Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-4833 (GCVE-0-2018-4833)
Vulnerability from cvelistv5 – Published: 2018-06-14 16:00 – Updated: 2024-08-05 05:18
VLAI
EPSS
Summary
A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request.
Severity
8.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | RFID 181EIP |
Affected:
All versions
|
|
| Siemens | RUGGEDCOM Win |
Affected:
V4.4, V4.5, V5.0, and V5.1
|
|
| Siemens | SCALANCE X-200 switch family (incl. SIPLUS NET variants) |
Affected:
All versions < V5.2.3
|
|
| Siemens | SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) |
Affected:
All versions < V5.4.1
|
|
| Siemens | SCALANCE X-200RNA switch family |
Affected:
All versions < V3.2.6
|
|
| Siemens | SCALANCE X-300 switch family (incl. SIPLUS NET variants) |
Affected:
All versions < V4.1.3
|
|
| Siemens | SCALANCE X408 |
Affected:
All versions < V4.1.3
|
|
| Siemens | SCALANCE X414 |
Affected:
All versions
|
|
| Siemens | SIMATIC RF182C |
Affected:
All versions
|
Date Public
2018-06-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:18:26.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RFID 181EIP",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "RUGGEDCOM Win",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "V4.4, V4.5, V5.0, and V5.1"
}
]
},
{
"product": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.2.3"
}
]
},
{
"product": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.4.1"
}
]
},
{
"product": "SCALANCE X-200RNA switch family",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.6"
}
]
},
{
"product": "SCALANCE X-300 switch family (incl. SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X408",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.3"
}
]
},
{
"product": "SCALANCE X414",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC RF182C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"datePublic": "2018-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.4.1), SCALANCE X-200RNA switch family (All versions \u003c V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions \u003c V4.1.3), SCALANCE X408 (All versions \u003c V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client\u0027s DHCP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-14T21:05:17.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-4833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RFID 181EIP",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "RUGGEDCOM Win",
"version": {
"version_data": [
{
"version_value": "V4.4, V4.5, V5.0, and V5.1"
}
]
}
},
{
"product_name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.3"
}
]
}
},
{
"product_name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.4.1"
}
]
}
},
{
"product_name": "SCALANCE X-200RNA switch family",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.2.6"
}
]
}
},
{
"product_name": "SCALANCE X-300 switch family (incl. SIPLUS NET variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.3"
}
]
}
},
{
"product_name": "SCALANCE X408",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.3"
}
]
}
},
{
"product_name": "SCALANCE X414",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC RF182C",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.4.1), SCALANCE X-200RNA switch family (All versions \u003c V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions \u003c V4.1.3), SCALANCE X408 (All versions \u003c V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client\u0027s DHCP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2018-4833",
"datePublished": "2018-06-14T16:00:00.000Z",
"dateReserved": "2018-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:18:26.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-4833",
"date": "2026-06-07",
"epss": "0.00601",
"percentile": "0.69891"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-4833\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2018-06-14T16:29:00.333\",\"lastModified\":\"2024-11-21T04:07:32.737\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.4.1), SCALANCE X-200RNA switch family (All versions \u003c V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions \u003c V4.1.3), SCALANCE X408 (All versions \u003c V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client\u0027s DHCP request.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en RFID 181-EIP (Todas las versiones), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), familia de switches SCALANCE X-200 (incluidas las variantes SIPLUS NET) (Todas las versiones anteriores a la V5.2.3), familia de switches SCALANCE X-200IRT (incluidas las variantes SIPLUS NET) (Todas las versiones anteriores a V5.4.1), familia de switches SCALANCE X-200RNA (Todas las versiones anteriores a la V3.2.6), familia de switches SCALANCE X-300 (incluidas las variantes SIPLUS NET) (Todas las versiones anteriores a la V4.1.3), SCALANCE X408 (Todas las versiones anteriores a la V4.1.3), SCALANCE X414 (Todas las versiones), SIMATIC RF182C (Todas las versiones). Los atacantes remotos no privilegiados ubicados en el mismo segmento de red local (capa 2 de OSI) podr\u00edan obtener la ejecuci\u00f3n remota de c\u00f3digo en los productos afectados enviando una respuesta DHCP especialmente dise\u00f1ada a la solicitud DHCP de un cliente.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":5.8,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.5,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:rfid_181-eip_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BD1CF0F-8773-458A-B895-AD7C28BE95B8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:rfid_181-eip:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6E564B5-8196-46CA-8F31-3D8220C06144\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ruggedcom_wimax_firmware:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAD0FAEE-28AE-4B56-AAFF-46BEF95D8686\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:ruggedcom_wimax_firmware:4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77A98129-42ED-41BE-94D7-93AB6EDB9E1B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:ruggedcom_wimax:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88B2BEB2-4A91-4EF1-8541-C2EBB79CCA1F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x200_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.3\",\"matchCriteriaId\":\"82699DAE-653E-4892-AABE-BD7EB0D08224\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A59C91EA-5D1B-4970-8C36-BD76BA420B12\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x200irt_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.4.1\",\"matchCriteriaId\":\"7AA7D616-B6B3-4883-9EC2-ED08C8F22D99\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x200irt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4201AF3-421F-4FD2-9449-2D89D2194250\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x204rna_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"233B6B4C-1EB6-47AB-8485-7BB585641407\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA8B483F-0FD2-49F8-A86A-672A6E007949\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x300_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E05BF7A-928C-4BF3-963F-7168037DFD51\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3F6299B-D7E3-4750-B016-7DCBC83C2287\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x408_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C003438B-9750-42D9-8DAE-93506BC023C7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x408:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47F713E4-4B75-476E-BC21-92CA10198AE9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x414_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EDB94AE-1ADF-468A-93BB-7DC0A2086AC2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x414:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E4C1BEF-D6B4-4260-9AC5-6F903EF6F4B1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:simatic_rf182c_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"029686AF-F3F7-4A61-8DD0-22B9D357C614\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:simatic_rf182c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7540DAD9-2AAC-46A9-B1C5-BB1AC4FCE710\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Title
