Details of VAR-201210-0182

ID

VAR-201210-0182

CVE

CVE-2012-3040

TITLE

Siemens SIMATIC Network Server Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2012-7944 // CNNVD: CNNVD-201210-173

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. Siemens SIMATIC is an automation software in a single engineering environment. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Siemens SIMATIC S7-1200 Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA50816 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50816/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50816 RELEASE DATE: 2012-10-09 DISCUSS ADVISORY: http://secunia.com/advisories/50816/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50816/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50816 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Siemens SIMATIC S7-1200, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input passed to the web server component is not properly sanitised before being returned to the user. The vulnerability is reported in versions 2.x, 3.0.0, and 3.0.1. SOLUTION: Apply firmware update available via support. PROVIDED AND/OR DISCOVERED BY: The vendor credits Dmitriy Serebryannikov, Artem Chaikin, Yury Goltsev, and Timur Yunusov, Positive Technologies. ORIGINAL ADVISORY: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-279823.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.69

sources: NVD: CVE-2012-3040 // JVNDB: JVNDB-2012-004922 // CNVD: CNVD-2012-7944 // CNVD: CNVD-2012-5661 // BID: 55841 // IVD: 7d745250-463f-11e9-bb92-000c29342cb1 // IVD: 4fe83c46-2353-11e6-abef-000c29c66e3d // IVD: 84f16660-1f52-11e6-abef-000c29c66e3d // VULHUB: VHN-56321 // PACKETSTORM: 117226

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.8

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic s7-1200	scope:	eq	version:	2.0.3	Trust: 1.1
vendor:	siemens	model:	simatic s7-1200 cpu 1214 fc	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1211c	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1215c	scope:	lt	version:	3.0.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1217c	scope:	lt	version:	3.0.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200	scope:	lt	version:	3.0.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1214c	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1215 fc	scope:	lt	version:	3.0.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1212c	scope:	lt	version:	3.0.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1212fc	scope:	lt	version:	3.0.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1215c	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1214c	scope:	lt	version:	3.0.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1212c	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1212fc	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1215 fc	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1217c	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1214 fc	scope:	lt	version:	3.0.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1211c	scope:	lt	version:	3.0.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200	scope:	eq	version:	2.0.2	Trust: 0.9
vendor:	siemens	model:	simatic s7-1200 micro plc	scope:	eq	version:	2.x to 3.0.1	Trust: 0.8
vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic s7-1200 plc	scope:	eq	version:	2.2	Trust: 0.6
vendor:	siemens	model:	simatic s7-1200 plc	scope:	eq	version:	3.0.1	Trust: 0.6
vendor:	siemens	model:	simatic s7-1200 plc	scope:	eq	version:	2.1	Trust: 0.6
vendor:	siemens	model:	simatic s7-1200 plc	scope:	eq	version:	3.0.0	Trust: 0.6
vendor:	siemens	model:	simatic s7-1200 plc	scope:	eq	version:	2.0	Trust: 0.6
vendor:	simatic s7 1200 plc	model:	-	scope:	eq	version:	2.0	Trust: 0.4
vendor:	simatic s7 1200 plc	model:	-	scope:	eq	version:	2.1	Trust: 0.4
vendor:	simatic s7 1200 plc	model:	-	scope:	eq	version:	2.2	Trust: 0.4
vendor:	simatic s7 1200 plc	model:	-	scope:	eq	version:	3.0.0	Trust: 0.4
vendor:	simatic s7 1200 plc	model:	-	scope:	eq	version:	3.0.1	Trust: 0.4
vendor:	siemens	model:	simatic s7-1200	scope:	eq	version:	2.0.2*	Trust: 0.2

sources: IVD: 7d745250-463f-11e9-bb92-000c29342cb1 // IVD: 4fe83c46-2353-11e6-abef-000c29c66e3d // IVD: 84f16660-1f52-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-7944 // CNVD: CNVD-2012-5661 // BID: 55841 // JVNDB: JVNDB-2012-004922 // CNNVD: CNNVD-201210-173 // NVD: CVE-2012-3040

