ID

VAR-201204-0124


CVE

CVE-2012-1799


TITLE

Siemens Scalance Firewall Brute Force Vulnerability

Trust: 0.8

sources: IVD: aaf0f00a-1f6c-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-1796

DESCRIPTION

The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password. The Siemens SCALANCE S-series security modules can be used to protect all Ethernet devices from unauthorized access. The WEB configuration interface provided by the Siemens SCALANCE firewall does not impose a mandatory time delay on the failed login, allowing the attacker to detect a large number of passwords in a short period of time and perform brute force attacks. The following devices are affected by this vulnerability: * Scalance S602 V2* Scalance S612 V2* Scalance S613 V2. The Profinet DCP protocol handles errors that can make the firewall unresponsive or interrupt an established VPN tunnel through a specially crafted DCP frame. Siemens Scalance Firewall filters inbound and outbound network connections in a variety of ways to secure a trusted industrial network. Siemens Scalance Firewall has multiple vulnerabilities in its implementation that can be exploited by malicious users to perform brute force attacks or cause denial of service. Siemens Scalance Firewall is prone to a denial-of-service vulnerability and a security-bypass weakness. Attackers can exploit these issues to cause denial-of-service conditions or conduct brute-force attacks. Profinet DCP There was an error in the protocol processing. The vulnerability is due to the unlimited number of verification times. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Siemens Scalance Firewall Two Vulnerabilities SECUNIA ADVISORY ID: SA48680 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48680/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48680 RELEASE DATE: 2012-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/48680/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48680/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48680 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability and a weakness have been reported in Siemens Scalance Firewall, which can be exploited by malicious people to conduct brute-force attacks or cause a DoS (Denial of Service). Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Adam Hahn and Manimaran Govindarasu, Iowa State University. ORIGINAL ADVISORY: Siemens SSA-268149: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 4.59

sources: NVD: CVE-2012-1799 // JVNDB: JVNDB-2012-002096 // CNVD: CNVD-2012-1796 // CNVD: CNVD-2012-1797 // CNVD: CNVD-2012-9499 // BID: 52923 // IVD: f0b75d64-2353-11e6-abef-000c29c66e3d // IVD: 7d7849ee-463f-11e9-a2e5-000c29342cb1 // IVD: 3715cbc8-1f6d-11e6-abef-000c29c66e3d // IVD: aaf0f00a-1f6c-11e6-abef-000c29c66e3d // IVD: bee18ebc-1f6c-11e6-abef-000c29c66e3d // VULHUB: VHN-55080 // PACKETSTORM: 111646

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 2.8

sources: IVD: f0b75d64-2353-11e6-abef-000c29c66e3d // IVD: 7d7849ee-463f-11e9-a2e5-000c29342cb1 // IVD: 3715cbc8-1f6d-11e6-abef-000c29c66e3d // IVD: aaf0f00a-1f6c-11e6-abef-000c29c66e3d // IVD: bee18ebc-1f6c-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-1796 // CNVD: CNVD-2012-1797 // CNVD: CNVD-2012-9499