Уязвимость микропрограммного обеспечения сетевого оборудования Siemens, связанная с ошибками привилегий и средств управления доступом, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость микропрограммного обеспечения сетевого оборудования Siemens связана с ошибками привилегий и средств управления доступом. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код, отправив специально подготовленный ответ на запрос DHCP клиента
Severity
Vendor
Siemens AG
Software Name
SCALANCE X414, RFID 181-EIP, RUGGEDCOM WiMAX, SCALANCE X-200, SCALANCE X-200 IRT, SCALANCE X-204RNA, SCALANCE X-300, SCALANCE X408, SIMATIC RF182C
Software Version
- (SCALANCE X414), - (RFID 181-EIP), V4.4 (RUGGEDCOM WiMAX), V4.5 (RUGGEDCOM WiMAX), V5.0 (RUGGEDCOM WiMAX), V5.1 (RUGGEDCOM WiMAX), до V5.2.3 (SCALANCE X-200), до V5.4.1 (SCALANCE X-200 IRT), - (SCALANCE X-204RNA), - (SCALANCE X-300), - (SCALANCE X408), - (SIMATIC RF182C)
Possible Mitigations
Обновление программного обеспечения:
Для RUGGEDCOM WiMAX до V5.2:
https://support.industry.siemens.com/cs/ww/en/view/109762466
Для SCALANCE X-200 до V5.2.3:
https://support.industry.siemens.com/cs/ww/en/view/109758142
Для SCALANCE X-200 IRT до V5.4.1:
https://support.industry.siemens.com/cs/ww/en/view/109758144
Компенсирующие меры:
Использование статического IP-адреса вместо DHCP
Применение концепции защиты клеток : https://www.siemens.com/cert/operational-guidelines-industrialsecurity
Reference
https://ics-cert.us-cert.gov/advisories/ICSA-18-165-01
https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf
CWE
CWE-264
{
"CVSS 2.0": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Siemens AG",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (SCALANCE X414), - (RFID 181-EIP), V4.4 (RUGGEDCOM WiMAX), V4.5 (RUGGEDCOM WiMAX), V5.0 (RUGGEDCOM WiMAX), V5.1 (RUGGEDCOM WiMAX), \u0434\u043e V5.2.3 (SCALANCE X-200), \u0434\u043e V5.4.1 (SCALANCE X-200 IRT), - (SCALANCE X-204RNA), - (SCALANCE X-300), - (SCALANCE X408), - (SIMATIC RF182C)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f:\n\u0414\u043b\u044f RUGGEDCOM WiMAX \u0434\u043e V5.2:\nhttps://support.industry.siemens.com/cs/ww/en/view/109762466\n\n\u0414\u043b\u044f SCALANCE X-200 \u0434\u043e V5.2.3:\nhttps://support.industry.siemens.com/cs/ww/en/view/109758142\n\n\u0414\u043b\u044f SCALANCE X-200 IRT \u0434\u043e V5.4.1:\nhttps://support.industry.siemens.com/cs/ww/en/view/109758144\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e IP-\u0430\u0434\u0440\u0435\u0441\u0430 \u0432\u043c\u0435\u0441\u0442\u043e DHCP\n\u041f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u043d\u0446\u0435\u043f\u0446\u0438\u0438 \u0437\u0430\u0449\u0438\u0442\u044b \u043a\u043b\u0435\u0442\u043e\u043a : https://www.siemens.com/cert/operational-guidelines-industrialsecurity",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "12.06.2018",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "07.02.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-00514",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-4833",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "SCALANCE X414, RFID 181-EIP, RUGGEDCOM WiMAX, SCALANCE X-200, SCALANCE X-200 IRT, SCALANCE X-204RNA, SCALANCE X-300, SCALANCE X408, SIMATIC RF182C",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044f Siemens, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f, \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c (CWE-264)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044f Siemens \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434, \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0432 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0439 \u043e\u0442\u0432\u0435\u0442 \u043d\u0430 \u0437\u0430\u043f\u0440\u043e\u0441 DHCP \u043a\u043b\u0438\u0435\u043d\u0442\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u043c\u0435\u0440\u044b",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://ics-cert.us-cert.gov/advisories/ICSA-18-165-01\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0410\u0421\u0423 \u0422\u041f, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-264",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
CERTFR-2018-AVI-279
Vulnerability from certfr_avis - Published: 2018-06-12 - Updated: 2018-06-12
De multiples vulnérabilités ont été découvertes dans SCADA les produits Siemens . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | Desigo CC / Cerberus DMS versions V1.1, V2.0, V2.1 et V3.0 sans le dernier correctif de sécurité | ||
| Siemens | N/A | Desigo XWP versions V6.1 et antérieures sans le dernier correctif de sécurité | ||
| Siemens | N/A | Annual Shading versions V1.0.4 et V1.1 sans le dernier correctif de sécurité | ||
| Siemens | N/A | License Management System (LMS) versions 2.1 et antérieures sans le dernier correctif de sécurité | ||
| Siemens | N/A | SCALANCE M875 | ||
| Siemens | N/A | SCALANCE X-200 versions antérieures à V5.2.3 | ||
| Siemens | N/A | RAPIDLab série 1200 versions antérieures à V3.3 | ||
| Siemens | N/A | Siveillance Identity version V1.1 sans le dernier correctif de sécurité | ||
| Siemens | N/A | SCALANCE X-200 IRT versions antérieures à V5.4.1 | ||
| Siemens | N/A | Desigo ABT versions V3.1.0, V3.0.1 et antérieures sans le dernier correctif de sécurité | ||
| Siemens | N/A | SiteIQ Analytics versions V1.1, V1.2 et V1.3 sans le dernier correctif de sécurité | ||
| Siemens | N/A | Desigo Configuration Manager (DCM) versions V6.1 SP2 et antérieures, V6.0 SP1 et antérieures, sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Desigo CC / Cerberus DMS versions V1.1, V2.0, V2.1 et V3.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo XWP versions V6.1 et ant\u00e9rieures sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Annual Shading versions V1.0.4 et V1.1 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "License Management System (LMS) versions 2.1 et ant\u00e9rieures sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M875",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200 versions ant\u00e9rieures \u00e0 V5.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RAPIDLab s\u00e9rie 1200 versions ant\u00e9rieures \u00e0 V3.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Identity version V1.1 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200 IRT versions ant\u00e9rieures \u00e0 V5.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo ABT versions V3.1.0, V3.0.1 et ant\u00e9rieures sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SiteIQ Analytics versions V1.1, V1.2 et V1.3 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo Configuration Manager (DCM) versions V6.1 SP2 et ant\u00e9rieures, V6.0 SP1 et ant\u00e9rieures, sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-4861",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4861"
},
{
"name": "CVE-2018-4846",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4846"
