Details of VAR-201304-0148

ID

VAR-201304-0148

CVE

CVE-2013-0700

TITLE

Siemens SIMATIC Denial of service vulnerability

Trust: 0.8

sources: IVD: fa729f72-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201304-455

DESCRIPTION

Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to TCP port 102 (aka the ISO-TSAP port). SIEMENS SIMATIC S7-1200 is an automation application developed by Siemens. SIEMENS SIMATIC S7-1200 has an error in processing SNMP status information. An attacker can send a special message to UDP port 161 to put the device into defect mode. Allows an attacker to exploit a vulnerability for a denial of service attack. SIEMENS SIMATIC S7-1200 is prone to a denial-of-service vulnerability. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. Note: The issue described by SNMP status information has been moved to BID 59399 (SIEMENS SIMATIC S7-1200 CVE-2013-2780 Denial of Service Vulnerability) for better documentation. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Siemens SIMATIC S7-1200 Two Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA51628 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51628/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51628 RELEASE DATE: 2012-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/51628/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51628/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51628 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in SIMATIC S7-1200, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerabilities are reported in all 2.x and 3.x versions. SOLUTION: The vendor is currently working on a fix. No official solution is currently available. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Prof. Dr. Hartmut Pohl, softScheck GmbH 2) Arne Vidstrom, Swedish Defence Research Agency (FOI) ORIGINAL ADVISORY: SSA-724606: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.69

sources: NVD: CVE-2013-0700 // JVNDB: JVNDB-2012-005982 // CNVD: CNVD-2012-9290 // CNVD: CNVD-2012-9288 // BID: 57023 // IVD: fa729f72-2352-11e6-abef-000c29c66e3d // IVD: 17e8971c-1f45-11e6-abef-000c29c66e3d // IVD: 148b6054-1f45-11e6-abef-000c29c66e3d // VULHUB: VHN-60702 // PACKETSTORM: 119001

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.8

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic s7-1200	scope:	eq	version:	2.0.2	Trust: 1.5
vendor:	siemens	model:	simatic s7-1200	scope:	eq	version:	2.0.3	Trust: 1.5
vendor:	siemens	model:	simatic s7-1200 cpu 1215 fc	scope:	lt	version:	4.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200	scope:	lt	version:	4.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1212c	scope:	lt	version:	4.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1212fc	scope:	lt	version:	4.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1214c	scope:	lt	version:	4.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1214 fc	scope:	lt	version:	4.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1211c	scope:	lt	version:	4.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1215c	scope:	lt	version:	4.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 cpu 1217c	scope:	lt	version:	4.0	Trust: 1.0
vendor:	siemens	model:	simatic s7-1200 micro plc	scope:	eq	version:	2.x	Trust: 0.8
vendor:	siemens	model:	simatic s7-1200 micro plc	scope:	eq	version:	3.x	Trust: 0.8
vendor:	simatic s7 1200 plc	model:	-	scope:	eq	version:	2.0	Trust: 0.6
vendor:	simatic s7 1200 plc	model:	-	scope:	eq	version:	2.1	Trust: 0.6
vendor:	simatic s7 1200 plc	model:	-	scope:	eq	version:	2.2	Trust: 0.6
vendor:	simatic s7 1200 plc	model:	-	scope:	eq	version:	3.0.0	Trust: 0.6
vendor:	simatic s7 1200 plc	model:	-	scope:	eq	version:	3.0.1	Trust: 0.6
vendor:	siemens	model:	simatic s7-1200 plc	scope:	eq	version:	2.2	Trust: 0.6
vendor:	siemens	model:	simatic s7-1200 plc	scope:	eq	version:	3.0.1	Trust: 0.6
vendor:	siemens	model:	simatic s7-1200 plc	scope:	eq	version:	2.1	Trust: 0.6
vendor:	siemens	model:	simatic s7-1200 plc	scope:	eq	version:	3.0.0	Trust: 0.6
vendor:	siemens	model:	simatic s7-1200 plc	scope:	eq	version:	2.0	Trust: 0.6

sources: IVD: fa729f72-2352-11e6-abef-000c29c66e3d // IVD: 17e8971c-1f45-11e6-abef-000c29c66e3d // IVD: 148b6054-1f45-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-9290 // CNVD: CNVD-2012-9288 // BID: 57023 // JVNDB: JVNDB-2012-005982 // CNNVD: CNNVD-201304-455 // NVD: CVE-2013-0700

