ID

VAR-201204-0125


CVE

CVE-2012-1800


TITLE

Siemens Scalance S Security Module firewall Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: f0a992b0-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201204-415

DESCRIPTION

Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote attackers to cause a denial of service (device outage) or possibly execute arbitrary code via a crafted DCP frame. The Siemens SCALANCE S-series security modules can be used to protect all Ethernet devices from unauthorized access. The WEB configuration interface provided by the Siemens SCALANCE firewall does not impose a mandatory time delay on the failed login, allowing the attacker to detect a large number of passwords in a short period of time and perform brute force attacks. The following devices are affected by this vulnerability: * Scalance S602 V2* Scalance S612 V2* Scalance S613 V2. The Profinet DCP protocol handles errors that can make the firewall unresponsive or interrupt an established VPN tunnel through a specially crafted DCP frame. Siemens Scalance Firewall filters inbound and outbound network connections in a variety of ways to secure a trusted industrial network. Siemens Scalance Firewall has multiple vulnerabilities in its implementation that can be exploited by malicious users to perform brute force attacks or cause denial of service. Siemens Scalance Firewall is prone to a denial-of-service vulnerability and a security-bypass weakness. Attackers can exploit these issues to cause denial-of-service conditions or conduct brute-force attacks. Profinet DCP There was an error in the protocol processing. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Siemens Scalance Firewall Two Vulnerabilities SECUNIA ADVISORY ID: SA48680 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48680/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48680 RELEASE DATE: 2012-04-06 DISCUSS ADVISORY: http://secunia.com/advisories/48680/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48680/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48680 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability and a weakness have been reported in Siemens Scalance Firewall, which can be exploited by malicious people to conduct brute-force attacks or cause a DoS (Denial of Service). Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Adam Hahn and Manimaran Govindarasu, Iowa State University. ORIGINAL ADVISORY: Siemens SSA-268149: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 4.59

sources: NVD: CVE-2012-1800 // JVNDB: JVNDB-2012-002097 // CNVD: CNVD-2012-1796 // CNVD: CNVD-2012-1797 // CNVD: CNVD-2012-9499 // BID: 52923 // IVD: f0a992b0-2353-11e6-abef-000c29c66e3d // IVD: 7d7849ee-463f-11e9-a2e5-000c29342cb1 // IVD: 3715cbc8-1f6d-11e6-abef-000c29c66e3d // IVD: aaf0f00a-1f6c-11e6-abef-000c29c66e3d // IVD: bee18ebc-1f6c-11e6-abef-000c29c66e3d // VULHUB: VHN-55081 // PACKETSTORM: 111646

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 2.8

sources: IVD: f0a992b0-2353-11e6-abef-000c29c66e3d // IVD: 7d7849ee-463f-11e9-a2e5-000c29342cb1 // IVD: 3715cbc8-1f6d-11e6-abef-000c29c66e3d // IVD: aaf0f00a-1f6c-11e6-abef-000c29c66e3d // IVD: bee18ebc-1f6c-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-1796 // CNVD: CNVD-2012-1797 // CNVD: CNVD-2012-9499

