Sign-up

ID

VAR-201303-0007


CVE

CVE-2011-4515


TITLE

Siemens WinCC Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2013-001963

DESCRIPTION

Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging (1) physical access or (2) Sm@rt Server access. The Siemens SIMATIC WinCC TIA Portal covers engineering tools for the entire HMI field, from compact series panels to SCADA systems. There are several vulnerabilities in the Siemens SIMATIC WinCC TIA Portal that can be exploited by malicious users to disclose sensitive information, bypass security restrictions, insert and execute scripts, cause denial of service, and so on. 1. There is an error in processing the HTTP request, which can be exploited to cause the HMI web server to crash. 2. Some of the input in the HMI web application is not properly filtered and can be used to insert arbitrary HTML and script code, or to insert any HTTP header. 3, some URLs are not properly filtered to access certain files, can be used to leak the source code of the panel server-side web application files. To successfully exploit these vulnerabilities, you need to open the web server. Siemens SIMATIC WinCC TIA Portal is prone to multiple security vulnerabilities, including: 1. A security-bypass vulnerability 2. A denial-of-service vulnerability 3. An HTML-injection vulnerability 4. An information-disclosure vulnerability 5. An HTTP-header-injection vulnerability 6. An information-disclosure vulnerability 7. A cross-site scripting vulnerability Attackers can exploit these issues to bypass certain security restrictions, obtain sensitive information and gain unauthorized access, allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, insert arbitrary headers into an HTTP response, or perform a denial-of-service attack. Other attacks may be possible. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions

Trust: 2.7

sources: NVD: CVE-2011-4515 // JVNDB: JVNDB-2013-001963 // CNVD: CNVD-2013-02166 // BID: 58567 // IVD: 0906f0c4-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-52460

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 0906f0c4-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02166

AFFECTED PRODUCTS

vendor:siemensmodel:wincc tia portalscope:eqversion:11.0

Trust: 1.6

vendor:siemensmodel:simatic winccscope:eqversion:11

Trust: 0.8

vendor:siemensmodel:simatic wincc tia portalscope:eqversion:11.x

Trust: 0.6

vendor:wincc tia portalmodel: - scope:eqversion:11.0

Trust: 0.2

sources: IVD: 0906f0c4-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02166 // JVNDB: JVNDB-2013-001963 // CNNVD: CNNVD-201303-404 // NVD: CVE-2011-4515

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4515
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-4515
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-02166
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201303-404
value: MEDIUM

Trust: 0.6

IVD: 0906f0c4-2353-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-52460
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-4515
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-02166
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 0906f0c4-2353-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-52460
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 0906f0c4-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02166 // VULHUB: VHN-52460 // JVNDB: JVNDB-2013-001963 // CNNVD: CNNVD-201303-404 // NVD: CVE-2011-4515

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.1

problemtype:CWE-310

Trust: 0.8

sources: VULHUB: VHN-52460 // JVNDB: JVNDB-2013-001963 // NVD: CVE-2011-4515

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201303-404

TYPE

Trust management

Trust: 0.8

sources: IVD: 0906f0c4-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201303-404

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-001963

PATCH
title:Top Pageurl:http://www.siemens.com/entry/cc/en/
Trust: 0.8
title:SSA-212483: Vulnerabilities in WinCC (TIA Portal) V11url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf
Trust: 0.8
title:シーメンスソリューションパートナーurl:http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx
Trust: 0.8
title:シーメンス・ジャパン株式会社url:http://www.siemens.com/answers/jp/ja/
Trust: 0.8
title:Siemens SIMATIC WinCC TIA Portal has patches for multiple vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/33006
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-02166 // 
            
            
            
            JVNDB: JVNDB-2013-001963

EXTERNAL IDS
db:NVDid:CVE-2011-4515
Trust: 3.7
db:ICS CERTid:ICSA-13-079-03
Trust: 3.1
db:SIEMENSid:SSA-212483
Trust: 1.7
db:BIDid:58567
Trust: 1.0
db:CNNVDid:CNNVD-201303-404
Trust: 0.9
db:CNVDid:CNVD-2013-02166
Trust: 0.8
db:JVNDBid:JVNDB-2013-001963
Trust: 0.8
db:SECUNIAid:52646
Trust: 0.6
db:IVDid:0906F0C4-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:PACKETSTORMid:120897
Trust: 0.2
db:VULHUBid:VHN-52460
Trust: 0.1
sources:
            
            
            IVD: 0906f0c4-2353-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-02166 // 
            
            
            
            VULHUB: VHN-52460 // 
            
            
            
            BID: 58567 // 
            
            
            
            JVNDB: JVNDB-2013-001963 // 
            
            
            
            PACKETSTORM: 120897 // 
            
            
            
            CNNVD: CNNVD-201303-404 // 
            
            
            
            NVD: CVE-2011-4515

REFERENCES
url:http://ics-cert.us-cert.gov/pdf/icsa-13-079-03.pdf
Trust: 3.1
url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4515
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4515
Trust: 0.8
url:http://secunia.com/advisories/52646
Trust: 0.6
url:http://subscriber.communications.siemens.com/
Trust: 0.3
url:http://aunz.siemens.com/newscentre/productreleases/pages/iac_pr_simaticwinccv62.aspx
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2011-4515
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-02166 // 
            
            
            
            VULHUB: VHN-52460 // 
            
            
            
            BID: 58567 // 
            
            
            
            JVNDB: JVNDB-2013-001963 // 
            
            
            
            PACKETSTORM: 120897 // 
            
            
            
            CNNVD: CNNVD-201303-404 // 
            
            
            
            NVD: CVE-2011-4515

CREDITS
Gleb Gritsai, Sergey Bobrov, Roman Ilin, Artem Chaykin, Timur Yunusov, and Ilya Karpov from Positive Technologies.
Trust: 0.9
sources:
            
            
            BID: 58567 // 
            
            
            
            CNNVD: CNNVD-201303-404

SOURCES
db:IVDid:0906f0c4-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-02166
db:VULHUBid:VHN-52460
db:BIDid:58567
db:JVNDBid:JVNDB-2013-001963
db:PACKETSTORMid:120897
db:CNNVDid:CNNVD-201303-404
db:NVDid:CVE-2011-4515

LAST UPDATE DATE
2024-08-14T13:48:32.401000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-02166date:2013-03-26T00:00:00
db:VULHUBid:VHN-52460date:2013-05-31T00:00:00
db:BIDid:58567date:2013-03-15T00:00:00
db:JVNDBid:JVNDB-2013-001963date:2013-03-25T00:00:00
db:CNNVDid:CNNVD-201303-404date:2013-03-22T00:00:00
db:NVDid:CVE-2011-4515date:2013-05-31T04:00:00

SOURCES RELEASE DATE
db:IVDid:0906f0c4-2353-11e6-abef-000c29c66e3ddate:2013-03-26T00:00:00
db:CNVDid:CNVD-2013-02166date:2013-03-26T00:00:00
db:VULHUBid:VHN-52460date:2013-03-21T00:00:00
db:BIDid:58567date:2013-03-15T00:00:00
db:JVNDBid:JVNDB-2013-001963date:2013-03-25T00:00:00
db:PACKETSTORMid:120897date:2013-03-21T15:00:32
db:CNNVDid:CNNVD-201303-404date:2013-03-20T00:00:00
db:NVDid:CVE-2011-4515date:2013-03-21T14:55:01.423