Details of VAR-201209-0227

ID

VAR-201209-0227

CVE

CVE-2012-3037

TITLE

Siemens SIMATIC Information Disclosure Vulnerability

Trust: 1.6

sources: IVD: 593911a8-2353-11e6-abef-000c29c66e3d // IVD: 7d7a6cd2-463f-11e9-b37e-000c29342cb1 // CNVD: CNVD-2012-7998 // CNNVD: CNNVD-201209-536

DESCRIPTION

The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web server by using this key to create a forged certificate. Siemens SIMATIC is an automation software in a single engineering environment. The Siemens SIMATIC S7-1200 has a security vulnerability. Because of the use of an SSL private key in multiple devices, an attacker can exploit the vulnerability to create his own integers, intercepting and decrypting communications by forging other SIMATIC S7-1200 devices and man-in-the-middle attacks. Siemens SIMATIC S7-1200 is prone to a security vulnerability that may allow attackers to spoof SSL certificates. Attackers can exploit this issue to display incorrect SSL certificates. Successful exploits will cause victims to accept the certificates assuming they are from a legitimate site. Siemens SIMATIC S7-1200 versions 2.x are vulnerable; other versions may also be affected. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Siemens SIMATIC S7-1200 SSL Private Key Reuse Security Issue SECUNIA ADVISORY ID: SA50630 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50630/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50630 RELEASE DATE: 2012-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/50630/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50630/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50630 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Siemens SIMATIC S7-1200, which can be exploited by malicious people to conduct spoofing attacks. SOLUTION: Upgrade to version 3.x. PROVIDED AND/OR DISCOVERED BY: The vendor credits Dmitry Sklyarov, Positive Technologies. ORIGINAL ADVISORY: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-240718.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.69

sources: NVD: CVE-2012-3037 // JVNDB: JVNDB-2012-004573 // CNVD: CNVD-2012-7998 // CNVD: CNVD-2012-5214 // BID: 55559 // IVD: 593911a8-2353-11e6-abef-000c29c66e3d // IVD: 7d7a6cd2-463f-11e9-b37e-000c29342cb1 // IVD: b227220c-1f55-11e6-abef-000c29c66e3d // VULHUB: VHN-56318 // PACKETSTORM: 116562

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.8

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic s7-1200	scope:	eq	version:	2.0.3	Trust: 1.1
vendor:	siemens	model:	simatic s7-1200 cpu 1212c	scope:	lt	version:	3.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1212fc	scope:	lt	version:	3.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1214 fc	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1211c	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1214c	scope:	lt	version:	3.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1214c	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1215c	scope:	lt	version:	3.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1214 fc	scope:	lt	version:	3.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1211c	scope:	lt	version:	3.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1215c	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1212c	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1212fc	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1215 fc	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1217c	scope:	lt	version:	3.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1217c	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1215 fc	scope:	lt	version:	3.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200	scope:	lt	version:	3.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200	scope:	eq	version:	2.0.2	Trust: 0.9
vendor:	siemens	model:	simatic s7-1200 micro plc	scope:	eq	version:	2.x	Trust: 0.8
vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic s7-1200 plc	scope:	eq	version:	2.1	Trust: 0.6
vendor:	siemens	model:	simatic s7-1200 plc	scope:	eq	version:	2.0	Trust: 0.6
vendor:	siemens	model:	simatic s7-1200 plc	scope:	eq	version:	2.2	Trust: 0.6
vendor:	simatic s7 1200 plc	model:	-	scope:	eq	version:	2.0	Trust: 0.4
vendor:	simatic s7 1200 plc	model:	-	scope:	eq	version:	2.1	Trust: 0.4
vendor:	simatic s7 1200 plc	model:	-	scope:	eq	version:	2.2	Trust: 0.4
vendor:	siemens	model:	simatic s7-1200	scope:	eq	version:	2.0.2*	Trust: 0.2

sources: IVD: 593911a8-2353-11e6-abef-000c29c66e3d // IVD: 7d7a6cd2-463f-11e9-b37e-000c29342cb1 // IVD: b227220c-1f55-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-7998 // CNVD: CNVD-2012-5214 // BID: 55559 // JVNDB: JVNDB-2012-004573 // CNNVD: CNNVD-201209-536 // NVD: CVE-2012-3037