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3040
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-3040
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2012-7944
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201210-173
value:	MEDIUM
Trust: 0.6
IVD:	7d745250-463f-11e9-bb92-000c29342cb1
value:	MEDIUM
Trust: 0.2
IVD:	4fe83c46-2353-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
IVD:	84f16660-1f52-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULHUB:	VHN-56321
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-3040
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2012-7944
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7d745250-463f-11e9-bb92-000c29342cb1
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	4fe83c46-2353-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	84f16660-1f52-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2
VULHUB:	VHN-56321
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 7d745250-463f-11e9-bb92-000c29342cb1 // IVD: 4fe83c46-2353-11e6-abef-000c29c66e3d // IVD: 84f16660-1f52-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-7944 // VULHUB: VHN-56321 // JVNDB: JVNDB-2012-004922 // CNNVD: CNNVD-201210-173 // NVD: CVE-2012-3040

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-56321 // JVNDB: JVNDB-2012-004922 // NVD: CVE-2012-3040

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201210-257 // CNNVD: CNNVD-201210-173

TYPE

xss

Trust: 1.3

sources: PACKETSTORM: 117226 // CNNVD: CNNVD-201210-257 // CNNVD: CNNVD-201210-173

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004922

PATCH

title:	SIMATIC S7-1200	url:	http://www.automation.siemens.com/automation/jp/ja/automation_systems/plc/simatic-s7-controller/simatic-controller/s7-1200/pages/default.aspx	Trust: 0.8
title:	Top Page	url:	http://www.siemens.com/entry/cc/en/	Trust: 0.8
title:	SSA-279823: Cross-Site Scripting vulnerability in the SIMATIC S7-1200 web application	url:	http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-279823.pdf	Trust: 0.8
title:	シーメンスソリューションパートナー	url:	http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx	Trust: 0.8
title:	シーメンス・ジャパン株式会社	url:	http://www.siemens.com/answers/jp/ja/	Trust: 0.8
title:	Patch for the Siemens SIMATIC Network Server Cross-Site Scripting Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/36106	Trust: 0.6
title:	Siemens SIMATIC S7-1200 PLC 'web server' component cross-site scripting vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/23540	Trust: 0.6
title:	Siemens SIMATIC Repair measures for cross-site scripting vulnerabilities in web servers	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123574	Trust: 0.6

sources: CNVD: CNVD-2012-7944 // CNVD: CNVD-2012-5661 // JVNDB: JVNDB-2012-004922 // CNNVD: CNNVD-201210-173

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3040	Trust: 3.5
db:	ICS CERT	id:	ICSA-12-283-01	Trust: 3.1
db:	SECUNIA	id:	50816	Trust: 1.9
db:	SIEMENS	id:	SSA-279823	Trust: 1.8
db:	OSVDB	id:	86130	Trust: 1.7
db:	BID	id:	55841	Trust: 1.5
db:	CNNVD	id:	CNNVD-201210-173	Trust: 1.1
db:	CNVD	id:	CNVD-2012-7944	Trust: 1.0
db:	CNVD	id:	CNVD-2012-5661	Trust: 0.8
db:	JVNDB	id:	JVNDB-2012-004922	Trust: 0.8
db:	CNNVD	id:	CNNVD-201210-257	Trust: 0.6
db:	NSFOCUS	id:	47147	Trust: 0.6
db:	IVD	id:	7D745250-463F-11E9-BB92-000C29342CB1	Trust: 0.2
db:	IVD	id:	4FE83C46-2353-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	84F16660-1F52-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-56321	Trust: 0.1
db:	PACKETSTORM	id:	117226	Trust: 0.1

sources: IVD: 7d745250-463f-11e9-bb92-000c29342cb1 // IVD: 4fe83c46-2353-11e6-abef-000c29c66e3d // IVD: 84f16660-1f52-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-7944 // CNVD: CNVD-2012-5661 // VULHUB: VHN-56321 // BID: 55841 // JVNDB: JVNDB-2012-004922 // PACKETSTORM: 117226 // CNNVD: CNNVD-201210-257 // CNNVD: CNNVD-201210-173 // NVD: CVE-2012-3040

