ID

VAR-201202-0049


CVE

CVE-2011-4514


TITLE

plural Siemens Product TELNET Access vulnerability in daemon

Trust: 0.8

sources: JVNDB: JVNDB-2012-001316

DESCRIPTION

The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session. plural Siemens Product TELNET Since the daemon does not authenticate, there is a vulnerability that allows easy access.By a third party TCP Access can easily be gained through a session. Siemens SIMATIC is an automation software in a single engineering environment. SIMATIC panels include the Telnet daemon by default, but the daemon does not implement any validation features. A vulnerability exists in several versions of Siemens SIMATIC WinCC due to the failure of the TELNET daemon to perform authentication. A remote attacker could use this vulnerability to gain access through a TCP session

Trust: 2.43

sources: NVD: CVE-2011-4514 // JVNDB: JVNDB-2012-001316 // CNVD: CNVD-2012-0464 // IVD: 28d0ca64-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52459

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 28d0ca64-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0464

AFFECTED PRODUCTS

vendor:siemensmodel:simatic hmi panelsscope:eqversion:mp

Trust: 2.4

vendor:siemensmodel:simatic hmi panelsscope:eqversion:op

Trust: 2.4

vendor:siemensmodel:simatic hmi panelsscope:eqversion:tp

Trust: 2.4

vendor:siemensmodel:wincc flexiblescope:eqversion:2008

Trust: 1.6

vendor:siemensmodel:simatic hmi panelsscope:eqversion:comfort_panels

Trust: 1.6

vendor:siemensmodel:wincc runtime advancedscope:eqversion:v11

Trust: 1.6

vendor:siemensmodel:winccscope:eqversion:v11

Trust: 1.6

vendor:siemensmodel:simatic hmi panelsscope:eqversion:mobile_panels

Trust: 1.6

vendor:siemensmodel:wincc flexiblescope:eqversion:2007

Trust: 1.6

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2008

Trust: 1.4

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2007

Trust: 1.4

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2005

Trust: 1.4

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2004

Trust: 1.4

vendor:siemensmodel:simatic winccscope:eqversion:v11

Trust: 1.4

vendor:siemensmodel:wincc flexiblescope:eqversion:2004

Trust: 1.0

vendor:siemensmodel:wincc flexible runtimescope:eqversion:*

Trust: 1.0

vendor:siemensmodel:wincc flexiblescope:eqversion:2005

Trust: 1.0

vendor:siemensmodel:simatic hmi panelsscope:eqversion:comfort panels

Trust: 0.8

vendor:siemensmodel:simatic hmi panelsscope:eqversion:mobile panels

Trust: 0.8

vendor:siemensmodel:simatic wincc flexible rumtimescope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic wincc runtime advancedscope:eqversion:v11

Trust: 0.8

vendor:siemensmodel:simatic wincc flexible runtimescope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime advancedscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic hmi panelsscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic winccscope: - version: -

Trust: 0.6

vendor:siemensmodel:wincc flexible runtimescope: - version: -

Trust: 0.6

vendor:wincc flexiblemodel: - scope:eqversion:2004

Trust: 0.2

vendor:wincc flexiblemodel: - scope:eqversion:2005

Trust: 0.2

vendor:wincc flexiblemodel: - scope:eqversion:2007

Trust: 0.2

vendor:wincc flexiblemodel: - scope:eqversion:2008

Trust: 0.2

vendor:winccmodel: - scope:eqversion:v11

Trust: 0.2

vendor:simatic hmi panelsmodel:comfort panelsscope: - version: -

Trust: 0.2

vendor:simatic hmi panelsmodel:mobile panelsscope: - version: -

Trust: 0.2

vendor:simatic hmi panelsmodel:mpscope: - version: -

Trust: 0.2

vendor:simatic hmi panelsmodel:opscope: - version: -

Trust: 0.2

vendor:simatic hmi panelsmodel:tpscope: - version: -

Trust: 0.2

vendor:wincc runtime advancedmodel: - scope:eqversion:v11

Trust: 0.2

vendor:wincc flexible runtimemodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 28d0ca64-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0464 // JVNDB: JVNDB-2012-001316 // CNNVD: CNNVD-201202-089 // NVD: CVE-2011-4514

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4514
value: HIGH

Trust: 1.0

NVD: CVE-2011-4514
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201202-089
value: CRITICAL

Trust: 0.6

IVD: 28d0ca64-2354-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-52459
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-4514
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 28d0ca64-2354-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-52459
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 28d0ca64-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52459 // JVNDB: JVNDB-2012-001316 // CNNVD: CNNVD-201202-089 // NVD: CVE-2011-4514

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-52459 // JVNDB: JVNDB-2012-001316 // NVD: CVE-2011-4514

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201202-089

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201202-089

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001316

PATCH

title:SSA-345442url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf

Trust: 0.8

title:ソリューションパートナーurl:http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx

Trust: 0.8

title:Top Pageurl:http://www.siemens.com/entry/jp/ja/

Trust: 0.8

title:Patch for Siemens SIMATIC WinCC HMI Telnet Vulnerability (CNVD-2012-0464)url:https://www.cnvd.org.cn/patchInfo/show/9062

Trust: 0.6

sources: CNVD: CNVD-2012-0464 // JVNDB: JVNDB-2012-001316

EXTERNAL IDS

db:NVDid:CVE-2011-4514

Trust: 3.3

db:ICS CERTid:ICSA-12-030-01

Trust: 3.1

db:SIEMENSid:SSA-345442

Trust: 1.7

db:CNNVDid:CNNVD-201202-089

Trust: 0.9

db:CNVDid:CNVD-2012-0464

Trust: 0.8

db:JVNDBid:JVNDB-2012-001316

Trust: 0.8

db:IVDid:28D0CA64-2354-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-52459

Trust: 0.1

sources: IVD: 28d0ca64-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0464 // VULHUB: VHN-52459 // JVNDB: JVNDB-2012-001316 // CNNVD: CNNVD-201202-089 // NVD: CVE-2011-4514

REFERENCES

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01.pdf

Trust: 3.1

url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4514

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4514

Trust: 0.8

sources: CNVD: CNVD-2012-0464 // VULHUB: VHN-52459 // JVNDB: JVNDB-2012-001316 // CNNVD: CNNVD-201202-089 // NVD: CVE-2011-4514

SOURCES

db:IVDid:28d0ca64-2354-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-0464
db:VULHUBid:VHN-52459
db:JVNDBid:JVNDB-2012-001316
db:CNNVDid:CNNVD-201202-089
db:NVDid:CVE-2011-4514

LAST UPDATE DATE

2024-11-23T21:46:29.740000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-0464date:2012-02-07T00:00:00
db:VULHUBid:VHN-52459date:2012-02-06T00:00:00
db:JVNDBid:JVNDB-2012-001316date:2012-02-08T00:00:00
db:CNNVDid:CNNVD-201202-089date:2012-02-07T00:00:00
db:NVDid:CVE-2011-4514date:2024-11-21T01:32:27.483

SOURCES RELEASE DATE

db:IVDid:28d0ca64-2354-11e6-abef-000c29c66e3ddate:2012-02-07T00:00:00
db:CNVDid:CNVD-2012-0464date:2012-02-07T00:00:00
db:VULHUBid:VHN-52459date:2012-02-03T00:00:00
db:JVNDBid:JVNDB-2012-001316date:2012-02-08T00:00:00
db:CNNVDid:CNNVD-201202-089date:2012-02-07T00:00:00
db:NVDid:CVE-2011-4514date:2012-02-03T20:55:01.577