},
{
"name": "CVE-2018-6305",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6305"
},
{
"name": "CVE-2018-4845",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4845"
},
{
"name": "CVE-2018-8900",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8900"
},
{
"name": "CVE-2018-4842",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4842"
},
{
"name": "CVE-2018-4860",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4860"
},
{
"name": "CVE-2018-4833",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4833"
},
{
"name": "CVE-2018-11449",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11449"
},
{
"name": "CVE-2018-11447",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11447"
},
{
"name": "CVE-2018-11448",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11448"
},
{
"name": "CVE-2018-4859",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4859"
},
{
"name": "CVE-2018-6304",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6304"
},
{
"name": "CVE-2018-4848",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4848"
}
],
"initial_release_date": "2018-06-12T00:00:00",
"last_revision_date": "2018-06-12T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-279",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-06-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SCADA les produits\nSiemens . Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SCADA ssa-755010 Siemens du 12 juin 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-755010.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SCADA ssa-480829 Siemens du 12 juin 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SCADA ssa-977428 Siemens du 12 juin 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SCADA ssa-181018 Siemens du 12 juin 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SCADA ssa-566773 Siemens du 12 juin 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-566773.pdf"
}
]
}
CERTFR-2019-AVI-256
Vulnerability from certfr_avis - Published: 2019-06-11 - Updated: 2019-06-11
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMATIC Ident MV420 | ||
| Siemens | N/A | SIEMENS LOGO!8 versions antérieures à V1.82.02 | ||
| Siemens | N/A | SCALANCE X-200IRT | ||
| Siemens | N/A | SCALANCE X-200 versions antérieures à V5.2.4 | ||
| Siemens | N/A | SCALANCE X-200RNA versions antérieures à V3.2.6 | ||
| Siemens | N/A | SIMATIC Ident MV440 | ||
| Siemens | N/A | SCALANCE X-300 | ||
| Siemens | N/A | Siveillance VMS 2018 R2 versions antérieures à V12.2a | ||
| Siemens | N/A | Siveillance VMS 2018 R1 versions antérieures à V12.1a | ||
| Siemens | N/A | Siveillance VMS 2019 R1 versions antérieures à V13.1a | ||
| Siemens | N/A | Siveillance VMS 2017 R2 versions antérieures à V11.2a | ||
| Siemens | N/A | SCALANCE X-414-3E | ||
| Siemens | N/A | Siveillance VMS 2018 R3 versions antérieures à V12.3a |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC Ident MV420",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIEMENS LOGO!8 versions ant\u00e9rieures \u00e0 V1.82.02",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200IRT",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200 versions ant\u00e9rieures \u00e0 V5.2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200RNA versions ant\u00e9rieures \u00e0 V3.2.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Ident MV440",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-300",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance VMS 2018 R2 versions ant\u00e9rieures \u00e0 V12.2a",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance VMS 2018 R1 versions ant\u00e9rieures \u00e0 V12.1a",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance VMS 2019 R1 versions ant\u00e9rieures \u00e0 V13.1a",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance VMS 2017 R2 versions ant\u00e9rieures \u00e0 V11.2a",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-414-3E",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance VMS 2018 R3 versions ant\u00e9rieures \u00e0 V12.3a",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-6584",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6584"
},
{
"name": "CVE-2019-6567",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6567"
},
{
"name": "CVE-2019-6580",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6580"
},
{
"name": "CVE-2018-4833",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4833"
},
{
"name": "CVE-2019-10926",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10926"
},
{
"name": "CVE-2019-6571",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6571"
},
{
"name": "CVE-2019-10925",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10925"
},
{
"name": "CVE-2019-6581",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6581"
},
{
"name": "CVE-2019-6582",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6582"
}
],
"initial_release_date": "2019-06-11T00:00:00",
"last_revision_date": "2019-06-11T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-256",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-06-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-774850 du 11 juin 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-774850.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-816980 du 11 juin 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-816980.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-646841 du 11 juin 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-181018 du 11 juin 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-212009 du 11 juin 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-212009.pdf"
}
]
}
CERTFR-2020-AVI-800
Vulnerability from certfr_avis - Published: 2020-12-08 - Updated: 2020-12-08
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | XHQ versions antérieures à 6.1 | ||
| Siemens | N/A | SIMATIC ITC1900 V3.1 PRO toutes versions | ||
| Siemens | N/A | SIMATIC ITC2200 V3.1 PRO toutes versions | ||
| Siemens | N/A | LOGO! 8 BM (incl. SIPLUS variants) versions antérieures à 8.3 | ||
| Siemens | N/A | SCALANCE X-200 switch family (incl. SIPLUSNET variants) versions antérieures à 5.2.3 | ||
| Siemens | N/A | SIMATIC HMI Comfort Panels 4" - 22"(incl. SIPLUS variants) versions antérieures à la 16 sans le correctif numéro 3 | ||
| Siemens | N/A | SCALANCE X-300 switch family (incl. SIPLUSNET variants) versions antérieures à 4.1.3 | ||
| Siemens | N/A | RUGGEDCOM Win versions antérieures à 5.2 | ||
| Siemens | N/A | SENTRON PAC3200 versions antérieures à 2.4.5 | ||
| Siemens | N/A | SIMATIC ITC2200 V3.1 toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 Software Controller versions 20.8 | ||
| Siemens | N/A | SICAM A8000 CP-8000 versions antérieures à 16 | ||
| Siemens | N/A | SCALANCE X408 versions antérieures à V4.1.3 | ||
| Siemens | N/A | LOGO! Soft Comfort versions antérieures à 8.3 | ||
| Siemens | N/A | SIMATIC ITC1500 V3.1 toutes versions | ||
| Siemens | N/A | SICAM A8000 CP-8021 versions antérieures à 16 | ||
| Siemens | N/A | SCALANCE X414 toutes versions | ||
| Siemens | N/A | SICAM A8000 CP-8022 versions antérieures à 16 | ||
| Siemens | N/A | SENTRON PAC4200 versions antérieures à 2.0.1 | ||
| Siemens | N/A | SCALANCE X-200IRT switch family (incl. SIPLUSNET variants) versions antérieures à 5.4.1 | ||
| Siemens | N/A | SIRIUS 3RW5 communication module ModbusTCP toutes versions | ||
| Siemens | N/A | SIMATIC ITC1900 V3.1 toutes versions | ||
| Siemens | N/A | SCALANCE X-200RNA switch family versions antérieures à 3.2.6 | ||
| Siemens | N/A | RFID 181EIP toutes versions | ||