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3037
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-3037
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2012-7998
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201209-536
value:	MEDIUM
Trust: 0.6
IVD:	593911a8-2353-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
IVD:	7d7a6cd2-463f-11e9-b37e-000c29342cb1
value:	MEDIUM
Trust: 0.2
IVD:	b227220c-1f55-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULHUB:	VHN-56318
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-3037
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-2012-3037
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2012-7998
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	593911a8-2353-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	7d7a6cd2-463f-11e9-b37e-000c29342cb1
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	b227220c-1f55-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2
VULHUB:	VHN-56318
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 593911a8-2353-11e6-abef-000c29c66e3d // IVD: 7d7a6cd2-463f-11e9-b37e-000c29342cb1 // IVD: b227220c-1f55-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-7998 // VULHUB: VHN-56318 // JVNDB: JVNDB-2012-004573 // CNNVD: CNNVD-201209-536 // NVD: CVE-2012-3037

PROBLEMTYPE DATA

problemtype:	CWE-295	Trust: 1.0
problemtype:	CWE-200	Trust: 0.9
problemtype:	CWE-310	Trust: 0.9

sources: VULHUB: VHN-56318 // JVNDB: JVNDB-2012-004573 // NVD: CVE-2012-3037

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201209-625 // CNNVD: CNNVD-201209-536

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201209-536

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004573

PATCH

title:	SIMATIC S7-1200	url:	http://www.automation.siemens.com/automation/jp/ja/automation_systems/plc/simatic-s7-controller/simatic-controller/s7-1200/pages/default.aspx	Trust: 0.8
title:	Top Page	url:	http://www.siemens.com/	Trust: 0.8
title:	SSA-240718: Insecure storage of HTTPS CA certificate in S7-1200 V2.x	url:	http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-240718.pdf	Trust: 0.8
title:	シーメンスソリューションパートナー	url:	http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx	Trust: 0.8
title:	シーメンス・ジャパン株式会社	url:	http://www.siemens.com/entry/jp/ja/	Trust: 0.8
title:	Patch for Siemens SIMATIC Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/36130	Trust: 0.6
title:	Siemens SIMATIC S7-1200 SSL Private Key Reuse Forged Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/22464	Trust: 0.6
title:	Siemens SIMATIC Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123571	Trust: 0.6

sources: CNVD: CNVD-2012-7998 // CNVD: CNVD-2012-5214 // JVNDB: JVNDB-2012-004573 // CNNVD: CNNVD-201209-536

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3037	Trust: 3.5
db:	ICS CERT	id:	ICSA-12-263-01	Trust: 2.5
db:	SIEMENS	id:	SSA-240718	Trust: 2.4
db:	BID	id:	55559	Trust: 1.5
db:	CNNVD	id:	CNNVD-201209-536	Trust: 1.1
db:	CNVD	id:	CNVD-2012-7998	Trust: 1.0
db:	CNVD	id:	CNVD-2012-5214	Trust: 0.8
db:	JVNDB	id:	JVNDB-2012-004573	Trust: 0.8
db:	CNNVD	id:	CNNVD-201209-625	Trust: 0.6
db:	NSFOCUS	id:	47146	Trust: 0.6
db:	IVD	id:	593911A8-2353-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	7D7A6CD2-463F-11E9-B37E-000C29342CB1	Trust: 0.2
db:	IVD	id:	B227220C-1F55-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	SECUNIA	id:	50630	Trust: 0.2
db:	VULHUB	id:	VHN-56318	Trust: 0.1
db:	PACKETSTORM	id:	116562	Trust: 0.1

sources: IVD: 593911a8-2353-11e6-abef-000c29c66e3d // IVD: 7d7a6cd2-463f-11e9-b37e-000c29342cb1 // IVD: b227220c-1f55-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-7998 // CNVD: CNVD-2012-5214 // VULHUB: VHN-56318 // BID: 55559 // JVNDB: JVNDB-2012-004573 // PACKETSTORM: 116562 // CNNVD: CNNVD-201209-625 // CNNVD: CNNVD-201209-536 // NVD: CVE-2012-3037

