ID

VAR-201303-0256


CVE

CVE-2013-0674


TITLE

Siemens WinCC RegReader ActiveX Control Buffer Overflow Vulnerability

Trust: 1.4

sources: IVD: 08e4d3e0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02143 // CNNVD: CNNVD-201303-442

DESCRIPTION

Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long parameter. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. Siemens SIMATIC PCS is a process control system. Code. Multiple information-disclosure vulnerabilities 2. A directory-traversal vulnerability 3. Failed exploit attempts will result in a denial-of-service conditions

Trust: 3.42

sources: NVD: CVE-2013-0674 // JVNDB: JVNDB-2013-001987 // CNVD: CNVD-2013-02143 // CNVD: CNVD-2013-02175 // BID: 58545 // IVD: cb5589ec-1f2f-11e6-abef-000c29c66e3d // IVD: 08e4d3e0-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-60676

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.6

sources: IVD: cb5589ec-1f2f-11e6-abef-000c29c66e3d // IVD: 08e4d3e0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02143 // CNVD: CNVD-2013-02175

AFFECTED PRODUCTS

vendor:siemensmodel:winccscope:eqversion:6.0

Trust: 1.6

vendor:siemensmodel:simatic pcs7scope:eqversion:7.1

Trust: 1.6

vendor:siemensmodel:winccscope:eqversion:7.0

Trust: 1.6

vendor:siemensmodel:winccscope:eqversion:5.0

Trust: 1.6

vendor:siemensmodel:simatic winccscope:ltversion:7.2

Trust: 1.4

vendor:siemensmodel:simatic pcs7scope:lteversion:8.0

Trust: 1.0

vendor:siemensmodel:winccscope:lteversion:7.1

Trust: 1.0

vendor:winccmodel: - scope:eqversion:6.0

Trust: 0.8

vendor:winccmodel: - scope:eqversion:7.0

Trust: 0.8

vendor:siemensmodel:simatic pcs 7scope:ltversion:8.0 sp1

Trust: 0.8

vendor:siemensmodel:winccscope:ltversion:7.2

Trust: 0.6

vendor:siemensmodel:simatic pcs sp1scope:eqversion:7<8.0

Trust: 0.6

vendor:siemensmodel:simatic pcs7scope:eqversion:8.0

Trust: 0.6

vendor:winccmodel: - scope:eqversion:5.0

Trust: 0.4

vendor:siemensmodel:simatic wincc siemens simatic pcs sp1scope:ltversion:7.27<8.0

Trust: 0.2

vendor:simatic pcs7model: - scope:eqversion:7.1

Trust: 0.2

vendor:simatic pcs7model: - scope:eqversion:*

Trust: 0.2

vendor:winccmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: cb5589ec-1f2f-11e6-abef-000c29c66e3d // IVD: 08e4d3e0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02143 // CNVD: CNVD-2013-02175 // JVNDB: JVNDB-2013-001987 // CNNVD: CNNVD-201303-442 // NVD: CVE-2013-0674

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-0674
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-0674
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-02143
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2013-02175
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201303-442
value: MEDIUM

Trust: 0.6

IVD: cb5589ec-1f2f-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: 08e4d3e0-2353-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-60676
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-0674
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-02143
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2013-02175
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: cb5589ec-1f2f-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 08e4d3e0-2353-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-60676
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: cb5589ec-1f2f-11e6-abef-000c29c66e3d // IVD: 08e4d3e0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02143 // CNVD: CNVD-2013-02175 // VULHUB: VHN-60676 // JVNDB: JVNDB-2013-001987 // CNNVD: CNNVD-201303-442 // NVD: CVE-2013-0674

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-60676 // JVNDB: JVNDB-2013-001987 // NVD: CVE-2013-0674

THREAT TYPE

remote

Trust: 1.3

sources: PACKETSTORM: 120899 // CNNVD: CNNVD-201303-363 // CNNVD: CNNVD-201303-442

TYPE

Buffer overflow

Trust: 1.0

sources: IVD: cb5589ec-1f2f-11e6-abef-000c29c66e3d // IVD: 08e4d3e0-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201303-442

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-001987

PATCH

title:Top Pageurl:http://www.siemens.com/entry/cc/en/

Trust: 0.8

title:SSA-714398: Vulnerabilities in WinCC 7.0 SP3 Update 1url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf

Trust: 0.8

title:シーメンスソリューションパートナーurl:http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx

Trust: 0.8

title:シーメンス・ジャパン株式会社url:http://www.siemens.com/answers/jp/ja/

Trust: 0.8

title:Patch for the Siemens WinCC RegReader ActiveX Control Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/32993

Trust: 0.6

title:Siemens SIMATIC WinCC and PCS 7 have patches for multiple vulnerabilities such as information leakage, directory traversal, buffer overflows, etc.url:https://www.cnvd.org.cn/patchInfo/show/33002