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/icsa-12-283-01.pdf	Trust: 3.1
url:	http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-279823.pdf	Trust: 1.8
url:	http://en.securitylab.ru/lab/pt-2012-50	Trust: 1.7
url:	http://osvdb.org/86130	Trust: 1.7
url:	http://secunia.com/advisories/50816	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3040	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3040	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/search-results?query=cve-2012-3040&search_type=all&cves=on	Trust: 0.6
url:	http://www.securityfocus.com/bid/55841	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/47147	Trust: 0.6
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=50816	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/advisories/50816/#comments	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/blog/325/	Trust: 0.1
url:	http://secunia.com/advisories/50816/	Trust: 0.1

sources: CNVD: CNVD-2012-7944 // CNVD: CNVD-2012-5661 // VULHUB: VHN-56321 // JVNDB: JVNDB-2012-004922 // PACKETSTORM: 117226 // CNNVD: CNNVD-201210-257 // CNNVD: CNNVD-201210-173 // NVD: CVE-2012-3040

CREDITS

Dmitriy Serebryannikov, Artem Chaikin, Yury Goltsev, and Timur Yunusov, Positive Technologies.

Trust: 0.9

sources: BID: 55841 // CNNVD: CNNVD-201210-257

SOURCES

db:	IVD	id:	7d745250-463f-11e9-bb92-000c29342cb1
db:	IVD	id:	4fe83c46-2353-11e6-abef-000c29c66e3d
db:	IVD	id:	84f16660-1f52-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2012-7944
db:	CNVD	id:	CNVD-2012-5661
db:	VULHUB	id:	VHN-56321
db:	BID	id:	55841
db:	JVNDB	id:	JVNDB-2012-004922
db:	PACKETSTORM	id:	117226
db:	CNNVD	id:	CNNVD-201210-257
db:	CNNVD	id:	CNNVD-201210-173
db:	NVD	id:	CVE-2012-3040

LAST UPDATE DATE

2024-11-23T22:35:26.401000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-7944	date:	2012-10-15T00:00:00
db:	CNVD	id:	CNVD-2012-5661	date:	2012-10-11T00:00:00
db:	VULHUB	id:	VHN-56321	date:	2013-06-21T00:00:00
db:	BID	id:	55841	date:	2012-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2012-004922	date:	2012-10-15T00:00:00
db:	CNNVD	id:	CNNVD-201210-257	date:	2012-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201210-173	date:	2022-02-07T00:00:00
db:	NVD	id:	CVE-2012-3040	date:	2024-11-21T01:40:09.877

SOURCES RELEASE DATE

db:	IVD	id:	7d745250-463f-11e9-bb92-000c29342cb1	date:	2012-10-15T00:00:00
db:	IVD	id:	4fe83c46-2353-11e6-abef-000c29c66e3d	date:	2012-10-15T00:00:00
db:	IVD	id:	84f16660-1f52-11e6-abef-000c29c66e3d	date:	2012-10-11T00:00:00
db:	CNVD	id:	CNVD-2012-7944	date:	2012-10-15T00:00:00
db:	CNVD	id:	CNVD-2012-5661	date:	2012-10-11T00:00:00
db:	VULHUB	id:	VHN-56321	date:	2012-10-10T00:00:00
db:	BID	id:	55841	date:	2012-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2012-004922	date:	2012-10-15T00:00:00
db:	PACKETSTORM	id:	117226	date:	2012-10-09T05:27:12
db:	CNNVD	id:	CNNVD-201210-257	date:	2012-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201210-173	date:	2012-10-15T00:00:00
db:	NVD	id:	CVE-2012-3040	date:	2012-10-10T18:55:02.080