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-0700
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-0700
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201304-455
value:	HIGH
Trust: 0.6
IVD:	fa729f72-2352-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
IVD:	17e8971c-1f45-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
IVD:	148b6054-1f45-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULHUB:	VHN-60702
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-0700
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	fa729f72-2352-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	17e8971c-1f45-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	148b6054-1f45-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-60702
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: fa729f72-2352-11e6-abef-000c29c66e3d // IVD: 17e8971c-1f45-11e6-abef-000c29c66e3d // IVD: 148b6054-1f45-11e6-abef-000c29c66e3d // VULHUB: VHN-60702 // JVNDB: JVNDB-2012-005982 // CNNVD: CNNVD-201304-455 // NVD: CVE-2013-0700

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-60702 // JVNDB: JVNDB-2012-005982 // NVD: CVE-2013-0700

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201212-330 // CNNVD: CNNVD-201304-455

TYPE

Buffer overflow

Trust: 0.6

sources: IVD: fa729f72-2352-11e6-abef-000c29c66e3d // IVD: 17e8971c-1f45-11e6-abef-000c29c66e3d // IVD: 148b6054-1f45-11e6-abef-000c29c66e3d

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-005982

PATCH

title:	Top Page	url:	http://www.siemens.com/entry/cc/en/	Trust: 0.8
title:	SSA-724606: Denial-of-Service Vulnerabilities in SIMATIC S7-1200 PLCs	url:	http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf	Trust: 0.8
title:	シーメンスソリューションパートナー	url:	http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx	Trust: 0.8
title:	シーメンス・ジャパン株式会社	url:	http://www.siemens.com/answers/jp/ja/	Trust: 0.8
title:	Patch for SIEMENS SIMATIC TCP Packet Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/26797	Trust: 0.6
title:	SIEMENS SIMATIC SNMP Status Information Denial of Service Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/26796	Trust: 0.6

sources: CNVD: CNVD-2012-9290 // CNVD: CNVD-2012-9288 // JVNDB: JVNDB-2012-005982

EXTERNAL IDS

db:	NVD	id:	CVE-2013-0700	Trust: 3.4
db:	SIEMENS	id:	SSA-724606	Trust: 3.0
db:	BID	id:	57023	Trust: 2.2
db:	CNNVD	id:	CNNVD-201304-455	Trust: 1.2
db:	CNVD	id:	CNVD-2012-9288	Trust: 0.8
db:	CNVD	id:	CNVD-2012-9290	Trust: 0.8
db:	ICS CERT	id:	ICSA-14-079-01	Trust: 0.8
db:	JVNDB	id:	JVNDB-2012-005982	Trust: 0.8
db:	CNNVD	id:	CNNVD-201212-330	Trust: 0.6
db:	IVD	id:	FA729F72-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	17E8971C-1F45-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	148B6054-1F45-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	SECUNIA	id:	51628	Trust: 0.2
db:	VULHUB	id:	VHN-60702	Trust: 0.1
db:	PACKETSTORM	id:	119001	Trust: 0.1

sources: IVD: fa729f72-2352-11e6-abef-000c29c66e3d // IVD: 17e8971c-1f45-11e6-abef-000c29c66e3d // IVD: 148b6054-1f45-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-9290 // CNVD: CNVD-2012-9288 // VULHUB: VHN-60702 // BID: 57023 // JVNDB: JVNDB-2012-005982 // PACKETSTORM: 119001 // CNNVD: CNNVD-201212-330 // CNNVD: CNNVD-201304-455 // NVD: CVE-2013-0700