| Siemens | N/A | SIMATIC HMI KTP Mobile Panels KTP400F,KTP700, KTP700F, KTP900 and KTP900F versions antérieures à la 16 sans le correctif numéro 3 | ||
| Siemens | N/A | SIMATIC ET 200SP Open Controller(incl. SIPLUS variants) version 20.8 | ||
| Siemens | N/A | SIMATIC HMI Comfort Outdoor Panels 7" & 15"(incl. SIPLUS variants) versions antérieures à la 16 sans le correctif numéro 3 | ||
| Siemens | N/A | SIMATIC ITC1500 V3.1 PRO toutes versions | ||
| Siemens | N/A | SIMATIC RF182C toutes versions |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "XHQ versions ant\u00e9rieures \u00e0 6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITC1900 V3.1 PRO toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITC2200 V3.1 PRO toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO! 8 BM (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200 switch family (incl. SIPLUSNET variants) versions ant\u00e9rieures \u00e0 5.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI Comfort Panels 4\" - 22\"(incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 la 16 sans le correctif num\u00e9ro 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-300 switch family (incl. SIPLUSNET variants) versions ant\u00e9rieures \u00e0 4.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM Win versions ant\u00e9rieures \u00e0 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON PAC3200 versions ant\u00e9rieures \u00e0 2.4.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITC2200 V3.1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 Software Controller versions 20.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM A8000 CP-8000 versions ant\u00e9rieures \u00e0 16",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X408 versions ant\u00e9rieures \u00e0 V4.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO! Soft Comfort versions ant\u00e9rieures \u00e0 8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITC1500 V3.1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM A8000 CP-8021 versions ant\u00e9rieures \u00e0 16",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X414 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM A8000 CP-8022 versions ant\u00e9rieures \u00e0 16",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON PAC4200 versions ant\u00e9rieures \u00e0 2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200IRT switch family (incl. SIPLUSNET variants) versions ant\u00e9rieures \u00e0 5.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIRIUS 3RW5 communication module ModbusTCP toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITC1900 V3.1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200RNA switch family versions ant\u00e9rieures \u00e0 3.2.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RFID 181EIP toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI KTP Mobile Panels KTP400F,KTP700, KTP700F, KTP900 and KTP900F versions ant\u00e9rieures \u00e0 la 16 sans le correctif num\u00e9ro 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP Open Controller(incl. SIPLUS variants) version 20.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\"(incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 la 16 sans le correctif num\u00e9ro 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITC1500 V3.1 PRO toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF182C toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-8287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8287"
},
{
"name": "CVE-2020-25231",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25231"
},
{
"name": "CVE-2020-13988",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13988"
},
{
"name": "CVE-2020-25230",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25230"
},
{
"name": "CVE-2020-28396",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28396"
},
{
"name": "CVE-2020-15796",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15796"
},
{
"name": "CVE-2019-15680",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15680"
},
{
"name": "CVE-2020-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25235"
},
{
"name": "CVE-2018-4833",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4833"
},
{
"name": "CVE-2019-19289",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19289"
},
{
"name": "CVE-2019-19287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19287"
},
{
"name": "CVE-2019-19283",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19283"
},
{
"name": "CVE-2020-25228",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25228"
},
{
"name": "CVE-2019-19286",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19286"
},
{
"name": "CVE-2019-15679",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15679"
},
{
"name": "CVE-2019-19285",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19285"
},
{
"name": "CVE-2020-25232",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25232"
},
{
"name": "CVE-2019-19288",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19288"
},
{
"name": "CVE-2019-19284",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19284"
},
{
"name": "CVE-2020-25233",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25233"
},
{
"name": "CVE-2020-25234",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25234"
},
{
"name": "CVE-2020-25229",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25229"
},
{
"name": "CVE-2019-15678",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15678"
}
],
"initial_release_date": "2020-12-08T00:00:00",
"last_revision_date": "2020-12-08T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-800",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-12-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-478893 du 8 d\u00e9cembre 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-700697 du 8 d\u00e9cembre 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-700697.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-541017 du 8 d\u00e9cembre 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-541017.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-480824 du 8 d\u00e9cembre 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480824.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-712690 du 8 d\u00e9cembre 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712690.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-181018 du 8 d\u00e9cembre 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-415783 du 8 d\u00e9cembre 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-415783.pdf"
}
]
}
Title
多款SIEMENS产品堆溢出漏洞
Description
SCALANCE X交换机用于连接可编程逻辑控制器(PLC)或人机界面(HMI)等工业组件。SCALANCE X-204RNA工业以太网网络接入点可实现非PRP终端设备的连接。RUGGEDDCOM WiMAX产品系列提供专用无线广域网解决方案。RFID 181-EIP是用于Ethernet/IP的RFID通信模块,可将两个串行SIMATIC标识读取器连接到以太网/IP扫描器。SIMATIC RF182C是用于以太网TCP/IP和XML的RFID通信模块,用于将两个串行SIMAITC识别读取器连接到PC或其他可通过以太网TCP/IP和XML进行通信的可编程设备。
多款SIEMENS产品堆溢出漏洞。位于同一本地网段(OSI第2层)中的非特权远程攻击者可以通过向客户端的DHCP请求发送特制的DHCP响应来获得受影响产品的远程代码执行。
Severity
中
Patch Name
多款SIEMENS产品堆溢出漏洞的补丁
Patch Description
SCALANCE X交换机用于连接可编程逻辑控制器(PLC)或人机界面(HMI)等工业组件。SCALANCE X-204RNA工业以太网网络接入点可实现非PRP终端设备的连接。RUGGEDDCOM WiMAX产品系列提供专用无线广域网解决方案。RFID 181-EIP是用于Ethernet/IP的RFID通信模块,可将两个串行SIMATIC标识读取器连接到以太网/IP扫描器。SIMATIC RF182C是用于以太网TCP/IP和XML的RFID通信模块,用于将两个串行SIMAITC识别读取器连接到PC或其他可通过以太网TCP/IP和XML进行通信的可编程设备。
多款SIEMENS产品堆溢出漏洞。位于同一本地网段(OSI第2层)中的非特权远程攻击者可以通过向客户端的DHCP请求发送特制的DHCP响应来获得受影响产品的远程代码执行。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下供应商提供的安全公告获得补丁信息: https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf
Reference
https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf
