ID

VAR-201303-0007


CVE

CVE-2011-4515


TITLE

Siemens WinCC Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2013-001963

DESCRIPTION

Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging (1) physical access or (2) Sm@rt Server access. The Siemens SIMATIC WinCC TIA Portal covers engineering tools for the entire HMI field, from compact series panels to SCADA systems. There are several vulnerabilities in the Siemens SIMATIC WinCC TIA Portal that can be exploited by malicious users to disclose sensitive information, bypass security restrictions, insert and execute scripts, cause denial of service, and so on. 1. There is an error in processing the HTTP request, which can be exploited to cause the HMI web server to crash. 2. Some of the input in the HMI web application is not properly filtered and can be used to insert arbitrary HTML and script code, or to insert any HTTP header. 3, some URLs are not properly filtered to access certain files, can be used to leak the source code of the panel server-side web application files. To successfully exploit these vulnerabilities, you need to open the web server. Siemens SIMATIC WinCC TIA Portal is prone to multiple security vulnerabilities, including: 1. A security-bypass vulnerability 2. A denial-of-service vulnerability 3. An HTML-injection vulnerability 4. An information-disclosure vulnerability 5. An HTTP-header-injection vulnerability 6. An information-disclosure vulnerability 7. A cross-site scripting vulnerability Attackers can exploit these issues to bypass certain security restrictions, obtain sensitive information and gain unauthorized access, allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, insert arbitrary headers into an HTTP response, or perform a denial-of-service attack. Other attacks may be possible. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions

Trust: 2.7

sources: NVD: CVE-2011-4515 // JVNDB: JVNDB-2013-001963 // CNVD: CNVD-2013-02166 // BID: 58567 // IVD: 0906f0c4-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-52460

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 0906f0c4-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02166

AFFECTED PRODUCTS

vendor:siemensmodel:wincc tia portalscope:eqversion:11.0

Trust: 1.6

vendor:siemensmodel:simatic winccscope:eqversion:11

Trust: 0.8

vendor:siemensmodel:simatic wincc tia portalscope:eqversion:11.x

Trust: 0.6

vendor:wincc tia portalmodel: - scope:eqversion:11.0

Trust: 0.2

sources: IVD: 0906f0c4-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02166 // JVNDB: JVNDB-2013-001963 // CNNVD: CNNVD-201303-404 // NVD: CVE-2011-4515

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4515
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-4515
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-02166
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201303-404
value: MEDIUM

Trust: 0.6

IVD: 0906f0c4-2353-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-52460
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-4515
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-02166
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 0906f0c4-2353-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-52460
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 0906f0c4-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02166 // VULHUB: VHN-52460 // JVNDB: JVNDB-2013-001963 // CNNVD: CNNVD-201303-404 // NVD: CVE-2011-4515

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.1

problemtype:CWE-310

Trust: 0.8

sources: VULHUB: VHN-52460 // JVNDB: JVNDB-2013-001963 // NVD: CVE-2011-4515

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201303-404

TYPE

Trust management

Trust: 0.8

sources: IVD: 0906f0c4-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201303-404

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-001963

PATCH

title:Top Pageurl:http://www.siemens.com/entry/cc/en/

Trust: 0.8

title:SSA-212483: Vulnerabilities in WinCC (TIA Portal) V11url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf

Trust: 0.8

title:シーメンスソリューションパートナーurl:http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx

Trust: 0.8

title:シーメンス・ジャパン株式会社url:http://www.siemens.com/answers/jp/ja/

Trust: 0.8

title:Siemens SIMATIC WinCC TIA Portal has patches for multiple vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/33006

Trust: 0.6

sources: CNVD: CNVD-2013-02166 // JVNDB: JVNDB-2013-001963

EXTERNAL IDS

db:NVDid:CVE-2011-4515

Trust: 3.7

db:ICS CERTid:ICSA-13-079-03

Trust: 3.1

db:SIEMENSid:SSA-212483

Trust: 1.7

db:BIDid:58567

Trust: 1.0

db:CNNVDid:CNNVD-201303-404

Trust: 0.9

db:CNVDid:CNVD-2013-02166

Trust: 0.8

db:JVNDBid:JVNDB-2013-001963

Trust: 0.8

db:SECUNIAid:52646

Trust: 0.6

db:IVDid:0906F0C4-2353-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:PACKETSTORMid:120897

Trust: 0.2

db:VULHUBid:VHN-52460

Trust: 0.1

sources: IVD: 0906f0c4-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02166 // VULHUB: VHN-52460 // BID: 58567 // JVNDB: JVNDB-2013-001963 // PACKETSTORM: 120897 // CNNVD: CNNVD-201303-404 // NVD: CVE-2011-4515

REFERENCES

url:http://ics-cert.us-cert.gov/pdf/icsa-13-079-03.pdf

Trust: 3.1

url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4515

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4515

Trust: 0.8

url:http://secunia.com/advisories/52646

Trust: 0.6

url:http://subscriber.communications.siemens.com/

Trust: 0.3

url:http://aunz.siemens.com/newscentre/productreleases/pages/iac_pr_simaticwinccv62.aspx

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-4515

Trust: 0.1

sources: CNVD: CNVD-2013-02166 // VULHUB: VHN-52460 // BID: 58567 // JVNDB: JVNDB-2013-001963 // PACKETSTORM: 120897 // CNNVD: CNNVD-201303-404 // NVD: CVE-2011-4515

CREDITS

Gleb Gritsai, Sergey Bobrov, Roman Ilin, Artem Chaykin, Timur Yunusov, and Ilya Karpov from Positive Technologies.

Trust: 0.9

sources: BID: 58567 // CNNVD: CNNVD-201303-404

SOURCES

db:IVDid:0906f0c4-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-02166
db:VULHUBid:VHN-52460
db:BIDid:58567
db:JVNDBid:JVNDB-2013-001963
db:PACKETSTORMid:120897
db:CNNVDid:CNNVD-201303-404
db:NVDid:CVE-2011-4515

LAST UPDATE DATE

2024-08-14T13:48:32.401000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-02166date:2013-03-26T00:00:00
db:VULHUBid:VHN-52460date:2013-05-31T00:00:00
db:BIDid:58567date:2013-03-15T00:00:00
db:JVNDBid:JVNDB-2013-001963date:2013-03-25T00:00:00
db:CNNVDid:CNNVD-201303-404date:2013-03-22T00:00:00
db:NVDid:CVE-2011-4515date:2013-05-31T04:00:00

SOURCES RELEASE DATE

db:IVDid:0906f0c4-2353-11e6-abef-000c29c66e3ddate:2013-03-26T00:00:00
db:CNVDid:CNVD-2013-02166date:2013-03-26T00:00:00
db:VULHUBid:VHN-52460date:2013-03-21T00:00:00
db:BIDid:58567date:2013-03-15T00:00:00
db:JVNDBid:JVNDB-2013-001963date:2013-03-25T00:00:00
db:PACKETSTORMid:120897date:2013-03-21T15:00:32
db:CNNVDid:CNNVD-201303-404date:2013-03-20T00:00:00
db:NVDid:CVE-2011-4515date:2013-03-21T14:55:01.423