Details of VAR-201207-0136

ID

VAR-201207-0136

CVE

CVE-2012-3015

TITLE

Siemens SIMATIC PCS7 Used in SIMATIC STEP7 Vulnerable to gaining privileges

Trust: 0.8

sources: JVNDB: JVNDB-2012-003410

DESCRIPTION

Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse DLL in a STEP7 project folder. Siemens SIMATIC is an automation software in a single engineering environment. Siemens SIMATIC STEP 7 and PCS 7 are not secure to load library files. Attackers can build specially crafted project files, place them in remote WebDAV or SMB shares, entice users to parse, and execute arbitrary code in the application context. Multiple Siemens SIMATIC Products are prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location which contains a specially crafted Dynamic Link Library (DLL) file. Successful exploits will compromise the application in the context of the currently logged-in user. The following Siemens SIMATIC Products are vulnerable: Siemens SIMATIC PCS 7 versions 7.1 SP3 and prior Siemens SIMATIC STEP 7 versions prior to 5.5 SP1. There are vulnerabilities in Siemens SIMATIC STEP 7 and PCS 7 that can be exploited by malicious attackers to manipulate users' systems. ---------------------------------------------------------------------- We are millions! Join us to protect all Pc's Worldwide. Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends: http://secunia.com/psi ---------------------------------------------------------------------- TITLE: Siemens SIMATIC STEP 7 / PCS 7 Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA50039 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50039/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50039 RELEASE DATE: 2012-07-24 DISCUSS ADVISORY: http://secunia.com/advisories/50039/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50039/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50039 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Siemens SIMATIC STEP 7 and PCS 7, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries in an insecure manner. SOLUTION: Update to version 5.5 SP1 or apply Service Pack. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-110665.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2012-3015 // JVNDB: JVNDB-2012-003410 // CNVD: CNVD-2012-3897 // BID: 54651 // IVD: 94166e2e-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-56296 // PACKETSTORM: 114982

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 94166e2e-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3897

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic pcs7	scope:	lte	version:	7.1	Trust: 1.0
vendor:	siemens	model:	simatic step 7	scope:	lte	version:	5.5	Trust: 1.0
vendor:	siemens	model:	simatic pcs 7	scope:	lte	version:	7.1 sp3	Trust: 0.8
vendor:	siemens	model:	simatic step 7	scope:	lt	version:	5.5 sp1	Trust: 0.8
vendor:	siemens	model:	simatic pcs	scope:	eq	version:	77.x	Trust: 0.6
vendor:	siemens	model:	simatic step	scope:	eq	version:	75.x	Trust: 0.6
vendor:	siemens	model:	simatic pcs7	scope:	eq	version:	7.1	Trust: 0.6
vendor:	siemens	model:	simatic step 7	scope:	eq	version:	5.5	Trust: 0.6
vendor:	simatic pcs7	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic step 7	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 94166e2e-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3897 // JVNDB: JVNDB-2012-003410 // CNNVD: CNNVD-201207-433 // NVD: CVE-2012-3015

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3015
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-3015
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201207-433
value:	MEDIUM
Trust: 0.6
IVD:	94166e2e-2353-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-56296
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-3015
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	94166e2e-2353-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-56296
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 94166e2e-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-56296 // JVNDB: JVNDB-2012-003410 // CNNVD: CNNVD-201207-433 // NVD: CVE-2012-3015

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2012-003410 // NVD: CVE-2012-3015

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201207-433

TYPE

other

Trust: 0.8

sources: IVD: 94166e2e-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201207-433