Impacted products
| Name | ['SIEMENS SCALANCE X408', 'SIEMENS SCALANCE X414', 'SIEMENS SCALANCE X-200 IRT <5.4.1', 'SIEMENS SCALANCE X-200 <5.2.3', 'SIEMENS RFID 181-EIP', 'SIEMENS RUGGEDCOM WiMAX V4.4', 'SIEMENS RUGGEDCOM WiMAX V4.5', 'SIEMENS SCALANCE X-204RNA', 'SIEMENS SCALANCE X-300', 'SIEMENS SIMATIC RF182C'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-4833"
}
},
"description": "SCALANCE X\u4ea4\u6362\u673a\u7528\u4e8e\u8fde\u63a5\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\uff08PLC\uff09\u6216\u4eba\u673a\u754c\u9762\uff08HMI\uff09\u7b49\u5de5\u4e1a\u7ec4\u4ef6\u3002SCALANCE X-204RNA\u5de5\u4e1a\u4ee5\u592a\u7f51\u7f51\u7edc\u63a5\u5165\u70b9\u53ef\u5b9e\u73b0\u975ePRP\u7ec8\u7aef\u8bbe\u5907\u7684\u8fde\u63a5\u3002RUGGEDDCOM WiMAX\u4ea7\u54c1\u7cfb\u5217\u63d0\u4f9b\u4e13\u7528\u65e0\u7ebf\u5e7f\u57df\u7f51\u89e3\u51b3\u65b9\u6848\u3002RFID 181-EIP\u662f\u7528\u4e8eEthernet/IP\u7684RFID\u901a\u4fe1\u6a21\u5757\uff0c\u53ef\u5c06\u4e24\u4e2a\u4e32\u884cSIMATIC\u6807\u8bc6\u8bfb\u53d6\u5668\u8fde\u63a5\u5230\u4ee5\u592a\u7f51/IP\u626b\u63cf\u5668\u3002SIMATIC RF182C\u662f\u7528\u4e8e\u4ee5\u592a\u7f51TCP/IP\u548cXML\u7684RFID\u901a\u4fe1\u6a21\u5757\uff0c\u7528\u4e8e\u5c06\u4e24\u4e2a\u4e32\u884cSIMAITC\u8bc6\u522b\u8bfb\u53d6\u5668\u8fde\u63a5\u5230PC\u6216\u5176\u4ed6\u53ef\u901a\u8fc7\u4ee5\u592a\u7f51TCP/IP\u548cXML\u8fdb\u884c\u901a\u4fe1\u7684\u53ef\u7f16\u7a0b\u8bbe\u5907\u3002\r\n\r\n\u591a\u6b3eSIEMENS\u4ea7\u54c1\u5806\u6ea2\u51fa\u6f0f\u6d1e\u3002\u4f4d\u4e8e\u540c\u4e00\u672c\u5730\u7f51\u6bb5\uff08OSI\u7b2c2\u5c42\uff09\u4e2d\u7684\u975e\u7279\u6743\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5411\u5ba2\u6237\u7aef\u7684DHCP\u8bf7\u6c42\u53d1\u9001\u7279\u5236\u7684DHCP\u54cd\u5e94\u6765\u83b7\u5f97\u53d7\u5f71\u54cd\u4ea7\u54c1\u7684\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002",
"discovererName": "Dr. Ang Cui and Joseph Pantoga from Red Balloon Security",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-11400",
"openTime": "2018-06-13",
"patchDescription": "SCALANCE X\u4ea4\u6362\u673a\u7528\u4e8e\u8fde\u63a5\u53ef\u7f16\u7a0b\u903b\u8f91\u63a7\u5236\u5668\uff08PLC\uff09\u6216\u4eba\u673a\u754c\u9762\uff08HMI\uff09\u7b49\u5de5\u4e1a\u7ec4\u4ef6\u3002SCALANCE X-204RNA\u5de5\u4e1a\u4ee5\u592a\u7f51\u7f51\u7edc\u63a5\u5165\u70b9\u53ef\u5b9e\u73b0\u975ePRP\u7ec8\u7aef\u8bbe\u5907\u7684\u8fde\u63a5\u3002RUGGEDDCOM WiMAX\u4ea7\u54c1\u7cfb\u5217\u63d0\u4f9b\u4e13\u7528\u65e0\u7ebf\u5e7f\u57df\u7f51\u89e3\u51b3\u65b9\u6848\u3002RFID 181-EIP\u662f\u7528\u4e8eEthernet/IP\u7684RFID\u901a\u4fe1\u6a21\u5757\uff0c\u53ef\u5c06\u4e24\u4e2a\u4e32\u884cSIMATIC\u6807\u8bc6\u8bfb\u53d6\u5668\u8fde\u63a5\u5230\u4ee5\u592a\u7f51/IP\u626b\u63cf\u5668\u3002SIMATIC RF182C\u662f\u7528\u4e8e\u4ee5\u592a\u7f51TCP/IP\u548cXML\u7684RFID\u901a\u4fe1\u6a21\u5757\uff0c\u7528\u4e8e\u5c06\u4e24\u4e2a\u4e32\u884cSIMAITC\u8bc6\u522b\u8bfb\u53d6\u5668\u8fde\u63a5\u5230PC\u6216\u5176\u4ed6\u53ef\u901a\u8fc7\u4ee5\u592a\u7f51TCP/IP\u548cXML\u8fdb\u884c\u901a\u4fe1\u7684\u53ef\u7f16\u7a0b\u8bbe\u5907\u3002\r\n\r\n\u591a\u6b3eSIEMENS\u4ea7\u54c1\u5806\u6ea2\u51fa\u6f0f\u6d1e\u3002\u4f4d\u4e8e\u540c\u4e00\u672c\u5730\u7f51\u6bb5\uff08OSI\u7b2c2\u5c42\uff09\u4e2d\u7684\u975e\u7279\u6743\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5411\u5ba2\u6237\u7aef\u7684DHCP\u8bf7\u6c42\u53d1\u9001\u7279\u5236\u7684DHCP\u54cd\u5e94\u6765\u83b7\u5f97\u53d7\u5f71\u54cd\u4ea7\u54c1\u7684\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "\u591a\u6b3eSIEMENS\u4ea7\u54c1\u5806\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"SIEMENS SCALANCE X408",
"SIEMENS SCALANCE X414",
"SIEMENS SCALANCE X-200 IRT \u003c5.4.1",
"SIEMENS SCALANCE X-200 \u003c5.2.3",
"SIEMENS RFID 181-EIP",
"SIEMENS RUGGEDCOM WiMAX V4.4",
"SIEMENS RUGGEDCOM WiMAX V4.5",
"SIEMENS SCALANCE X-204RNA",
"SIEMENS SCALANCE X-300",
"SIEMENS SIMATIC RF182C"
]
},
"referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf",
"serverity": "\u4e2d",
"submitTime": "2018-06-13",
"title": "\u591a\u6b3eSIEMENS\u4ea7\u54c1\u5806\u6ea2\u51fa\u6f0f\u6d1e"
}
FKIE_CVE-2018-4833
Vulnerability from fkie_nvd - Published: 2018-06-14 16:29 - Updated: 2024-11-21 04:07
Severity
Summary
A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:rfid_181-eip_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD1CF0F-8773-458A-B895-AD7C28BE95B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:rfid_181-eip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E564B5-8196-46CA-8F31-3D8220C06144",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_wimax_firmware:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DAD0FAEE-28AE-4B56-AAFF-46BEF95D8686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:ruggedcom_wimax_firmware:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "77A98129-42ED-41BE-94D7-93AB6EDB9E1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:ruggedcom_wimax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88B2BEB2-4A91-4EF1-8541-C2EBB79CCA1F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82699DAE-653E-4892-AABE-BD7EB0D08224",
"versionEndExcluding": "5.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A59C91EA-5D1B-4970-8C36-BD76BA420B12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x200irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7AA7D616-B6B3-4883-9EC2-ED08C8F22D99",
"versionEndExcluding": "5.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x200irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4201AF3-421F-4FD2-9449-2D89D2194250",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x204rna_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "233B6B4C-1EB6-47AB-8485-7BB585641407",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA8B483F-0FD2-49F8-A86A-672A6E007949",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E05BF7A-928C-4BF3-963F-7168037DFD51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F6299B-D7E3-4750-B016-7DCBC83C2287",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x408_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C003438B-9750-42D9-8DAE-93506BC023C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x408:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47F713E4-4B75-476E-BC21-92CA10198AE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x414_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDB94AE-1ADF-468A-93BB-7DC0A2086AC2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x414:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E4C1BEF-D6B4-4260-9AC5-6F903EF6F4B1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_rf182c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "029686AF-F3F7-4A61-8DD0-22B9D357C614",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_rf182c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7540DAD9-2AAC-46A9-B1C5-BB1AC4FCE710",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.4.1), SCALANCE X-200RNA switch family (All versions \u003c V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions \u003c V4.1.3), SCALANCE X408 (All versions \u003c V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client\u0027s DHCP request."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en RFID 181-EIP (Todas las versiones), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), familia de switches SCALANCE X-200 (incluidas las variantes SIPLUS NET) (Todas las versiones anteriores a la V5.2.3), familia de switches SCALANCE X-200IRT (incluidas las variantes SIPLUS NET) (Todas las versiones anteriores a V5.4.1), familia de switches SCALANCE X-200RNA (Todas las versiones anteriores a la V3.2.6), familia de switches SCALANCE X-300 (incluidas las variantes SIPLUS NET) (Todas las versiones anteriores a la V4.1.3), SCALANCE X408 (Todas las versiones anteriores a la V4.1.3), SCALANCE X414 (Todas las versiones), SIMATIC RF182C (Todas las versiones). Los atacantes remotos no privilegiados ubicados en el mismo segmento de red local (capa 2 de OSI) podr\u00edan obtener la ejecuci\u00f3n remota de c\u00f3digo en los productos afectados enviando una respuesta DHCP especialmente dise\u00f1ada a la solicitud DHCP de un cliente."