REFERENCES

url:	http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdf	Trust: 1.8
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-724606.pdf	Trust: 1.7
url:	http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-724606.pdfhttp	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0700	Trust: 0.8
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-079-01	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0700	Trust: 0.8
url:	http://www.securityfocus.com/bid/57023	Trust: 0.6
url:	http://subscriber.communications.siemens.com/	Trust: 0.3
url:	http://secunia.com/advisories/51628/	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=51628	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/blog/325/	Trust: 0.1
url:	http://secunia.com/advisories/51628/#comments	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2012-9290 // CNVD: CNVD-2012-9288 // VULHUB: VHN-60702 // BID: 57023 // JVNDB: JVNDB-2012-005982 // PACKETSTORM: 119001 // CNNVD: CNNVD-201212-330 // CNNVD: CNNVD-201304-455 // NVD: CVE-2013-0700

CREDITS

Prof. Dr. Hartmut Pohl and Arne Vidstrom

Trust: 0.6

sources: CNNVD: CNNVD-201212-330

SOURCES

db:	IVD	id:	fa729f72-2352-11e6-abef-000c29c66e3d
db:	IVD	id:	17e8971c-1f45-11e6-abef-000c29c66e3d
db:	IVD	id:	148b6054-1f45-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2012-9290
db:	CNVD	id:	CNVD-2012-9288
db:	VULHUB	id:	VHN-60702
db:	BID	id:	57023
db:	JVNDB	id:	JVNDB-2012-005982
db:	PACKETSTORM	id:	119001
db:	CNNVD	id:	CNNVD-201212-330
db:	CNNVD	id:	CNNVD-201304-455
db:	NVD	id:	CVE-2013-0700

LAST UPDATE DATE

2024-11-23T22:02:24.192000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-9290	date:	2012-12-25T00:00:00
db:	CNVD	id:	CNVD-2012-9288	date:	2012-12-25T00:00:00
db:	VULHUB	id:	VHN-60702	date:	2020-02-10T00:00:00
db:	BID	id:	57023	date:	2014-03-25T00:54:00
db:	JVNDB	id:	JVNDB-2012-005982	date:	2014-03-28T00:00:00
db:	CNNVD	id:	CNNVD-201212-330	date:	2012-12-25T00:00:00
db:	CNNVD	id:	CNNVD-201304-455	date:	2022-02-07T00:00:00
db:	NVD	id:	CVE-2013-0700	date:	2024-11-21T01:48:01.540

SOURCES RELEASE DATE

db:	IVD	id:	fa729f72-2352-11e6-abef-000c29c66e3d	date:	2013-04-22T00:00:00
db:	IVD	id:	17e8971c-1f45-11e6-abef-000c29c66e3d	date:	2012-12-25T00:00:00
db:	IVD	id:	148b6054-1f45-11e6-abef-000c29c66e3d	date:	2012-12-25T00:00:00
db:	CNVD	id:	CNVD-2012-9290	date:	2012-12-25T00:00:00
db:	CNVD	id:	CNVD-2012-9288	date:	2012-12-25T00:00:00
db:	VULHUB	id:	VHN-60702	date:	2013-04-22T00:00:00
db:	BID	id:	57023	date:	2012-12-21T00:00:00
db:	JVNDB	id:	JVNDB-2012-005982	date:	2013-04-23T00:00:00
db:	PACKETSTORM	id:	119001	date:	2012-12-21T08:03:21
db:	CNNVD	id:	CNNVD-201212-330	date:	2012-12-25T00:00:00
db:	CNNVD	id:	CNNVD-201304-455	date:	2013-04-22T00:00:00
db:	NVD	id:	CVE-2013-0700	date:	2013-04-22T03:27:13.047