Sign-up

ID

VAR-201211-0361


CVE

CVE-2012-5409


TITLE

Siemens SiPass Integrated 'SiPass server' Component Buffer Overflow Vulnerability

Trust: 1.1

sources: IVD: 834f0bd2-1f52-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-5662 // BID: 55835

DESCRIPTION

AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle IOCP RPC messages received over an Ethernet network, which allows remote attackers to write data to any memory location and consequently execute arbitrary code via crafted messages, as demonstrated by an arbitrary pointer dereference attack or a buffer overflow attack. The SiPass server is a component of the SiPass centralized access control system that receives the client's connection for communication. A buffer overflow vulnerability exists in the SiPass server processing message. Siemens SiPass Integrated is prone to a remote buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. Siemens SiPass integrated MP2.6 and earlier are affected. There are currently known arbitrary pointer reference attacks and buffer overflow attacks. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Siemens SiPass Integrated Message Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA50900 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50900/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50900 RELEASE DATE: 2012-10-09 DISCUSS ADVISORY: http://secunia.com/advisories/50900/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50900/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50900 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Siemens SiPass Integrated, which can be exploited by malicious people to compromise a vulnerable system. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions MP2.6 and prior. SOLUTION: Apply hotfix available via support. PROVIDED AND/OR DISCOVERED BY: The vendor credits Lucas Apa, IOActive. ORIGINAL ADVISORY: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-938777.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.97

sources: NVD: CVE-2012-5409 // JVNDB: JVNDB-2012-005192 // CNVD: CNVD-2012-5662 // BID: 55835 // IVD: 471bc9c0-2353-11e6-abef-000c29c66e3d // IVD: 834f0bd2-1f52-11e6-abef-000c29c66e3d // VULHUB: VHN-58690 // PACKETSTORM: 117249

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 471bc9c0-2353-11e6-abef-000c29c66e3d // IVD: 834f0bd2-1f52-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-5662

AFFECTED PRODUCTS

vendor:siemensmodel:sipass integratedscope:lteversion:mp2.6

Trust: 1.8

vendor:siemensmodel:sipass integrated mpscope:lteversion:<=2.6

Trust: 0.6

vendor:siemensmodel:sipass integratedscope:eqversion:mp2.6

Trust: 0.6

vendor:sipass integratedmodel: - scope:eqversion:*

Trust: 0.4

sources: IVD: 471bc9c0-2353-11e6-abef-000c29c66e3d // IVD: 834f0bd2-1f52-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-5662 // JVNDB: JVNDB-2012-005192 // CNNVD: CNNVD-201210-251 // NVD: CVE-2012-5409

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-5409
value: HIGH

Trust: 1.0

NVD: CVE-2012-5409
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201210-251
value: CRITICAL

Trust: 0.6

IVD: 471bc9c0-2353-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

IVD: 834f0bd2-1f52-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-58690
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-5409
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 471bc9c0-2353-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 834f0bd2-1f52-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-58690
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 471bc9c0-2353-11e6-abef-000c29c66e3d // IVD: 834f0bd2-1f52-11e6-abef-000c29c66e3d // VULHUB: VHN-58690 // JVNDB: JVNDB-2012-005192 // CNNVD: CNNVD-201210-251 // NVD: CVE-2012-5409

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-58690 // JVNDB: JVNDB-2012-005192 // NVD: CVE-2012-5409

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201210-251

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201210-251

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-005192

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-58690

PATCH
title:Siemens SiPass integratedurl:http://www.sipass-access-control.com/ssp-sipass/
Trust: 0.8
title:Top Pageurl:http://www.siemens.com/entry/cc/en/
Trust: 0.8
title:SSA-938777: Possible Remote Code Execution in SiPass Serverurl:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-938777.pdf
Trust: 0.8
title:シーメンスソリューションパートナーurl:http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx
Trust: 0.8
title:シーメンス・ジャパン株式会社url:http://www.siemens.com/answers/jp/ja/
Trust: 0.8
title:Siemens SiPass Integrated 'SiPass server' component buffer overflow vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/23541
Trust: 0.6
title:Siemens SiPass Integrated Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123575
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-5662 // 
            
            
            
            JVNDB: JVNDB-2012-005192 // 
            
            
            
