Details of VAR-201007-0198

ID

VAR-201007-0198

CVE

CVE-2010-2772

TITLE

Siemens SIMATIC WinCC Default Password Security Bypass Vulnerability

Trust: 1.3

sources: IVD: 7d70cfdf-463f-11e9-ad83-000c29342cb1 // IVD: 407e95f0-1fb3-11e6-abef-000c29c66e3d // CNVD: CNVD-2010-1369 // BID: 41753

DESCRIPTION

Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. The Siemens SIMATIC WinCC data uses the built-in user name and password and does not inform the user that it needs to be modified. An attacker can use this information to read database data or inject code into a database. Siemens SIMATIC WinCC is affected by a vulnerability that allows attackers to bypass security. Successfully exploiting this issue may lead to further attacks. ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Siemens SIMATIC WinCC Undocumented Database User Account SECUNIA ADVISORY ID: SA40682 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40682/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40682 RELEASE DATE: 2010-07-24 DISCUSS ADVISORY: http://secunia.com/advisories/40682/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40682/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40682 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Siemens SIMATIC WinCC, which can be exploited by malicious people to gain unauthorised access. SOLUTION: Restrict network access to the database to trusted users only. PROVIDED AND/OR DISCOVERED BY: Discovered in the wild. ORIGINAL ADVISORY: http://www.wilderssecurity.com/showpost.php?p=1712134&postcount=22 http://www.f-secure.com/weblog/archives/00001987.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.24

sources: NVD: CVE-2010-2772 // JVNDB: JVNDB-2010-001829 // CNVD: CNVD-2010-1369 // BID: 41753 // IVD: 06a89dde-2356-11e6-abef-000c29c66e3d // IVD: 7d70cfdf-463f-11e9-ad83-000c29342cb1 // IVD: 407e95f0-1fb3-11e6-abef-000c29c66e3d // VULHUB: VHN-45377 // VULMON: CVE-2010-2772 // PACKETSTORM: 92130

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.2

sources: IVD: 06a89dde-2356-11e6-abef-000c29c66e3d // IVD: 7d70cfdf-463f-11e9-ad83-000c29342cb1 // IVD: 407e95f0-1fb3-11e6-abef-000c29c66e3d // CNVD: CNVD-2010-1369

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic wincc	scope:	eq	version:	6.2	Trust: 2.5
vendor:	siemens	model:	simatic pcs 7	scope:	eq	version:	6.0	Trust: 1.6
vendor:	siemens	model:	simatic pcs 7	scope:	eq	version:	6.1	Trust: 1.6
vendor:	siemens	model:	simatic pcs 7	scope:	eq	version:	7.1	Trust: 1.6
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	7.0	Trust: 1.6
vendor:	siemens	model:	simatic pcs 7	scope:	eq	version:	7.0	Trust: 1.6
vendor:	simatic pcs 7	model:	-	scope:	eq	version:	7.0	Trust: 1.2
vendor:	simatic pcs 7	model:	-	scope:	eq	version:	7.1	Trust: 1.2
vendor:	シーメンス	model:	simatic wincc	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	simatic pcs 7	scope:	-	version:	-	Trust: 0.8
vendor:	simatic wincc	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	simatic wincc	model:	-	scope:	eq	version:	6.2	Trust: 0.6
vendor:	simatic wincc	model:	-	scope:	eq	version:	7.0	Trust: 0.6
vendor:	simatic pcs 7	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	simatic pcs 7	model:	-	scope:	eq	version:	6.0	Trust: 0.6
vendor:	simatic pcs 7	model:	-	scope:	eq	version:	6.1	Trust: 0.6
vendor:	siemens	model:	simatic wincc	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic pcs 7	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	0	Trust: 0.3

sources: IVD: 06a89dde-2356-11e6-abef-000c29c66e3d // IVD: 7d70cfdf-463f-11e9-ad83-000c29342cb1 // IVD: 407e95f0-1fb3-11e6-abef-000c29c66e3d // CNVD: CNVD-2010-1369 // BID: 41753 // JVNDB: JVNDB-2010-001829 // CNNVD: CNNVD-201007-241 // NVD: CVE-2010-2772

