Details of VAR-201303-0256

ID

VAR-201303-0256

CVE

CVE-2013-0674

TITLE

Siemens WinCC RegReader ActiveX Control Buffer Overflow Vulnerability

Trust: 1.4

sources: IVD: 08e4d3e0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02143 // CNNVD: CNNVD-201303-442

DESCRIPTION

Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long parameter. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. Siemens SIMATIC PCS is a process control system. Code. Multiple information-disclosure vulnerabilities 2. A directory-traversal vulnerability 3. Failed exploit attempts will result in a denial-of-service conditions

Trust: 3.42

sources: NVD: CVE-2013-0674 // JVNDB: JVNDB-2013-001987 // CNVD: CNVD-2013-02143 // CNVD: CNVD-2013-02175 // BID: 58545 // IVD: cb5589ec-1f2f-11e6-abef-000c29c66e3d // IVD: 08e4d3e0-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-60676

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.6

sources: IVD: cb5589ec-1f2f-11e6-abef-000c29c66e3d // IVD: 08e4d3e0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02143 // CNVD: CNVD-2013-02175

AFFECTED PRODUCTS

vendor:	siemens	model:	wincc	scope:	eq	version:	6.0	Trust: 1.6
vendor:	siemens	model:	simatic pcs7	scope:	eq	version:	7.1	Trust: 1.6
vendor:	siemens	model:	wincc	scope:	eq	version:	7.0	Trust: 1.6
vendor:	siemens	model:	wincc	scope:	eq	version:	5.0	Trust: 1.6
vendor:	siemens	model:	simatic wincc	scope:	lt	version:	7.2	Trust: 1.4
vendor:	siemens	model:	simatic pcs7	scope:	lte	version:	8.0	Trust: 1.0
vendor:	siemens	model:	wincc	scope:	lte	version:	7.1	Trust: 1.0
vendor:	wincc	model:	-	scope:	eq	version:	6.0	Trust: 0.8
vendor:	wincc	model:	-	scope:	eq	version:	7.0	Trust: 0.8
vendor:	siemens	model:	simatic pcs 7	scope:	lt	version:	8.0 sp1	Trust: 0.8
vendor:	siemens	model:	wincc	scope:	lt	version:	7.2	Trust: 0.6
vendor:	siemens	model:	simatic pcs sp1	scope:	eq	version:	7<8.0	Trust: 0.6
vendor:	siemens	model:	simatic pcs7	scope:	eq	version:	8.0	Trust: 0.6
vendor:	wincc	model:	-	scope:	eq	version:	5.0	Trust: 0.4
vendor:	siemens	model:	simatic wincc siemens simatic pcs sp1	scope:	lt	version:	7.27<8.0	Trust: 0.2
vendor:	simatic pcs7	model:	-	scope:	eq	version:	7.1	Trust: 0.2
vendor:	simatic pcs7	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	wincc	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: cb5589ec-1f2f-11e6-abef-000c29c66e3d // IVD: 08e4d3e0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02143 // CNVD: CNVD-2013-02175 // JVNDB: JVNDB-2013-001987 // CNNVD: CNNVD-201303-442 // NVD: CVE-2013-0674

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-0674
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-0674
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-02143
value:	MEDIUM
Trust: 0.6
CNVD:	CNVD-2013-02175
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201303-442
value:	MEDIUM
Trust: 0.6
IVD:	cb5589ec-1f2f-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
IVD:	08e4d3e0-2353-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-60676
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-0674
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-02143
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2013-02175
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	cb5589ec-1f2f-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	08e4d3e0-2353-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-60676
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: cb5589ec-1f2f-11e6-abef-000c29c66e3d // IVD: 08e4d3e0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02143 // CNVD: CNVD-2013-02175 // VULHUB: VHN-60676 // JVNDB: JVNDB-2013-001987 // CNNVD: CNNVD-201303-442 // NVD: CVE-2013-0674

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-60676 // JVNDB: JVNDB-2013-001987 // NVD: CVE-2013-0674

THREAT TYPE

remote

Trust: 1.3

sources: PACKETSTORM: 120899 // CNNVD: CNNVD-201303-363 // CNNVD: CNNVD-201303-442

TYPE

Buffer overflow

Trust: 1.0

sources: IVD: cb5589ec-1f2f-11e6-abef-000c29c66e3d // IVD: 08e4d3e0-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201303-442

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-001987

PATCH

title:	Top Page	url:	http://www.siemens.com/entry/cc/en/	Trust: 0.8
title:	SSA-714398: Vulnerabilities in WinCC 7.0 SP3 Update 1	url:	http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf	Trust: 0.8
title:	シーメンスソリューションパートナー	url:	http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx	Trust: 0.8
title:	シーメンス・ジャパン株式会社	url:	http://www.siemens.com/answers/jp/ja/	Trust: 0.8
title:	Patch for the Siemens WinCC RegReader ActiveX Control Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/32993	Trust: 0.6
title:	Siemens SIMATIC WinCC and PCS 7 have patches for multiple vulnerabilities such as information leakage, directory traversal, buffer overflows, etc.	url:	https://www.cnvd.org.cn/patchInfo/show/33002	Trust: 0.6

sources: CNVD: CNVD-2013-02143 // CNVD: CNVD-2013-02175 // JVNDB: JVNDB-2013-001987