Trust: 0.6

sources: CNVD: CNVD-2013-02143 // CNVD: CNVD-2013-02175 // JVNDB: JVNDB-2013-001987

EXTERNAL IDS

db:NVDid:CVE-2013-0674

Trust: 3.9

db:ICS CERTid:ICSA-13-079-02

Trust: 2.8

db:SIEMENSid:SSA-714398

Trust: 2.0

db:BIDid:58545

Trust: 1.5

db:CNNVDid:CNNVD-201303-442

Trust: 1.1

db:CNVDid:CNVD-2013-02175

Trust: 0.8

db:CNVDid:CNVD-2013-02143

Trust: 0.8

db:JVNDBid:JVNDB-2013-001987

Trust: 0.8

db:CNNVDid:CNNVD-201303-363

Trust: 0.6

db:IVDid:CB5589EC-1F2F-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:08E4D3E0-2353-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-60676

Trust: 0.1

db:PACKETSTORMid:120899

Trust: 0.1

sources: IVD: cb5589ec-1f2f-11e6-abef-000c29c66e3d // IVD: 08e4d3e0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02143 // CNVD: CNVD-2013-02175 // VULHUB: VHN-60676 // BID: 58545 // JVNDB: JVNDB-2013-001987 // PACKETSTORM: 120899 // CNNVD: CNNVD-201303-363 // CNNVD: CNNVD-201303-442 // NVD: CVE-2013-0674

REFERENCES

url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf

Trust: 2.0

url:http://ics-cert.us-cert.gov/pdf/icsa-13-079-02.pdf

Trust: 2.0

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0674

Trust: 1.4

url:http://www.securityfocus.com/bid/58545

Trust: 1.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0674

Trust: 0.8

url:http://ics-cert.us-cert.gov/pdf/icsa-13-079-02-a.pdf

Trust: 0.8

url:http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/scada/simatic-wincc/pages/default.aspx

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-0677

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0674

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0678

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0676

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0679

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0675

Trust: 0.1

sources: CNVD: CNVD-2013-02143 // CNVD: CNVD-2013-02175 // VULHUB: VHN-60676 // BID: 58545 // JVNDB: JVNDB-2013-001987 // PACKETSTORM: 120899 // CNNVD: CNNVD-201303-363 // CNNVD: CNNVD-201303-442 // NVD: CVE-2013-0674

CREDITS

Vendor, Gleb Gritsai and Sergey Gordeychik from Positive Technologies

Trust: 0.9

sources: BID: 58545 // CNNVD: CNNVD-201303-363

SOURCES

db:IVDid:cb5589ec-1f2f-11e6-abef-000c29c66e3d
db:IVDid:08e4d3e0-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-02143
db:CNVDid:CNVD-2013-02175
db:VULHUBid:VHN-60676
db:BIDid:58545
db:JVNDBid:JVNDB-2013-001987
db:PACKETSTORMid:120899
db:CNNVDid:CNNVD-201303-363
db:CNNVDid:CNNVD-201303-442
db:NVDid:CVE-2013-0674

LAST UPDATE DATE

2024-08-14T14:06:52.435000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-02143date:2013-03-26T00:00:00
db:CNVDid:CNVD-2013-02175date:2013-03-26T00:00:00
db:VULHUBid:VHN-60676date:2013-03-22T00:00:00
db:BIDid:58545date:2013-04-02T15:37:00
db:JVNDBid:JVNDB-2013-001987date:2013-03-25T00:00:00
db:CNNVDid:CNNVD-201303-363date:2013-03-19T00:00:00
db:CNNVDid:CNNVD-201303-442date:2013-03-25T00:00:00
db:NVDid:CVE-2013-0674date:2013-03-22T13:49:57.633

SOURCES RELEASE DATE

db:IVDid:cb5589ec-1f2f-11e6-abef-000c29c66e3ddate:2013-03-26T00:00:00
db:IVDid:08e4d3e0-2353-11e6-abef-000c29c66e3ddate:2013-03-26T00:00:00
db:CNVDid:CNVD-2013-02143date:2013-03-26T00:00:00
db:CNVDid:CNVD-2013-02175date:2013-03-26T00:00:00
db:VULHUBid:VHN-60676date:2013-03-21T00:00:00
db:BIDid:58545date:2013-03-15T00:00:00
db:JVNDBid:JVNDB-2013-001987date:2013-03-25T00:00:00
db:PACKETSTORMid:120899date:2013-03-21T15:07:17
db:CNNVDid:CNNVD-201303-363date:2013-03-19T00:00:00
db:CNNVDid:CNNVD-201303-442date:2013-03-22T00:00:00
db:NVDid:CVE-2013-0674date:2013-03-21T15:55:01.533