AFFECTED PRODUCTS

vendor:siemensmodel:scalance s602scope:eqversion:v2

Trust: 2.0

vendor:siemensmodel:scalance s612scope:eqversion:v2

Trust: 2.0

vendor:siemensmodel:scalance s613scope:eqversion:v2

Trust: 2.0

vendor:siemensmodel:scalance sscope:eqversion:2.2.0

Trust: 1.8

vendor:siemensmodel:scalance sscope:eqversion:2.1.0

Trust: 1.8

vendor:siemensmodel:scalance firewall s613scope:eqversion:v2

Trust: 1.3

vendor:siemensmodel:scalance firewall s612scope:eqversion:v2

Trust: 1.3

vendor:siemensmodel:scalance firewall s602scope:eqversion:v2

Trust: 1.3

vendor:siemensmodel:scalance s security modulesscope: - version: -

Trust: 1.2

vendor:siemensmodel:scalance sscope:lteversion:2.3.0

Trust: 1.0

vendor:siemensmodel:scalance sscope:eqversion:2.3.0

Trust: 0.8

vendor:siemensmodel:scalance sscope:ltversion:2.3.0.3

Trust: 0.8

vendor:siemensmodel:scalance s security modules nullscope:eqversion:*

Trust: 0.4

vendor:siemensmodel:scalance s602scope:eqversion:v2<2.3.0.3

Trust: 0.2

vendor:siemensmodel:scalance s612scope:eqversion:v2<2.3.0.3

Trust: 0.2

vendor:siemensmodel:scalance s613scope:eqversion:v2<2.3.0.3

Trust: 0.2

sources: IVD: f0b75d64-2353-11e6-abef-000c29c66e3d // IVD: 7d7849ee-463f-11e9-a2e5-000c29342cb1 // IVD: 3715cbc8-1f6d-11e6-abef-000c29c66e3d // IVD: aaf0f00a-1f6c-11e6-abef-000c29c66e3d // IVD: bee18ebc-1f6c-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-1796 // CNVD: CNVD-2012-1797 // CNVD: CNVD-2012-9499 // BID: 52923 // JVNDB: JVNDB-2012-002096 // CNNVD: CNNVD-201204-414 // NVD: CVE-2012-1799

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-1799
value: HIGH

Trust: 1.0

NVD: CVE-2012-1799
value: HIGH

Trust: 0.8

CNVD: CNVD-2012-9499
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201204-414
value: CRITICAL

Trust: 0.6

IVD: f0b75d64-2353-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

IVD: 7d7849ee-463f-11e9-a2e5-000c29342cb1
value: MEDIUM

Trust: 0.2

IVD: 3715cbc8-1f6d-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: aaf0f00a-1f6c-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

IVD: bee18ebc-1f6c-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-55080
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-1799
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2012-9499
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: f0b75d64-2353-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 7d7849ee-463f-11e9-a2e5-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 3715cbc8-1f6d-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: aaf0f00a-1f6c-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

IVD: bee18ebc-1f6c-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

VULHUB: VHN-55080
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: f0b75d64-2353-11e6-abef-000c29c66e3d // IVD: 7d7849ee-463f-11e9-a2e5-000c29342cb1 // IVD: 3715cbc8-1f6d-11e6-abef-000c29c66e3d // IVD: aaf0f00a-1f6c-11e6-abef-000c29c66e3d // IVD: bee18ebc-1f6c-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-9499 // VULHUB: VHN-55080 // JVNDB: JVNDB-2012-002096 // CNNVD: CNNVD-201204-414 // NVD: CVE-2012-1799

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-55080 // JVNDB: JVNDB-2012-002096 // NVD: CVE-2012-1799

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201204-414

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201204-414

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-002096

PATCH

title:Firmware update V2.3.0.3 for SCALANCE Surl:http://support.automation.siemens.com/WW/view/en/59869684

Trust: 0.8

title:SSA-268149url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf

Trust: 0.8

title:シーメンスソリューションパートナーurl:http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx

Trust: 0.8

title:シーメンス・ジャパン株式会社url:http://www.siemens.com/entry/jp/ja/

Trust: 0.8

title:Siemens Scalance Firewall patch for brute force vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/15452

Trust: 0.6

title:Siemens Scalance Firewall denial of service vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/15471

Trust: 0.6

title:Siemens Scalance Firewall patch for two security vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/33804

Trust: 0.6

title:S6xxV2303url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42986

Trust: 0.6

sources: CNVD: CNVD-2012-1796 // CNVD: CNVD-2012-1797 // CNVD: CNVD-2012-9499 // JVNDB: JVNDB-2012-002096 // CNNVD: CNNVD-201204-414

EXTERNAL IDS

db:NVDid:CVE-2012-1799

Trust: 2.7

db:ICS CERTid:ICSA-12-102-05

Trust: 2.5

db:SIEMENSid:SSA-268149

Trust: 2.1

db:SECUNIAid:48680

Trust: 2.0

db:OSVDBid:81033

Trust: 1.1

db:CNVDid:CNVD-2012-9499

Trust: 1.0

db:CNNVDid:CNNVD-201204-414

Trust: 0.9

db:BIDid:52923

Trust: 0.9

db:CNVDid:CNVD-2012-1796

Trust: 0.8

db:CNVDid:CNVD-2012-1797

Trust: 0.8

db:JVNDBid:JVNDB-2012-002096

Trust: 0.8

db:IVDid:F0B75D64-2353-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:7D7849EE-463F-11E9-A2E5-000C29342CB1

Trust: 0.2

db:IVDid:3715CBC8-1F6D-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:AAF0F00A-1F6C-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:BEE18EBC-1F6C-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-55080

