ID

VAR-201303-0253


CVE

CVE-2013-0670


TITLE

Siemens WinCC of HMI Web In the application CRLF Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-001984

DESCRIPTION

CRLF injection vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions

Trust: 1.89

sources: NVD: CVE-2013-0670 // JVNDB: JVNDB-2013-001984 // IVD: 092844e0-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-60672

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 092844e0-2353-11e6-abef-000c29c66e3d

AFFECTED PRODUCTS

vendor:siemensmodel:wincc tia portalscope:eqversion:11.0

Trust: 1.6

vendor:siemensmodel:simatic winccscope:eqversion:11

Trust: 0.8

vendor:wincc tia portalmodel: - scope:eqversion:11.0

Trust: 0.2

sources: IVD: 092844e0-2353-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2013-001984 // CNNVD: CNNVD-201303-439 // NVD: CVE-2013-0670

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-0670
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-0670
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201303-439
value: MEDIUM

Trust: 0.6

IVD: 092844e0-2353-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-60672
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-0670
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 092844e0-2353-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-60672
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 092844e0-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-60672 // JVNDB: JVNDB-2013-001984 // CNNVD: CNNVD-201303-439 // NVD: CVE-2013-0670

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-60672 // JVNDB: JVNDB-2013-001984 // NVD: CVE-2013-0670

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201303-439

TYPE

Input validation

Trust: 0.8

sources: IVD: 092844e0-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201303-439

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-001984

PATCH

title:Top Pageurl:http://www.siemens.com/entry/cc/en/

Trust: 0.8

title:SSA-212483: Vulnerabilities in WinCC (TIA Portal) V11url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf

Trust: 0.8

title:シーメンスソリューションパートナーurl:http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx

Trust: 0.8

title:シーメンス・ジャパン株式会社url:http://www.siemens.com/answers/jp/ja/

Trust: 0.8

sources: JVNDB: JVNDB-2013-001984

EXTERNAL IDS

db:NVDid:CVE-2013-0670

Trust: 2.7

db:ICS CERTid:ICSA-13-079-03

Trust: 2.5

db:SIEMENSid:SSA-212483

Trust: 1.7

db:CNNVDid:CNNVD-201303-439

Trust: 0.9

db:JVNDBid:JVNDB-2013-001984

Trust: 0.8

db:IVDid:092844E0-2353-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-60672

Trust: 0.1

sources: IVD: 092844e0-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-60672 // JVNDB: JVNDB-2013-001984 // CNNVD: CNNVD-201303-439 // NVD: CVE-2013-0670

REFERENCES

url:http://ics-cert.us-cert.gov/pdf/icsa-13-079-03.pdf

Trust: 2.5

url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0670

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0670

Trust: 0.8

sources: VULHUB: VHN-60672 // JVNDB: JVNDB-2013-001984 // CNNVD: CNNVD-201303-439 // NVD: CVE-2013-0670

SOURCES

db:IVDid:092844e0-2353-11e6-abef-000c29c66e3d
db:VULHUBid:VHN-60672
db:JVNDBid:JVNDB-2013-001984
db:CNNVDid:CNNVD-201303-439
db:NVDid:CVE-2013-0670

LAST UPDATE DATE

2024-08-14T13:48:32.567000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-60672date:2013-03-22T00:00:00
db:JVNDBid:JVNDB-2013-001984date:2013-03-25T00:00:00
db:CNNVDid:CNNVD-201303-439date:2013-03-25T00:00:00
db:NVDid:CVE-2013-0670date:2013-03-22T04:00:00

SOURCES RELEASE DATE

db:IVDid:092844e0-2353-11e6-abef-000c29c66e3ddate:2013-03-22T00:00:00
db:VULHUBid:VHN-60672date:2013-03-21T00:00:00
db:JVNDBid:JVNDB-2013-001984date:2013-03-25T00:00:00
db:CNNVDid:CNNVD-201303-439date:2013-03-22T00:00:00
db:NVDid:CVE-2013-0670date:2013-03-21T14:55:01.517