Details of VAR-201303-0253

ID

VAR-201303-0253

CVE

CVE-2013-0670

TITLE

Siemens WinCC of HMI Web In the application CRLF Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-001984

DESCRIPTION

CRLF injection vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions

Trust: 1.89

sources: NVD: CVE-2013-0670 // JVNDB: JVNDB-2013-001984 // IVD: 092844e0-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-60672

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.2

sources: IVD: 092844e0-2353-11e6-abef-000c29c66e3d

AFFECTED PRODUCTS

vendor:	siemens	model:	wincc tia portal	scope:	eq	version:	11.0	Trust: 1.6
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	11	Trust: 0.8
vendor:	wincc tia portal	model:	-	scope:	eq	version:	11.0	Trust: 0.2

sources: IVD: 092844e0-2353-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2013-001984 // CNNVD: CNNVD-201303-439 // NVD: CVE-2013-0670

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-0670
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-0670
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201303-439
value:	MEDIUM
Trust: 0.6
IVD:	092844e0-2353-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-60672
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-0670
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	092844e0-2353-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-60672
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 092844e0-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-60672 // JVNDB: JVNDB-2013-001984 // CNNVD: CNNVD-201303-439 // NVD: CVE-2013-0670

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-60672 // JVNDB: JVNDB-2013-001984 // NVD: CVE-2013-0670

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201303-439

TYPE

Input validation

Trust: 0.8

sources: IVD: 092844e0-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201303-439

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-001984

PATCH

title:	Top Page	url:	http://www.siemens.com/entry/cc/en/	Trust: 0.8
title:	SSA-212483: Vulnerabilities in WinCC (TIA Portal) V11	url:	http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf	Trust: 0.8
title:	シーメンスソリューションパートナー	url:	http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx	Trust: 0.8
title:	シーメンス・ジャパン株式会社	url:	http://www.siemens.com/answers/jp/ja/	Trust: 0.8

sources: JVNDB: JVNDB-2013-001984

EXTERNAL IDS

db:	NVD	id:	CVE-2013-0670	Trust: 2.7
db:	ICS CERT	id:	ICSA-13-079-03	Trust: 2.5
db:	SIEMENS	id:	SSA-212483	Trust: 1.7
db:	CNNVD	id:	CNNVD-201303-439	Trust: 0.9
db:	JVNDB	id:	JVNDB-2013-001984	Trust: 0.8
db:	IVD	id:	092844E0-2353-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-60672	Trust: 0.1

sources: IVD: 092844e0-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-60672 // JVNDB: JVNDB-2013-001984 // CNNVD: CNNVD-201303-439 // NVD: CVE-2013-0670

REFERENCES

url:	http://ics-cert.us-cert.gov/pdf/icsa-13-079-03.pdf	Trust: 2.5
url:	http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0670	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0670	Trust: 0.8

sources: VULHUB: VHN-60672 // JVNDB: JVNDB-2013-001984 // CNNVD: CNNVD-201303-439 // NVD: CVE-2013-0670

SOURCES

db:	IVD	id:	092844e0-2353-11e6-abef-000c29c66e3d
db:	VULHUB	id:	VHN-60672
db:	JVNDB	id:	JVNDB-2013-001984
db:	CNNVD	id:	CNNVD-201303-439
db:	NVD	id:	CVE-2013-0670

LAST UPDATE DATE

2024-08-14T13:48:32.567000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-60672	date:	2013-03-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-001984	date:	2013-03-25T00:00:00
db:	CNNVD	id:	CNNVD-201303-439	date:	2013-03-25T00:00:00
db:	NVD	id:	CVE-2013-0670	date:	2013-03-22T04:00:00

SOURCES RELEASE DATE

db:	IVD	id:	092844e0-2353-11e6-abef-000c29c66e3d	date:	2013-03-22T00:00:00
db:	VULHUB	id:	VHN-60672	date:	2013-03-21T00:00:00
db:	JVNDB	id:	JVNDB-2013-001984	date:	2013-03-25T00:00:00
db:	CNNVD	id:	CNNVD-201303-439	date:	2013-03-22T00:00:00
db:	NVD	id:	CVE-2013-0670	date:	2013-03-21T14:55:01.517