EXTERNAL IDS

db:	NVD	id:	CVE-2013-0674	Trust: 3.9
db:	ICS CERT	id:	ICSA-13-079-02	Trust: 2.8
db:	SIEMENS	id:	SSA-714398	Trust: 2.0
db:	BID	id:	58545	Trust: 1.5
db:	CNNVD	id:	CNNVD-201303-442	Trust: 1.1
db:	CNVD	id:	CNVD-2013-02175	Trust: 0.8
db:	CNVD	id:	CNVD-2013-02143	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-001987	Trust: 0.8
db:	CNNVD	id:	CNNVD-201303-363	Trust: 0.6
db:	IVD	id:	CB5589EC-1F2F-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	08E4D3E0-2353-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-60676	Trust: 0.1
db:	PACKETSTORM	id:	120899	Trust: 0.1

sources: IVD: cb5589ec-1f2f-11e6-abef-000c29c66e3d // IVD: 08e4d3e0-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-02143 // CNVD: CNVD-2013-02175 // VULHUB: VHN-60676 // BID: 58545 // JVNDB: JVNDB-2013-001987 // PACKETSTORM: 120899 // CNNVD: CNNVD-201303-363 // CNNVD: CNNVD-201303-442 // NVD: CVE-2013-0674

REFERENCES

url:	http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf	Trust: 2.0
url:	http://ics-cert.us-cert.gov/pdf/icsa-13-079-02.pdf	Trust: 2.0
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0674	Trust: 1.4
url:	http://www.securityfocus.com/bid/58545	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0674	Trust: 0.8
url:	http://ics-cert.us-cert.gov/pdf/icsa-13-079-02-a.pdf	Trust: 0.8
url:	http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/scada/simatic-wincc/pages/default.aspx	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2013-0677	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-0674	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-0678	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-0676	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-0679	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-0675	Trust: 0.1

sources: CNVD: CNVD-2013-02143 // CNVD: CNVD-2013-02175 // VULHUB: VHN-60676 // BID: 58545 // JVNDB: JVNDB-2013-001987 // PACKETSTORM: 120899 // CNNVD: CNNVD-201303-363 // CNNVD: CNNVD-201303-442 // NVD: CVE-2013-0674

CREDITS

Vendor, Gleb Gritsai and Sergey Gordeychik from Positive Technologies

Trust: 0.9

sources: BID: 58545 // CNNVD: CNNVD-201303-363

SOURCES

db:	IVD	id:	cb5589ec-1f2f-11e6-abef-000c29c66e3d
db:	IVD	id:	08e4d3e0-2353-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-02143
db:	CNVD	id:	CNVD-2013-02175
db:	VULHUB	id:	VHN-60676
db:	BID	id:	58545
db:	JVNDB	id:	JVNDB-2013-001987
db:	PACKETSTORM	id:	120899
db:	CNNVD	id:	CNNVD-201303-363
db:	CNNVD	id:	CNNVD-201303-442
db:	NVD	id:	CVE-2013-0674

LAST UPDATE DATE

2024-08-14T14:06:52.435000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-02143	date:	2013-03-26T00:00:00
db:	CNVD	id:	CNVD-2013-02175	date:	2013-03-26T00:00:00
db:	VULHUB	id:	VHN-60676	date:	2013-03-22T00:00:00
db:	BID	id:	58545	date:	2013-04-02T15:37:00
db:	JVNDB	id:	JVNDB-2013-001987	date:	2013-03-25T00:00:00
db:	CNNVD	id:	CNNVD-201303-363	date:	2013-03-19T00:00:00
db:	CNNVD	id:	CNNVD-201303-442	date:	2013-03-25T00:00:00
db:	NVD	id:	CVE-2013-0674	date:	2013-03-22T13:49:57.633

SOURCES RELEASE DATE

db:	IVD	id:	cb5589ec-1f2f-11e6-abef-000c29c66e3d	date:	2013-03-26T00:00:00
db:	IVD	id:	08e4d3e0-2353-11e6-abef-000c29c66e3d	date:	2013-03-26T00:00:00
db:	CNVD	id:	CNVD-2013-02143	date:	2013-03-26T00:00:00
db:	CNVD	id:	CNVD-2013-02175	date:	2013-03-26T00:00:00
db:	VULHUB	id:	VHN-60676	date:	2013-03-21T00:00:00
db:	BID	id:	58545	date:	2013-03-15T00:00:00
db:	JVNDB	id:	JVNDB-2013-001987	date:	2013-03-25T00:00:00
db:	PACKETSTORM	id:	120899	date:	2013-03-21T15:07:17
db:	CNNVD	id:	CNNVD-201303-363	date:	2013-03-19T00:00:00
db:	CNNVD	id:	CNNVD-201303-442	date:	2013-03-22T00:00:00
db:	NVD	id:	CVE-2013-0674	date:	2013-03-21T15:55:01.533