Trust: 0.1

db:PACKETSTORMid:111646

Trust: 0.1

sources: IVD: f0b75d64-2353-11e6-abef-000c29c66e3d // IVD: 7d7849ee-463f-11e9-a2e5-000c29342cb1 // IVD: 3715cbc8-1f6d-11e6-abef-000c29c66e3d // IVD: aaf0f00a-1f6c-11e6-abef-000c29c66e3d // IVD: bee18ebc-1f6c-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-1796 // CNVD: CNVD-2012-1797 // CNVD: CNVD-2012-9499 // VULHUB: VHN-55080 // BID: 52923 // JVNDB: JVNDB-2012-002096 // PACKETSTORM: 111646 // CNNVD: CNNVD-201204-414 // NVD: CVE-2012-1799

REFERENCES

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-102-05.pdf

Trust: 2.5

url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf

Trust: 2.1

url:http://secunia.com/advisories/48680/

Trust: 1.9

url:http://support.automation.siemens.com/ww/view/en/59869684

Trust: 1.7

url:http://osvdb.org/81033

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1799

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1799

Trust: 0.8

url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-2

Trust: 0.6

url:http://subscriber.communications.siemens.com/

Trust: 0.3

url:http://secunia.com/psi_30_beta_launch

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/advisories/48680/#comments

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=48680

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2012-1796 // CNVD: CNVD-2012-1797 // CNVD: CNVD-2012-9499 // VULHUB: VHN-55080 // BID: 52923 // JVNDB: JVNDB-2012-002096 // PACKETSTORM: 111646 // CNNVD: CNNVD-201204-414 // NVD: CVE-2012-1799

CREDITS

Adam Hahn and Manimaran Govindarasu of Iowa State University

Trust: 0.3

sources: BID: 52923

SOURCES

db:IVDid:f0b75d64-2353-11e6-abef-000c29c66e3d
db:IVDid:7d7849ee-463f-11e9-a2e5-000c29342cb1
db:IVDid:3715cbc8-1f6d-11e6-abef-000c29c66e3d
db:IVDid:aaf0f00a-1f6c-11e6-abef-000c29c66e3d
db:IVDid:bee18ebc-1f6c-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-1796
db:CNVDid:CNVD-2012-1797
db:CNVDid:CNVD-2012-9499
db:VULHUBid:VHN-55080
db:BIDid:52923
db:JVNDBid:JVNDB-2012-002096
db:PACKETSTORMid:111646
db:CNNVDid:CNNVD-201204-414
db:NVDid:CVE-2012-1799

LAST UPDATE DATE

2024-08-14T13:58:39.423000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-1796date:2012-04-10T00:00:00
db:CNVDid:CNVD-2012-1797date:2012-04-10T00:00:00
db:CNVDid:CNVD-2012-9499date:2014-02-17T00:00:00
db:VULHUBid:VHN-55080date:2012-12-06T00:00:00
db:BIDid:52923date:2012-04-05T00:00:00
db:JVNDBid:JVNDB-2012-002096date:2012-04-19T00:00:00
db:CNNVDid:CNNVD-201204-414date:2012-04-19T00:00:00
db:NVDid:CVE-2012-1799date:2012-12-06T04:18:02.030

SOURCES RELEASE DATE

db:IVDid:f0b75d64-2353-11e6-abef-000c29c66e3ddate:2012-04-19T00:00:00
db:IVDid:7d7849ee-463f-11e9-a2e5-000c29342cb1date:2014-02-17T00:00:00
db:IVDid:3715cbc8-1f6d-11e6-abef-000c29c66e3ddate:2014-02-17T00:00:00
db:IVDid:aaf0f00a-1f6c-11e6-abef-000c29c66e3ddate:2012-04-10T00:00:00
db:IVDid:bee18ebc-1f6c-11e6-abef-000c29c66e3ddate:2012-04-10T00:00:00
db:CNVDid:CNVD-2012-1796date:2012-04-10T00:00:00
db:CNVDid:CNVD-2012-1797date:2012-04-10T00:00:00
db:CNVDid:CNVD-2012-9499date:2012-04-06T00:00:00
db:VULHUBid:VHN-55080date:2012-04-18T00:00:00
db:BIDid:52923date:2012-04-05T00:00:00
db:JVNDBid:JVNDB-2012-002096date:2012-04-19T00:00:00
db:PACKETSTORMid:111646date:2012-04-06T04:58:59
db:CNNVDid:CNNVD-201204-414date:2012-04-19T00:00:00
db:NVDid:CVE-2012-1799date:2012-04-18T10:33:34.887