}
],
"id": "CVE-2018-4833",
"lastModified": "2024-11-21T04:07:32.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-14T16:29:00.333",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
GHSA-W74M-FCHP-7MQ8
Vulnerability from github – Published: 2022-05-13 01:12 – Updated: 2022-05-13 01:12
VLAI
Details
A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request.
Severity
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2018-4833"
],
"database_specific": {
"cwe_ids": [
"CWE-122"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-14T16:29:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.4.1), SCALANCE X-200RNA switch family (All versions \u003c V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions \u003c V4.1.3), SCALANCE X408 (All versions \u003c V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client\u0027s DHCP request.",
"id": "GHSA-w74m-fchp-7mq8",
"modified": "2022-05-13T01:12:19Z",
"published": "2022-05-13T01:12:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4833"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2018-4833
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-4833",
"description": "A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.4.1), SCALANCE X-200RNA switch family (All versions \u003c V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions \u003c V4.1.3), SCALANCE X408 (All versions \u003c V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client\u0027s DHCP request.",
"id": "GSD-2018-4833"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-4833"
],
"details": "A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.4.1), SCALANCE X-200RNA switch family (All versions \u003c V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions \u003c V4.1.3), SCALANCE X408 (All versions \u003c V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client\u0027s DHCP request.",
"id": "GSD-2018-4833",
"modified": "2023-12-13T01:22:28.505439Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-4833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RFID 181EIP",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "RUGGEDCOM Win",
"version": {
"version_data": [
{
"version_value": "V4.4, V4.5, V5.0, and V5.1"
}
]
}
},
{
"product_name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.2.3"
}
]
}
},
{
"product_name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.4.1"
}
]
}
},
{
"product_name": "SCALANCE X-200RNA switch family",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.2.6"
}
]
}
},
{
"product_name": "SCALANCE X-300 switch family (incl. SIPLUS NET variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.3"
}
]
}
},
{
"product_name": "SCALANCE X408",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.3"
}
]
}
},
{
"product_name": "SCALANCE X414",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC RF182C",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.4.1), SCALANCE X-200RNA switch family (All versions \u003c V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions \u003c V4.1.3), SCALANCE X408 (All versions \u003c V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client\u0027s DHCP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:rfid_181-eip_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:rfid_181-eip:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_wimax_firmware:4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_wimax_firmware:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_wimax:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x200irt_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.4.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x200irt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x204rna_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x300_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x408_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x408:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x414_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x414:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:simatic_rf182c_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:simatic_rf182c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-4833"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.4.1), SCALANCE X-200RNA switch family (All versions \u003c V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions \u003c V4.1.3), SCALANCE X408 (All versions \u003c V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client\u0027s DHCP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-12-14T21:15Z",
"publishedDate": "2018-06-14T16:29Z"
}
}
}
ICSA-18-165-01
Vulnerability from csaf_cisa - Published: 2018-06-12 00:00 - Updated: 2020-12-08 00:00Summary
Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C (Update D)
Notes
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional Resources: Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Terms of Use: Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer: This CISA CSAF advisory was converted from a Siemens ProductCERT's advisory.
Critical infrastructure sectors: Multiple
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
CWE-122
- Heap-based Buffer Overflow
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Siemens RFID 181EIP: All versions
Siemens / RFID 181EIP
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Siemens RUGGEDCOM Win: V4.4, V4.5, V5.0, V5.1
Siemens / RUGGEDCOM Win
|
V4.4|V4.5|V5.0|V5.1 |
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
|
|
|
Siemens SCALANCE X-200 switch family (incl.'SIPLUS NET variants): All versions < V5.2.3
Siemens / SCALANCE X-200 switch family (incl.'SIPLUS NET variants)
|
<V5.2.3 |
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
|
|
|
Siemens SCALANCE X-200IRT switch family (incl.'SIPLUS NET variants): All versions < V5.4.1
Siemens / SCALANCE X-200IRT switch family (incl.'SIPLUS NET variants)
|
<V5.4.1 |
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
|
|
|
Siemens SCALANCE X-200RNA switch family: All versions < V3.2.6
Siemens / SCALANCE X-200RNA switch family
|
<V3.2.6 |
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
|
|
|
Siemens SCALANCE X-300 switch family (incl.'SIPLUS NET variants): All versions < V4.1.3
Siemens / SCALANCE X-300 switch family (incl.'SIPLUS NET variants)
|
<V4.1.3 |
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
|
|
|
Siemens SCALANCE X408: All versions < V4.1.3
Siemens / SCALANCE X408
|
<V4.1.3 |
Mitigation
Mitigation
Mitigation
Mitigation
Vendor Fix
|
|
|
Siemens SCALANCE X414: All versions
Siemens / SCALANCE X414
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
|
|
Siemens SIMATIC RF182C: All versions
Siemens / SIMATIC RF182C
|
vers:all/* |
Mitigation
Mitigation
Mitigation
Mitigation
|
References
9 references
Acknowledgments
Siemens ProductCERT
Red Balloon Security
Dr. Ang Cui
Joseph Pantoga
Kaspersky
Artem Zinenko
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting this vulnerability to CISA."