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/icsa-12-263-01.pdf	Trust: 2.5
url:	http://en.securitylab.ru/lab/pt-2012-48	Trust: 2.3
url:	http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-240718.pdf	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3037	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3037	Trust: 0.8
url:	http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-240718.pdfhttp	Trust: 0.6
url:	http://www.securityfocus.com/bid/55559	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/47146	Trust: 0.6
url:	http://subscriber.communications.siemens.com/	Trust: 0.3
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=50630	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/50630/	Trust: 0.1
url:	http://secunia.com/advisories/50630/#comments	Trust: 0.1
url:	http://secunia.com/blog/325/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2012-7998 // CNVD: CNVD-2012-5214 // VULHUB: VHN-56318 // BID: 55559 // JVNDB: JVNDB-2012-004573 // PACKETSTORM: 116562 // CNNVD: CNNVD-201209-625 // CNNVD: CNNVD-201209-536 // NVD: CVE-2012-3037

CREDITS

Dmitry Sklyarov from Positive Technologies

Trust: 0.9

sources: BID: 55559 // CNNVD: CNNVD-201209-625

SOURCES

db:	IVD	id:	593911a8-2353-11e6-abef-000c29c66e3d
db:	IVD	id:	7d7a6cd2-463f-11e9-b37e-000c29342cb1
db:	IVD	id:	b227220c-1f55-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2012-7998
db:	CNVD	id:	CNVD-2012-5214
db:	VULHUB	id:	VHN-56318
db:	BID	id:	55559
db:	JVNDB	id:	JVNDB-2012-004573
db:	PACKETSTORM	id:	116562
db:	CNNVD	id:	CNNVD-201209-625
db:	CNNVD	id:	CNNVD-201209-536
db:	NVD	id:	CVE-2012-3037

LAST UPDATE DATE

2024-11-23T22:42:42.508000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-7998	date:	2012-09-26T00:00:00
db:	CNVD	id:	CNVD-2012-5214	date:	2012-09-18T00:00:00
db:	VULHUB	id:	VHN-56318	date:	2012-09-25T00:00:00
db:	BID	id:	55559	date:	2012-09-13T00:00:00
db:	JVNDB	id:	JVNDB-2012-004573	date:	2012-09-26T00:00:00
db:	CNNVD	id:	CNNVD-201209-625	date:	2012-09-28T00:00:00
db:	CNNVD	id:	CNNVD-201209-536	date:	2022-02-07T00:00:00
db:	NVD	id:	CVE-2012-3037	date:	2024-11-21T01:40:09.607

SOURCES RELEASE DATE

db:	IVD	id:	593911a8-2353-11e6-abef-000c29c66e3d	date:	2012-09-26T00:00:00
db:	IVD	id:	7d7a6cd2-463f-11e9-b37e-000c29342cb1	date:	2012-09-26T00:00:00
db:	IVD	id:	b227220c-1f55-11e6-abef-000c29c66e3d	date:	2012-09-18T00:00:00
db:	CNVD	id:	CNVD-2012-7998	date:	2012-09-26T00:00:00
db:	CNVD	id:	CNVD-2012-5214	date:	2012-09-18T00:00:00
db:	VULHUB	id:	VHN-56318	date:	2012-09-25T00:00:00
db:	BID	id:	55559	date:	2012-09-13T00:00:00
db:	JVNDB	id:	JVNDB-2012-004573	date:	2012-09-26T00:00:00
db:	PACKETSTORM	id:	116562	date:	2012-09-14T04:14:34
db:	CNNVD	id:	CNNVD-201209-625	date:	2012-09-28T00:00:00
db:	CNNVD	id:	CNNVD-201209-536	date:	2012-09-26T00:00:00
db:	NVD	id:	CVE-2012-3037	date:	2012-09-25T11:07:46.470