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003410

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-56296

PATCH

title:	SSA-110665: STEP7 Vulnerability in DLL Loading Mechanism	url:	http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-110665.pdf	Trust: 0.8
title:	シーメンスソリューションパートナー	url:	http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx	Trust: 0.8
title:	シーメンス・ジャパン株式会社	url:	http://www.siemens.com/entry/jp/ja/	Trust: 0.8
title:	Siemens SIMATIC product DLL loads patches for arbitrary code execution vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/19195	Trust: 0.6

sources: CNVD: CNVD-2012-3897 // JVNDB: JVNDB-2012-003410

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3015	Trust: 3.6
db:	ICS CERT	id:	ICSA-12-205-02	Trust: 2.5
db:	SIEMENS	id:	SSA-110665	Trust: 1.8
db:	SECUNIA	id:	50039	Trust: 1.4
db:	CNNVD	id:	CNNVD-201207-433	Trust: 0.9
db:	CNVD	id:	CNVD-2012-3897	Trust: 0.8
db:	JVNDB	id:	JVNDB-2012-003410	Trust: 0.8
db:	BID	id:	54651	Trust: 0.4
db:	IVD	id:	94166E2E-2353-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-56296	Trust: 0.1
db:	PACKETSTORM	id:	114982	Trust: 0.1

sources: IVD: 94166e2e-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3897 // VULHUB: VHN-56296 // BID: 54651 // JVNDB: JVNDB-2012-003410 // PACKETSTORM: 114982 // CNNVD: CNNVD-201207-433 // NVD: CVE-2012-3015

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/icsa-12-205-02.pdf	Trust: 2.5
url:	http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-110665.pdf	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3015	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3015	Trust: 0.8
url:	http://secunia.com/advisories/50039/	Trust: 0.7
url:	http://secunia.com/advisories/50039	Trust: 0.6
url:	http://blog.rapid7.com/?p=5325	Trust: 0.3
url:	http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html	Trust: 0.3
url:	http://www.microsoft.com	Trust: 0.3
url:	http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx	Trust: 0.3
url:	http://subscriber.communications.siemens.com/	Trust: 0.3
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=50039	Trust: 0.1
url:	http://secunia.com/advisories/50039/#comments	Trust: 0.1
url:	http://secunia.com/psi	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2012-3897 // VULHUB: VHN-56296 // BID: 54651 // JVNDB: JVNDB-2012-003410 // PACKETSTORM: 114982 // CNNVD: CNNVD-201207-433 // NVD: CVE-2012-3015

CREDITS

Reported by the vendor

Trust: 0.3

sources: BID: 54651

SOURCES

db:	IVD	id:	94166e2e-2353-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2012-3897
db:	VULHUB	id:	VHN-56296
db:	BID	id:	54651
db:	JVNDB	id:	JVNDB-2012-003410
db:	PACKETSTORM	id:	114982
db:	CNNVD	id:	CNNVD-201207-433
db:	NVD	id:	CVE-2012-3015

LAST UPDATE DATE

2024-08-14T14:52:45.694000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-3897	date:	2012-07-26T00:00:00
db:	VULHUB	id:	VHN-56296	date:	2012-07-30T00:00:00
db:	BID	id:	54651	date:	2012-07-24T00:00:00
db:	JVNDB	id:	JVNDB-2012-003410	date:	2012-07-30T00:00:00
db:	CNNVD	id:	CNNVD-201207-433	date:	2012-07-27T00:00:00
db:	NVD	id:	CVE-2012-3015	date:	2012-07-30T04:00:00

SOURCES RELEASE DATE

db:	IVD	id:	94166e2e-2353-11e6-abef-000c29c66e3d	date:	2012-07-26T00:00:00
db:	CNVD	id:	CNVD-2012-3897	date:	2012-07-26T00:00:00
db:	VULHUB	id:	VHN-56296	date:	2012-07-26T00:00:00
db:	BID	id:	54651	date:	2012-07-24T00:00:00
db:	JVNDB	id:	JVNDB-2012-003410	date:	2012-07-30T00:00:00
db:	PACKETSTORM	id:	114982	date:	2012-07-25T04:54:50
db:	CNNVD	id:	CNNVD-201207-433	date:	2012-07-26T00:00:00
db:	NVD	id:	CVE-2012-3015	date:	2012-07-26T10:41:47.980