},
{
"names": [
"Dr. Ang Cui",
"Joseph Pantoga"
],
"organization": "Red Balloon Security",
"summary": "for coordinating disclosure"
},
{
"names": [
"Artem Zinenko"
],
"organization": "Kaspersky",
"summary": "for pointing out that SIPLUS should also be mentioned"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.",
"title": "General Recommendations"
},
{
"category": "general",
"text": "Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from a Siemens ProductCERT\u0027s advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-181018: Heap Overflow Vulnerability in SCALANCE X switches, RUGGEDCOM Win, RFID\n 181EIP, and SIMATIC RF182C - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-181018.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-18-165-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsa-18-165-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-18-165-01 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-165-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C (Update D)",
"tracking": {
"current_release_date": "2020-12-08T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-18-165-01",
"initial_release_date": "2018-06-12T00:00:00.000000Z",
"revision_history": [
{
"date": "2018-06-12T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2018-12-11T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added solution for RUGGEDCOM Win"
},
{
"date": "2018-12-13T00:00:00.000000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Update for RUGGEDCOM Win not available, see mitigations"
},
{
"date": "2019-01-08T00:00:00.000000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added solution for RUGGEDCOM Win"
},
{
"date": "2019-06-11T00:00:00.000000Z",
"legacy_version": "1.4",
"number": "5",
"summary": "Clarified product names. Added solution for SCALANCE X200RNA"
},
{
"date": "2020-12-08T00:00:00.000000Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Informed about successor products for SIMATIC RF182C and RFID 181EIP"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Siemens RFID 181EIP: All versions",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "RFID 181EIP"
},
{
"branches": [
{
"category": "product_version_range",
"name": "V4.4|V4.5|V5.0|V5.1",
"product": {
"name": "Siemens RUGGEDCOM Win: V4.4, V4.5, V5.0, V5.1",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM Win"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.3",
"product": {
"name": "Siemens SCALANCE X-200 switch family (incl.\u0027SIPLUS NET variants): All versions \u003c V5.2.3",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "SCALANCE X-200 switch family (incl.\u0027SIPLUS NET variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.4.1",
"product": {
"name": "Siemens SCALANCE X-200IRT switch family (incl.\u0027SIPLUS NET variants): All versions \u003c V5.4.1",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "SCALANCE X-200IRT switch family (incl.\u0027SIPLUS NET variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.2.6",
"product": {
"name": "Siemens SCALANCE X-200RNA switch family: All versions \u003c V3.2.6",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "SCALANCE X-200RNA switch family"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV4.1.3",
"product": {
"name": "Siemens SCALANCE X-300 switch family (incl.\u0027SIPLUS NET variants): All versions \u003c V4.1.3",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "SCALANCE X-300 switch family (incl.\u0027SIPLUS NET variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV4.1.3",
"product": {
"name": "Siemens SCALANCE X408: All versions \u003c V4.1.3",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "SCALANCE X408"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Siemens SCALANCE X414: All versions",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "SCALANCE X414"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Siemens SIMATIC RF182C: All versions",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "SIMATIC RF182C"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-4833",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client\u0027s DHCP request.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Use static IP addresses instead of DHCP",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "Apply cell protection concept: https://www.siemens.com/cert/operational-guidelines-industrial-security",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "Apply Defense-in-Depth: https://www.siemens.com/cert/operational-guidelines-industrial-security",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "For SIMATIC RF182C and RFID 181EIP: migrate to a successor product within the SIMATIC RF18xC/CI family, V1.3 or later version. For details refer to the phase-out announcement.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "Update to V5.2 https://support.industry.siemens.com/cs/ww/en/view/109762466 ",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Update to V5.2.3 https://support.industry.siemens.com/cs/ww/en/view/109758142",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Update to V5.4.1 https://support.industry.siemens.com/cs/ww/en/view/109758144",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.2.6 https://support.industry.siemens.com/cs/ww/en/view/109767359",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "vendor_fix",
"details": "Update to V4.1.3 https://support.industry.siemens.com/cs/document/109773547",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0007"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
}
],
"title": "CVE-2018-4833"
}
]
}
VAR-201806-1777
Vulnerability from variot - Updated: 2024-11-23 21:38A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request. plural Siemens The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs). The SCALANCE X-204RNA Industrial Ethernet network access point enables the connection of non-PRP terminal devices. The RUGGEDDCOM WiMAX product line offers a dedicated wireless WAN solution. The RFID 181-EIP is an RFID communication module for Ethernet/IP that connects two serial SIMATIC identification readers to an Ethernet/IP scanner. The SIMATIC RF182C is an RFID communication module for Ethernet TCP/IP and XML for connecting two serial SIMAITC identification readers to a PC or other programmable device that can communicate via Ethernet TCP/IP and XML. Multiple SIEMENS product heap overflow vulnerabilities. An attacker can exploit this issue to inject and execute arbitrary code in the context of the affected application. Siemens RFID 181-EIP, etc. are all products of Germany's Siemens (Siemens). SCALANCE X-200 is an industrial grade Ethernet switch product. The following products and versions are affected: Siemens RFID 181-EIP; RUGGEDCOM WiMAX Version 4.4, Version 4.5; SCALANCE X-200 up to 5.2.3; SCALANCE X-200 IRT up to 5.4.1; SCALANCE X-204RNA; SCALANCE X- 300; SCALANCE X408; SCALANCE X414; SIMATIC RF182C
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-1777",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ruggedcom wimax",
"scope": "eq",
"trust": 2.7,
"vendor": "siemens",
"version": "4.5"
},
{
"model": "ruggedcom wimax",
"scope": "eq",
"trust": 2.7,
"vendor": "siemens",
"version": "4.4"
},
{
"model": "scalance x200",
"scope": "lt",
"trust": 1.8,
"vendor": "siemens",
"version": "5.2.3"
},
{
"model": "rfid 181-eip",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance x300",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf182c",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance x408",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance x414",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance x204rna",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "rfid 181-eip",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "simatic rf182c",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "scalance x200irt",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.4.1"
},
{
"model": "scalance x-300",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance x200 irt",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "5.4.1"
},
{
"model": "scalance x204rna",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance x408",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance x414",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "x408"
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "x414"
},
{
"model": "scalance irt",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "x-200\u003c5.4.1"
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "x-200\u003c5.2.3"
},
{
"model": "ruggedcom wimax",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.4"
},
{
"model": "ruggedcom wimax",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.5"
},
{
"model": "scalance x-204rna",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "x-300"
},
{
"model": "scalance x200irt",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "5.1.0"
},
{
"model": "scalance x200irt",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "5.0.0"
},
{
"model": "simatic rf182c",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "x4140"
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "x4080"
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "x-3000"
},
{
"model": "scalance x-204rna",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "scalance irt",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "x-2000"
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "x-2000"
},
{
