ID

VAR-201207-0136


CVE

CVE-2012-3015


TITLE

Siemens SIMATIC PCS7 Used in SIMATIC STEP7 Vulnerable to gaining privileges

Trust: 0.8

sources: JVNDB: JVNDB-2012-003410

DESCRIPTION

Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse DLL in a STEP7 project folder. Siemens SIMATIC is an automation software in a single engineering environment. Siemens SIMATIC STEP 7 and PCS 7 are not secure to load library files. Attackers can build specially crafted project files, place them in remote WebDAV or SMB shares, entice users to parse, and execute arbitrary code in the application context. Multiple Siemens SIMATIC Products are prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location which contains a specially crafted Dynamic Link Library (DLL) file. Successful exploits will compromise the application in the context of the currently logged-in user. The following Siemens SIMATIC Products are vulnerable: Siemens SIMATIC PCS 7 versions 7.1 SP3 and prior Siemens SIMATIC STEP 7 versions prior to 5.5 SP1. There are vulnerabilities in Siemens SIMATIC STEP 7 and PCS 7 that can be exploited by malicious attackers to manipulate users' systems. ---------------------------------------------------------------------- We are millions! Join us to protect all Pc's Worldwide. Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends: http://secunia.com/psi ---------------------------------------------------------------------- TITLE: Siemens SIMATIC STEP 7 / PCS 7 Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA50039 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50039/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50039 RELEASE DATE: 2012-07-24 DISCUSS ADVISORY: http://secunia.com/advisories/50039/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50039/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50039 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Siemens SIMATIC STEP 7 and PCS 7, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries in an insecure manner. SOLUTION: Update to version 5.5 SP1 or apply Service Pack. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-110665.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2012-3015 // JVNDB: JVNDB-2012-003410 // CNVD: CNVD-2012-3897 // BID: 54651 // IVD: 94166e2e-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-56296 // PACKETSTORM: 114982

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 94166e2e-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3897

AFFECTED PRODUCTS

vendor:siemensmodel:simatic pcs7scope:lteversion:7.1

Trust: 1.0

vendor:siemensmodel:simatic step 7scope:lteversion:5.5

Trust: 1.0

vendor:siemensmodel:simatic pcs 7scope:lteversion:7.1 sp3

Trust: 0.8

vendor:siemensmodel:simatic step 7scope:ltversion:5.5 sp1

Trust: 0.8

vendor:siemensmodel:simatic pcsscope:eqversion:77.x

Trust: 0.6

vendor:siemensmodel:simatic stepscope:eqversion:75.x

Trust: 0.6

vendor:siemensmodel:simatic pcs7scope:eqversion:7.1

Trust: 0.6

vendor:siemensmodel:simatic step 7scope:eqversion:5.5

Trust: 0.6

vendor:simatic pcs7model: - scope:eqversion:*

Trust: 0.2

vendor:simatic step 7model: - scope:eqversion:*

Trust: 0.2

sources: IVD: 94166e2e-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3897 // JVNDB: JVNDB-2012-003410 // CNNVD: CNNVD-201207-433 // NVD: CVE-2012-3015

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-3015
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-3015
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201207-433
value: MEDIUM

Trust: 0.6

IVD: 94166e2e-2353-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-56296
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-3015
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 94166e2e-2353-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-56296
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 94166e2e-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-56296 // JVNDB: JVNDB-2012-003410 // CNNVD: CNNVD-201207-433 // NVD: CVE-2012-3015

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2012-003410 // NVD: CVE-2012-3015

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201207-433

TYPE

other

Trust: 0.8

sources: IVD: 94166e2e-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201207-433

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003410

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-56296

PATCH

title:SSA-110665: STEP7 Vulnerability in DLL Loading Mechanismurl:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-110665.pdf

Trust: 0.8

title:シーメンスソリューションパートナーurl:http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx

Trust: 0.8

title:シーメンス・ジャパン株式会社url:http://www.siemens.com/entry/jp/ja/

Trust: 0.8

title:Siemens SIMATIC product DLL loads patches for arbitrary code execution vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/19195

Trust: 0.6

sources: CNVD: CNVD-2012-3897 // JVNDB: JVNDB-2012-003410

EXTERNAL IDS

db:NVDid:CVE-2012-3015

Trust: 3.6

db:ICS CERTid:ICSA-12-205-02

Trust: 2.5

db:SIEMENSid:SSA-110665

Trust: 1.8

db:SECUNIAid:50039

Trust: 1.4

db:CNNVDid:CNNVD-201207-433

Trust: 0.9

db:CNVDid:CNVD-2012-3897

Trust: 0.8

db:JVNDBid:JVNDB-2012-003410

Trust: 0.8

db:BIDid:54651

Trust: 0.4

db:IVDid:94166E2E-2353-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-56296

Trust: 0.1

db:PACKETSTORMid:114982

Trust: 0.1

sources: IVD: 94166e2e-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3897 // VULHUB: VHN-56296 // BID: 54651 // JVNDB: JVNDB-2012-003410 // PACKETSTORM: 114982 // CNNVD: CNNVD-201207-433 // NVD: CVE-2012-3015

REFERENCES

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-205-02.pdf

Trust: 2.5

url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-110665.pdf

Trust: 1.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3015

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3015

Trust: 0.8

url:http://secunia.com/advisories/50039/

Trust: 0.7

url:http://secunia.com/advisories/50039

Trust: 0.6

url:http://blog.rapid7.com/?p=5325

Trust: 0.3

url:http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html

Trust: 0.3

url:http://www.microsoft.com

Trust: 0.3

url:http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx

Trust: 0.3

url:http://subscriber.communications.siemens.com/

Trust: 0.3

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=50039

Trust: 0.1

url:http://secunia.com/advisories/50039/#comments

Trust: 0.1

url:http://secunia.com/psi

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2012-3897 // VULHUB: VHN-56296 // BID: 54651 // JVNDB: JVNDB-2012-003410 // PACKETSTORM: 114982 // CNNVD: CNNVD-201207-433 // NVD: CVE-2012-3015

CREDITS

Reported by the vendor

Trust: 0.3

sources: BID: 54651

SOURCES

db:IVDid:94166e2e-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-3897
db:VULHUBid:VHN-56296
db:BIDid:54651
db:JVNDBid:JVNDB-2012-003410
db:PACKETSTORMid:114982
db:CNNVDid:CNNVD-201207-433
db:NVDid:CVE-2012-3015

LAST UPDATE DATE

2024-08-14T14:52:45.694000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-3897date:2012-07-26T00:00:00
db:VULHUBid:VHN-56296date:2012-07-30T00:00:00
db:BIDid:54651date:2012-07-24T00:00:00
db:JVNDBid:JVNDB-2012-003410date:2012-07-30T00:00:00
db:CNNVDid:CNNVD-201207-433date:2012-07-27T00:00:00
db:NVDid:CVE-2012-3015date:2012-07-30T04:00:00

SOURCES RELEASE DATE

db:IVDid:94166e2e-2353-11e6-abef-000c29c66e3ddate:2012-07-26T00:00:00
db:CNVDid:CNVD-2012-3897date:2012-07-26T00:00:00
db:VULHUBid:VHN-56296date:2012-07-26T00:00:00
db:BIDid:54651date:2012-07-24T00:00:00
db:JVNDBid:JVNDB-2012-003410date:2012-07-30T00:00:00
db:PACKETSTORMid:114982date:2012-07-25T04:54:50
db:CNNVDid:CNNVD-201207-433date:2012-07-26T00:00:00
db:NVDid:CVE-2012-3015date:2012-07-26T10:41:47.980