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-2772
value:	HIGH
Trust: 1.0
NVD:	CVE-2010-2772
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201007-241
value:	MEDIUM
Trust: 0.6
IVD:	06a89dde-2356-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
IVD:	7d70cfdf-463f-11e9-ad83-000c29342cb1
value:	MEDIUM
Trust: 0.2
IVD:	407e95f0-1fb3-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-45377
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2010-2772
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-2772
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
IVD:	06a89dde-2356-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	7d70cfdf-463f-11e9-ad83-000c29342cb1
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	407e95f0-1fb3-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-45377
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2010-2772
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2010-2772
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 06a89dde-2356-11e6-abef-000c29c66e3d // IVD: 7d70cfdf-463f-11e9-ad83-000c29342cb1 // IVD: 407e95f0-1fb3-11e6-abef-000c29c66e3d // VULHUB: VHN-45377 // VULMON: CVE-2010-2772 // JVNDB: JVNDB-2010-001829 // CNNVD: CNNVD-201007-241 // NVD: CVE-2010-2772

PROBLEMTYPE DATA

problemtype:	CWE-798	Trust: 1.0
problemtype:	Use hard-coded credentials (CWE-798) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-255	Trust: 0.1

sources: VULHUB: VHN-45377 // JVNDB: JVNDB-2010-001829 // NVD: CVE-2010-2772

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201007-241

TYPE

Trust management

Trust: 1.2

sources: IVD: 06a89dde-2356-11e6-abef-000c29c66e3d // IVD: 7d70cfdf-463f-11e9-ad83-000c29342cb1 // IVD: 407e95f0-1fb3-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201007-241

PATCH

title:	Product Support	url:	http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&aktprim=0&siteid=cseus&lang=en&siteid=cseus&groupid=4000003&groupid=4000003&groupid=4000003&extranet=standard&viewreg=WW&nodeid0=10805583	Trust: 0.8
title:	Siemens SIMATIC WinCC default password security bypass vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/81338	Trust: 0.6
title:	win32-stuxnet	url:	https://github.com/uraninite/win32-stuxnet	Trust: 0.1
title:	welivesecurity	url:	https://www.welivesecurity.com/2016/06/07/infrastructure-attacks-next-generation/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/kelihos-update-includes-new-tld-and-usb-infection-capabilities-121112/77299/	Trust: 0.1

sources: CNVD: CNVD-2010-1369 // VULMON: CVE-2010-2772 // JVNDB: JVNDB-2010-001829

EXTERNAL IDS

db:	NVD	id:	CVE-2010-2772	Trust: 4.3
db:	BID	id:	41753	Trust: 2.9
db:	SECUNIA	id:	40682	Trust: 2.1
db:	ICS CERT	id:	ICSA-12-205-01	Trust: 2.0
db:	VUPEN	id:	ADV-2010-1893	Trust: 1.9
db:	CNNVD	id:	CNNVD-201007-241	Trust: 1.3
db:	CNVD	id:	CNVD-2010-1369	Trust: 1.0
db:	XF	id:	60587	Trust: 0.8
db:	JVNDB	id:	JVNDB-2010-001829	Trust: 0.8
db:	IVD	id:	06A89DDE-2356-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	7D70CFDF-463F-11E9-AD83-000C29342CB1	Trust: 0.2
db:	IVD	id:	407E95F0-1FB3-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-45377	Trust: 0.1
db:	VUPEN	id:	2010/1893	Trust: 0.1
db:	VULMON	id:	CVE-2010-2772	Trust: 0.1
db:	PACKETSTORM	id:	92130	Trust: 0.1

sources: IVD: 06a89dde-2356-11e6-abef-000c29c66e3d // IVD: 7d70cfdf-463f-11e9-ad83-000c29342cb1 // IVD: 407e95f0-1fb3-11e6-abef-000c29c66e3d // CNVD: CNVD-2010-1369 // VULHUB: VHN-45377 // VULMON: CVE-2010-2772 // BID: 41753 // JVNDB: JVNDB-2010-001829 // PACKETSTORM: 92130 // CNNVD: CNNVD-201007-241 // NVD: CVE-2010-2772