AFFECTED PRODUCTS

vendor:siemensmodel:scalance s602scope:eqversion:v2

Trust: 2.0

vendor:siemensmodel:scalance s612scope:eqversion:v2

Trust: 2.0

vendor:siemensmodel:scalance s613scope:eqversion:v2

Trust: 2.0

vendor:siemensmodel:scalance sscope:eqversion:2.2.0

Trust: 1.8

vendor:siemensmodel:scalance sscope:eqversion:2.1.0

Trust: 1.8

vendor:siemensmodel:scalance firewall s613scope:eqversion:v2

Trust: 1.3

vendor:siemensmodel:scalance firewall s612scope:eqversion:v2

Trust: 1.3

vendor:siemensmodel:scalance firewall s602scope:eqversion:v2

Trust: 1.3

vendor:siemensmodel:scalance s security modulesscope: - version: -

Trust: 1.2

vendor:siemensmodel:scalance sscope:lteversion:2.3.0

Trust: 1.0

vendor:siemensmodel:scalance sscope:eqversion:2.3.0

Trust: 0.8

vendor:siemensmodel:scalance sscope:ltversion:2.3.0.3

Trust: 0.8

vendor:siemensmodel:scalance s security modules nullscope:eqversion:*

Trust: 0.4

vendor:siemensmodel:scalance s602scope:eqversion:v2<2.3.0.3

Trust: 0.2

vendor:siemensmodel:scalance s612scope:eqversion:v2<2.3.0.3

Trust: 0.2

vendor:siemensmodel:scalance s613scope:eqversion:v2<2.3.0.3

Trust: 0.2

sources: IVD: f0a992b0-2353-11e6-abef-000c29c66e3d // IVD: 7d7849ee-463f-11e9-a2e5-000c29342cb1 // IVD: 3715cbc8-1f6d-11e6-abef-000c29c66e3d // IVD: aaf0f00a-1f6c-11e6-abef-000c29c66e3d // IVD: bee18ebc-1f6c-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-1796 // CNVD: CNVD-2012-1797 // CNVD: CNVD-2012-9499 // BID: 52923 // JVNDB: JVNDB-2012-002097 // CNNVD: CNNVD-201204-415 // NVD: CVE-2012-1800

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-1800
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-1800
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2012-9499
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201204-415
value: MEDIUM

Trust: 0.6

IVD: f0a992b0-2353-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: 7d7849ee-463f-11e9-a2e5-000c29342cb1
value: MEDIUM

Trust: 0.2

IVD: 3715cbc8-1f6d-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: aaf0f00a-1f6c-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

IVD: bee18ebc-1f6c-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-55081
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-1800
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2012-9499
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: f0a992b0-2353-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 7d7849ee-463f-11e9-a2e5-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 3715cbc8-1f6d-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: aaf0f00a-1f6c-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

IVD: bee18ebc-1f6c-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

VULHUB: VHN-55081
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: f0a992b0-2353-11e6-abef-000c29c66e3d // IVD: 7d7849ee-463f-11e9-a2e5-000c29342cb1 // IVD: 3715cbc8-1f6d-11e6-abef-000c29c66e3d // IVD: aaf0f00a-1f6c-11e6-abef-000c29c66e3d // IVD: bee18ebc-1f6c-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-9499 // VULHUB: VHN-55081 // JVNDB: JVNDB-2012-002097 // CNNVD: CNNVD-201204-415 // NVD: CVE-2012-1800

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-55081 // JVNDB: JVNDB-2012-002097 // NVD: CVE-2012-1800

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201204-415

TYPE

Buffer overflow

Trust: 1.0

sources: IVD: f0a992b0-2353-11e6-abef-000c29c66e3d // IVD: 7d7849ee-463f-11e9-a2e5-000c29342cb1 // CNNVD: CNNVD-201204-415

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-002097

PATCH

title:Firmware update V2.3.0.3 for SCALANCE Surl:http://support.automation.siemens.com/WW/view/en/59869684

Trust: 0.8

title:SSA-268149url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf

Trust: 0.8

title:シーメンスソリューションパートナーurl:http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx

Trust: 0.8

title:シーメンス・ジャパン株式会社url:http://www.siemens.com/entry/jp/ja/

Trust: 0.8

title:Siemens Scalance Firewall patch for brute force vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/15452

Trust: 0.6

title:Siemens Scalance Firewall denial of service vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/15471

Trust: 0.6

title:Siemens Scalance Firewall patch for two security vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/33804

Trust: 0.6

title:S6xxV2303url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42986

Trust: 0.6

sources: CNVD: CNVD-2012-1796 // CNVD: CNVD-2012-1797 // CNVD: CNVD-2012-9499 // JVNDB: JVNDB-2012-002097 // CNNVD: CNNVD-201204-415

EXTERNAL IDS

db:NVDid:CVE-2012-1800

Trust: 2.7

db:ICS CERTid:ICSA-12-102-05

Trust: 2.5

db:SIEMENSid:SSA-268149

Trust: 2.1

db:SECUNIAid:48680

Trust: 2.0

db:OSVDBid:81034

Trust: 1.1

db:CNVDid:CNVD-2012-9499

Trust: 1.0

db:CNNVDid:CNNVD-201204-415

Trust: 0.9

db:BIDid:52923

Trust: 0.9

db:CNVDid:CNVD-2012-1796

Trust: 0.8

db:CNVDid:CNVD-2012-1797

Trust: 0.8

db:JVNDBid:JVNDB-2012-002097

Trust: 0.8

db:IVDid:F0A992B0-2353-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:7D7849EE-463F-11E9-A2E5-000C29342CB1

Trust: 0.2

db:IVDid:3715CBC8-1F6D-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:AAF0F00A-1F6C-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:BEE18EBC-1F6C-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-55081