"model": "rfid 181-eip",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "scalance irt",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "x-2005.4.1"
},
{
"model": "scalance",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "x-2005.2.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "rfid 181 eip",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ruggedcom wimax",
"version": "4.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ruggedcom wimax",
"version": "4.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance x200",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance x200irt",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance x204rna",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance x300",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance x408",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scalance x414",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic rf182c",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2f3a541-39ab-11e9-815a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11400"
},
{
"db": "BID",
"id": "104482"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006612"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-876"
},
{
"db": "NVD",
"id": "CVE-2018-4833"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:siemens:rfid_181-eip_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:ruggedcom_wimax_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:scalance_x-300_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_x200irt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_x200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_x204rna_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_x408_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:scalance_x414_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:simatic_rf182c_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006612"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dr. Ang Cui and Joseph Pantoga from Red Balloon",
"sources": [
{
"db": "BID",
"id": "104482"
}
],
"trust": 0.3
},
"cve": "CVE-2018-4833",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2018-4833",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "CNVD-2018-11400",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "e2f3a541-39ab-11e9-815a-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-134864",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-4833",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-4833",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-4833",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-11400",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-876",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2f3a541-39ab-11e9-815a-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-134864",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f3a541-39ab-11e9-815a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11400"
},
{
"db": "VULHUB",
"id": "VHN-134864"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006612"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-876"
},
{
"db": "NVD",
"id": "CVE-2018-4833"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.4.1), SCALANCE X-200RNA switch family (All versions \u003c V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions \u003c V4.1.3), SCALANCE X408 (All versions \u003c V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client\u0027s DHCP request. plural Siemens The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs). The SCALANCE X-204RNA Industrial Ethernet network access point enables the connection of non-PRP terminal devices. The RUGGEDDCOM WiMAX product line offers a dedicated wireless WAN solution. The RFID 181-EIP is an RFID communication module for Ethernet/IP that connects two serial SIMATIC identification readers to an Ethernet/IP scanner. The SIMATIC RF182C is an RFID communication module for Ethernet TCP/IP and XML for connecting two serial SIMAITC identification readers to a PC or other programmable device that can communicate via Ethernet TCP/IP and XML. Multiple SIEMENS product heap overflow vulnerabilities. \nAn attacker can exploit this issue to inject and execute arbitrary code in the context of the affected application. Siemens RFID 181-EIP, etc. are all products of Germany\u0027s Siemens (Siemens). SCALANCE X-200 is an industrial grade Ethernet switch product. The following products and versions are affected: Siemens RFID 181-EIP; RUGGEDCOM WiMAX Version 4.4, Version 4.5; SCALANCE X-200 up to 5.2.3; SCALANCE X-200 IRT up to 5.4.1; SCALANCE X-204RNA; SCALANCE X- 300; SCALANCE X408; SCALANCE X414; SIMATIC RF182C",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4833"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006612"
},
{
"db": "CNVD",
"id": "CNVD-2018-11400"
},
{
"db": "BID",
"id": "104482"
},
{
"db": "IVD",
"id": "e2f3a541-39ab-11e9-815a-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-134864"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-4833",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-181018",
"trust": 2.3
},
{
"db": "ICS CERT",
"id": "ICSA-18-165-01",
"trust": 1.7
},
{
"db": "BID",
"id": "104482",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2018-11400",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-876",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006612",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F3A541-39AB-11E9-815A-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-134864",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f3a541-39ab-11e9-815a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11400"
},
{
"db": "VULHUB",
"id": "VHN-134864"
},
{
"db": "BID",
"id": "104482"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006612"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-876"
},
{
"db": "NVD",
"id": "CVE-2018-4833"
}
]
},
"id": "VAR-201806-1777",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f3a541-39ab-11e9-815a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11400"
},
{
"db": "VULHUB",
"id": "VHN-134864"
}
],
"trust": 1.50166285
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f3a541-39ab-11e9-815a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11400"
}
]
},
"last_update_date": "2024-11-23T21:38:46.825000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-181018",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf"
},
{
"title": "Patches for multiple SIEMENS product heap overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/131863"
},
{
"title": "Multiple Siemens Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80924"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11400"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006612"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-876"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
},
{
"problemtype": "CWE-122",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134864"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006612"
},
{
"db": "NVD",
"id": "CVE-2018-4833"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-165-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4833"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4833"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-18-165-01"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-18-165-01"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11400"
},
{
"db": "VULHUB",
"id": "VHN-134864"
},
{
"db": "BID",
"id": "104482"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006612"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-876"
},
{
"db": "NVD",
"id": "CVE-2018-4833"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f3a541-39ab-11e9-815a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11400"
},
{
"db": "VULHUB",
"id": "VHN-134864"
},
{
"db": "BID",
"id": "104482"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006612"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-876"
},
{
"db": "NVD",
"id": "CVE-2018-4833"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-13T00:00:00",
"db": "IVD",
"id": "e2f3a541-39ab-11e9-815a-000c29342cb1"
},
{
"date": "2018-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11400"
},
{
"date": "2018-06-14T00:00:00",
"db": "VULHUB",
"id": "VHN-134864"
},
{
"date": "2018-06-14T00:00:00",
"db": "BID",
"id": "104482"
},
{
"date": "2018-08-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006612"
},
{
"date": "2018-06-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-876"
},
{
"date": "2018-06-14T16:29:00.333000",
"db": "NVD",
"id": "CVE-2018-4833"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11400"
},
{
"date": "2020-01-16T00:00:00",
"db": "VULHUB",
"id": "VHN-134864"
},
{
"date": "2018-06-14T00:00:00",
"db": "BID",
"id": "104482"
},
{
"date": "2018-10-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006612"
},
{
"date": "2020-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-876"
},
{
"date": "2024-11-21T04:07:32.737000",
"db": "NVD",
"id": "CVE-2018-4833"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-876"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens Vulnerability related to input validation in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006612"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "e2f3a541-39ab-11e9-815a-000c29342cb1"
},
{
"db": "BID",
"id": "104482"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-876"
}
],
"trust": 1.1
}
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…