            CNNVD: CNNVD-201210-251

EXTERNAL IDS
db:NVDid:CVE-2012-5409
Trust: 3.2
db:ICS CERTid:ICSA-12-305-01
Trust: 1.9
db:SIEMENSid:SSA-938777
Trust: 1.8
db:SECUNIAid:50900
Trust: 1.3
db:CNNVDid:CNNVD-201210-251
Trust: 1.1
db:OSVDBid:86129
Trust: 1.1
db:BIDid:55835
Trust: 1.0
db:CNVDid:CNVD-2012-5662
Trust: 0.8
db:JVNDBid:JVNDB-2012-005192
Trust: 0.8
db:NSFOCUSid:47137
Trust: 0.6
db:IVDid:471BC9C0-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:IVDid:834F0BD2-1F52-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:SEEBUGid:SSVID-76202
Trust: 0.1
db:EXPLOIT-DBid:22397
Trust: 0.1
db:VULHUBid:VHN-58690
Trust: 0.1
db:PACKETSTORMid:117249
Trust: 0.1
sources:
            
            
            IVD: 471bc9c0-2353-11e6-abef-000c29c66e3d // 
            
            
            
            IVD: 834f0bd2-1f52-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2012-5662 // 
            
            
            
            VULHUB: VHN-58690 // 
            
            
            
            BID: 55835 // 
            
            
            
            JVNDB: JVNDB-2012-005192 // 
            
            
            
            PACKETSTORM: 117249 // 
            
            
            
            CNNVD: CNNVD-201210-251 // 
            
            
            
            NVD: CVE-2012-5409

REFERENCES
url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-938777.pdf
Trust: 1.8
url:http://ics-cert.us-cert.gov/advisories/icsa-12-305-01
Trust: 1.1
url:http://ioactive.com/pdfs/siemens_sipass_integrated_ethernet_bus_arbitrary_pointer_dereference_v4.pdf
Trust: 1.1
url:http://www.osvdb.org/86129
Trust: 1.1
url:http://secunia.com/advisories/50900
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5409
Trust: 0.8
url:http://www.us-cert.gov/control_systems/pdf/icsa-12-305-01.pdf
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5409
Trust: 0.8
url:http://www.nsfocus.net/vulndb/47137
Trust: 0.6
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=50900
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/advisories/50900/#comments
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/50900/
Trust: 0.1
url:http://secunia.com/blog/325/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2012-5662 // 
            
            
            
            VULHUB: VHN-58690 // 
            
            
            
            JVNDB: JVNDB-2012-005192 // 
            
            
            
            PACKETSTORM: 117249 // 
            
            
            
            CNNVD: CNNVD-201210-251 // 
            
            
            
            NVD: CVE-2012-5409

CREDITS
Lucas Apa of IOActive
Trust: 0.9
sources:
            
            
            BID: 55835 // 
            
            
            
            CNNVD: CNNVD-201210-251

SOURCES
db:IVDid:471bc9c0-2353-11e6-abef-000c29c66e3d
db:IVDid:834f0bd2-1f52-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-5662
db:VULHUBid:VHN-58690
db:BIDid:55835
db:JVNDBid:JVNDB-2012-005192
db:PACKETSTORMid:117249
db:CNNVDid:CNNVD-201210-251
db:NVDid:CVE-2012-5409

LAST UPDATE DATE
2024-11-23T23:10:00.904000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-5662date:2012-10-11T00:00:00
db:VULHUBid:VHN-58690date:2013-05-21T00:00:00
db:BIDid:55835date:2012-10-31T21:11:00
db:JVNDBid:JVNDB-2012-005192date:2012-11-02T00:00:00
db:CNNVDid:CNNVD-201210-251date:2020-07-14T00:00:00
db:NVDid:CVE-2012-5409date:2024-11-21T01:44:40.070

SOURCES RELEASE DATE
db:IVDid:471bc9c0-2353-11e6-abef-000c29c66e3ddate:2012-10-16T00:00:00
db:IVDid:834f0bd2-1f52-11e6-abef-000c29c66e3ddate:2012-10-11T00:00:00
db:CNVDid:CNVD-2012-5662date:2012-10-11T00:00:00
db:VULHUBid:VHN-58690date:2012-11-01T00:00:00
db:BIDid:55835date:2012-10-09T00:00:00
db:JVNDBid:JVNDB-2012-005192date:2012-11-02T00:00:00
db:PACKETSTORMid:117249date:2012-10-09T06:25:18
db:CNNVDid:CNNVD-201210-251date:2012-10-16T00:00:00
db:NVDid:CVE-2012-5409date:2012-11-01T10:44:47.717