Trust: 0.1

db:PACKETSTORMid:111646

Trust: 0.1

sources: IVD: f0a992b0-2353-11e6-abef-000c29c66e3d // IVD: 7d7849ee-463f-11e9-a2e5-000c29342cb1 // IVD: 3715cbc8-1f6d-11e6-abef-000c29c66e3d // IVD: aaf0f00a-1f6c-11e6-abef-000c29c66e3d // IVD: bee18ebc-1f6c-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-1796 // CNVD: CNVD-2012-1797 // CNVD: CNVD-2012-9499 // VULHUB: VHN-55081 // BID: 52923 // JVNDB: JVNDB-2012-002097 // PACKETSTORM: 111646 // CNNVD: CNNVD-201204-415 // NVD: CVE-2012-1800

REFERENCES

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-102-05.pdf

Trust: 2.5

url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf

Trust: 2.1

url:http://secunia.com/advisories/48680/

Trust: 1.9

url:http://support.automation.siemens.com/ww/view/en/59869684

Trust: 1.7

url:http://osvdb.org/81034

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1800

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1800

Trust: 0.8

url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-2

Trust: 0.6

url:http://subscriber.communications.siemens.com/

Trust: 0.3

url:http://secunia.com/psi_30_beta_launch

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/advisories/48680/#comments

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=48680

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2012-1796 // CNVD: CNVD-2012-1797 // CNVD: CNVD-2012-9499 // VULHUB: VHN-55081 // BID: 52923 // JVNDB: JVNDB-2012-002097 // PACKETSTORM: 111646 // CNNVD: CNNVD-201204-415 // NVD: CVE-2012-1800

CREDITS

Adam Hahn and Manimaran Govindarasu of Iowa State University

Trust: 0.3

sources: BID: 52923

SOURCES

db:IVDid:f0a992b0-2353-11e6-abef-000c29c66e3d
db:IVDid:7d7849ee-463f-11e9-a2e5-000c29342cb1
db:IVDid:3715cbc8-1f6d-11e6-abef-000c29c66e3d
db:IVDid:aaf0f00a-1f6c-11e6-abef-000c29c66e3d
db:IVDid:bee18ebc-1f6c-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-1796
db:CNVDid:CNVD-2012-1797
db:CNVDid:CNVD-2012-9499
db:VULHUBid:VHN-55081
db:BIDid:52923
db:JVNDBid:JVNDB-2012-002097
db:PACKETSTORMid:111646
db:CNNVDid:CNNVD-201204-415
db:NVDid:CVE-2012-1800

LAST UPDATE DATE

2024-08-14T13:58:39.498000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-1796date:2012-04-10T00:00:00
db:CNVDid:CNVD-2012-1797date:2012-04-10T00:00:00
db:CNVDid:CNVD-2012-9499date:2014-02-17T00:00:00
db:VULHUBid:VHN-55081date:2012-11-20T00:00:00
db:BIDid:52923date:2012-04-05T00:00:00
db:JVNDBid:JVNDB-2012-002097date:2012-04-19T00:00:00
db:CNNVDid:CNNVD-201204-415date:2012-04-19T00:00:00
db:NVDid:CVE-2012-1800date:2012-11-20T04:44:07.500

SOURCES RELEASE DATE

db:IVDid:f0a992b0-2353-11e6-abef-000c29c66e3ddate:2012-04-19T00:00:00
db:IVDid:7d7849ee-463f-11e9-a2e5-000c29342cb1date:2014-02-17T00:00:00
db:IVDid:3715cbc8-1f6d-11e6-abef-000c29c66e3ddate:2014-02-17T00:00:00
db:IVDid:aaf0f00a-1f6c-11e6-abef-000c29c66e3ddate:2012-04-10T00:00:00
db:IVDid:bee18ebc-1f6c-11e6-abef-000c29c66e3ddate:2012-04-10T00:00:00
db:CNVDid:CNVD-2012-1796date:2012-04-10T00:00:00
db:CNVDid:CNVD-2012-1797date:2012-04-10T00:00:00
db:CNVDid:CNVD-2012-9499date:2012-04-06T00:00:00
db:VULHUBid:VHN-55081date:2012-04-18T00:00:00
db:BIDid:52923date:2012-04-05T00:00:00
db:JVNDBid:JVNDB-2012-002097date:2012-04-19T00:00:00
db:PACKETSTORMid:111646date:2012-04-06T04:58:59
db:CNNVDid:CNNVD-201204-415date:2012-04-19T00:00:00
db:NVDid:CVE-2012-1800date:2012-04-18T10:33:34.933