REFERENCES

url:	http://www.securityfocus.com/bid/41753	Trust: 2.0
url:	http://ics-cert.us-cert.gov/advisories/icsa-12-205-01	Trust: 2.0
url:	http://secunia.com/advisories/40682	Trust: 2.0
url:	http://www.vupen.com/english/advisories/2010/1893	Trust: 2.0
url:	http://www.sea.siemens.com/us/news/industrial/pages/wincc_update.aspx	Trust: 1.8
url:	http://infoworld.com/d/security-central/new-weaponized-virus-targets-industrial-secrets-725	Trust: 1.8
url:	http://infoworld.com/d/security-central/siemens-warns-users-dont-change-passwords-after-worm-attack-915?sourcefssr	Trust: 1.8
url:	http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/	Trust: 1.8
url:	http://www.wired.com/threatlevel/2010/07/siemens-scada/	Trust: 1.8
url:	http://www.automation.siemens.com/forum/guests/postshow.aspx?postid=16127&16127&language=en&pageindex=1	Trust: 1.7
url:	http://support.automation.siemens.com/ww/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&caller=viewhttp://support.automation.siemens.com/ww/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&c	Trust: 1.4
url:	http://www.f-secure.com/weblog/archives/00001987.html	Trust: 1.3
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/60587	Trust: 1.2
url:	http://www.wilderssecurity.com/showpost.php?p=1712134&postcount=22	Trust: 1.2
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2772	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/60587	Trust: 0.8
url:	http://it.slashdot.org/comments.pl?sid=1721020	Trust: 0.6
url:	http://it.slashdot.org/comments.pl?sid=1721020&cid=32920758	Trust: 0.3
url:	http://aunz.siemens.com/newscentre/productreleases/pages/iac_pr_simaticwinccv62.aspx	Trust: 0.3
url:	https://www.automation.siemens.com/forum/guests/postshow.aspx?postid=16127&language=en&pageindex=2	Trust: 0.3
url:	http://support.automation.siemens.com/ww/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&caller=viewhttp://support.automation.siemens.com/ww/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&c	Trust: 0.1
url:	http://www.automation.siemens.com/forum/guests/postshow.aspx?postid=16127&16127&language=en&pageindex=1	Trust: 0.1
url:	http://www.wilderssecurity.com/showpost.php?p=1712134&postcount=22	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/255.html	Trust: 0.1
url:	https://github.com/uraninite/win32-stuxnet	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=20969	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/kelihos-update-includes-new-tld-and-usb-infection-capabilities-121112/77299/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=40682	Trust: 0.1
url:	http://secunia.com/products/corporate/evm/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/40682/#comments	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/advisories/40682/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/gfx/pdf/secunia_half_year_report_2010.pdf	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2010-1369 // VULHUB: VHN-45377 // VULMON: CVE-2010-2772 // BID: 41753 // JVNDB: JVNDB-2010-001829 // PACKETSTORM: 92130 // CNNVD: CNNVD-201007-241 // NVD: CVE-2010-2772

CREDITS

Siemens

Trust: 0.3

sources: BID: 41753

SOURCES

db:	IVD	id:	06a89dde-2356-11e6-abef-000c29c66e3d
db:	IVD	id:	7d70cfdf-463f-11e9-ad83-000c29342cb1
db:	IVD	id:	407e95f0-1fb3-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2010-1369
db:	VULHUB	id:	VHN-45377
db:	VULMON	id:	CVE-2010-2772
db:	BID	id:	41753
db:	JVNDB	id:	JVNDB-2010-001829
db:	PACKETSTORM	id:	92130
db:	CNNVD	id:	CNNVD-201007-241
db:	NVD	id:	CVE-2010-2772

LAST UPDATE DATE

2024-08-14T14:21:44.737000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-1369	date:	2016-09-13T00:00:00
db:	VULHUB	id:	VHN-45377	date:	2017-08-17T00:00:00
db:	VULMON	id:	CVE-2010-2772	date:	2017-08-17T00:00:00
db:	BID	id:	41753	date:	2015-03-19T09:27:00
db:	JVNDB	id:	JVNDB-2010-001829	date:	2024-03-01T04:05:00
db:	CNNVD	id:	CNNVD-201007-241	date:	2010-07-23T00:00:00
db:	NVD	id:	CVE-2010-2772	date:	2024-02-13T16:44:42.830

SOURCES RELEASE DATE

db:	IVD	id:	06a89dde-2356-11e6-abef-000c29c66e3d	date:	2010-07-23T00:00:00
db:	IVD	id:	7d70cfdf-463f-11e9-ad83-000c29342cb1	date:	2010-07-18T00:00:00
db:	IVD	id:	407e95f0-1fb3-11e6-abef-000c29c66e3d	date:	2010-07-18T00:00:00
db:	CNVD	id:	CNVD-2010-1369	date:	2010-07-18T00:00:00
db:	VULHUB	id:	VHN-45377	date:	2010-07-22T00:00:00
db:	VULMON	id:	CVE-2010-2772	date:	2010-07-22T00:00:00
db:	BID	id:	41753	date:	2010-07-16T00:00:00
db:	JVNDB	id:	JVNDB-2010-001829	date:	2010-08-16T00:00:00
db:	PACKETSTORM	id:	92130	date:	2010-07-26T12:08:47
db:	CNNVD	id:	CNNVD-201007-241	date:	2010-07-23T00:00:00
db:	NVD	id:	CVE-2010-2772	date:	2010-07-22T05:43:58.250