVD",
"id": "CNVD-2012-5084"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "IVD",
"id": "5dd0e308-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-56312"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-3031",
"trust": 4.2
},
{
"db": "SIEMENS",
"id": "SSA-864051",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-12-256-01",
"trust": 1.9
},
{
"db": "CNNVD",
"id": "CNNVD-201209-294",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-5084",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004448",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2012-5088",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47149",
"trust": 0.6
},
{
"db": "BID",
"id": "55492",
"trust": 0.3
},
{
"db": "IVD",
"id": "5DD0E308-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "50581",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "50568",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-56312",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116445",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116447",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5dd0e308-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "CNVD",
"id": "CNVD-2012-5084"
},
{
"db": "VULHUB",
"id": "VHN-56312"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004448"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-294"
},
{
"db": "NVD",
"id": "CVE-2012-3031"
}
]
},
"id": "VAR-201209-0224",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5dd0e308-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "CNVD",
"id": "CNVD-2012-5084"
},
{
"db": "VULHUB",
"id": "VHN-56312"
}
],
"trust": 2.1048571666666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.4
}
],
"sources": [
{
"db": "IVD",
"id": "5dd0e308-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "CNVD",
"id": "CNVD-2012-5084"
}
]
},
"last_update_date": "2025-04-11T23:01:54.091000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/"
},
{
"title": "SSA-864051: Multiple Vulnerabilities in WinCC 7.0 SP3",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens SIMATIC WinCC Cross-Site Request Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/80787"
},
{
"title": "Patch for Siemens SIMATIC WinCC Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/22132"
},
{
"title": "WinCC_V70_SP3_Upd4",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44861"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "CNVD",
"id": "CNVD-2012-5084"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004448"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-294"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-56312"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004448"
},
{
"db": "NVD",
"id": "CVE-2012-3031"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-256-01.pdf"
},
{
"trust": 1.3,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"trust": 1.1,
"url": "http://en.securitylab.ru/lab/pt-2012-42"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3031"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3031"
},
{
"trust": 0.6,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-864051.pdf"
},
{
"trust": 0.6,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdfhttp"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47149"
},
{
"trust": 0.3,
"url": "http://aunz.siemens.com/newscentre/productreleases/pages/iac_pr_simaticwinccv62.aspx"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50581"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50581/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50581/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50568/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50568/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50568"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "CNVD",
"id": "CNVD-2012-5084"
},
{
"db": "VULHUB",
"id": "VHN-56312"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004448"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-294"
},
{
"db": "NVD",
"id": "CVE-2012-3031"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5dd0e308-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"db": "CNVD",
"id": "CNVD-2012-5084"
},
{
"db": "VULHUB",
"id": "VHN-56312"
},
{
"db": "BID",
"id": "55492"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004448"
},
{
"db": "PACKETSTORM",
"id": "116445"
},
{
"db": "PACKETSTORM",
"id": "116447"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-294"
},
{
"db": "NVD",
"id": "CVE-2012-3031"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-13T00:00:00",
"db": "IVD",
"id": "5dd0e308-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"date": "2012-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5084"
},
{
"date": "2012-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-56312"
},
{
"date": "2012-09-11T00:00:00",
"db": "BID",
"id": "55492"
},
{
"date": "2012-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004448"
},
{
"date": "2012-09-11T07:30:00",
"db": "PACKETSTORM",
"id": "116445"
},
{
"date": "2012-09-11T07:30:06",
"db": "PACKETSTORM",
"id": "116447"
},
{
"date": "2012-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-294"
},
{
"date": "2012-09-18T14:55:01.490000",
"db": "NVD",
"id": "CVE-2012-3031"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5088"
},
{
"date": "2012-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5084"
},
{
"date": "2012-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-56312"
},
{
"date": "2012-09-12T22:50:00",
"db": "BID",
"id": "55492"
},
{
"date": "2012-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004448"
},
{
"date": "2020-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-294"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-3031"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-294"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "5dd0e308-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-5084"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-294"
}
],
"trust": 0.6
}
}