ID

VAR-201306-0123


CVE

CVE-2013-3927


TITLE

Siemens COMOS Local Security Bypass Vulnerability

Trust: 0.8

sources: IVD: e55c58da-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-07763

DESCRIPTION

Unspecified vulnerability in the client library in Siemens COMOS 9.2 before 9.2.0.6.10 and 10.0 before 10.0.3.0.4 allows local users to obtain unintended write access to the database by leveraging read access. Siemens COMOS is Siemens' all-in-one software solution that designs and manages the entire plant and machinery assets throughout their lifecycle. Siemens COMOS is prone to a local security-bypass vulnerability. Local attackers can exploit this issue to bypass certain security restrictions and obtain sensitive information which may aid in further attacks. Versions prior to Siemens COMOS 10.0.3.0.4 and 9.2.0.6.10 are vulnerable

Trust: 2.7

sources: NVD: CVE-2013-3927 // JVNDB: JVNDB-2013-003075 // CNVD: CNVD-2013-07763 // BID: 60609 // IVD: e55c58da-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-63929

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e55c58da-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-07763

AFFECTED PRODUCTS

vendor:siemensmodel:comosscope:eqversion:9.2

Trust: 2.2

vendor:siemensmodel:comosscope:eqversion:10.0

Trust: 2.2

vendor:siemensmodel:comosscope:ltversion:9.2

Trust: 0.8

vendor:siemensmodel:comosscope:eqversion:9.2.0.6.10

Trust: 0.8

vendor:siemensmodel:comosscope:ltversion:10.0

Trust: 0.8

vendor:siemensmodel:comosscope:eqversion:10.0.3.0.4

Trust: 0.8

vendor:comosmodel: - scope:eqversion:9.2

Trust: 0.2

vendor:comosmodel: - scope:eqversion:10.0

Trust: 0.2

sources: IVD: e55c58da-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-07763 // JVNDB: JVNDB-2013-003075 // CNNVD: CNNVD-201306-291 // NVD: CVE-2013-3927

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3927
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3927
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-07763
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201306-291
value: MEDIUM

Trust: 0.6

IVD: e55c58da-2352-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-63929
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3927
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-07763
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e55c58da-2352-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-63929
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: e55c58da-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-07763 // VULHUB: VHN-63929 // JVNDB: JVNDB-2013-003075 // CNNVD: CNNVD-201306-291 // NVD: CVE-2013-3927

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-3927

THREAT TYPE

local

Trust: 0.9

sources: BID: 60609 // CNNVD: CNNVD-201306-291

TYPE

Access Validation Error

Trust: 0.3

sources: BID: 60609

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003075

PATCH

title:SSA-194865: Security Vulnerability in Siemens COMOSurl:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-194865.pdf

Trust: 0.8

title:Siemens COMOS Local Security Bypass Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/34711

Trust: 0.6

sources: CNVD: CNVD-2013-07763 // JVNDB: JVNDB-2013-003075

EXTERNAL IDS

db:NVDid:CVE-2013-3927

Trust: 3.6

db:SIEMENSid:SSA-194865

Trust: 2.3

db:BIDid:60609

Trust: 1.0

db:CNNVDid:CNNVD-201306-291

Trust: 0.9

db:CNVDid:CNVD-2013-07763

Trust: 0.8

db:ICS CERTid:ICSA-13-169-03

Trust: 0.8

db:JVNDBid:JVNDB-2013-003075

Trust: 0.8

db:IVDid:E55C58DA-2352-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-63929

Trust: 0.1

sources: IVD: e55c58da-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-07763 // VULHUB: VHN-63929 // BID: 60609 // JVNDB: JVNDB-2013-003075 // CNNVD: CNNVD-201306-291 // NVD: CVE-2013-3927

REFERENCES

url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-194865.pdf

Trust: 2.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3927

Trust: 0.8

url:http://ics-cert.us-cert.gov/advisories/icsa-13-169-03

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3927

Trust: 0.8

url:http://subscriber.communications.siemens.com/

Trust: 0.3

sources: CNVD: CNVD-2013-07763 // VULHUB: VHN-63929 // BID: 60609 // JVNDB: JVNDB-2013-003075 // CNNVD: CNNVD-201306-291 // NVD: CVE-2013-3927

CREDITS

Reported by the vendor

Trust: 0.3

sources: BID: 60609

SOURCES

db:IVDid:e55c58da-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-07763
db:VULHUBid:VHN-63929
db:BIDid:60609
db:JVNDBid:JVNDB-2013-003075
db:CNNVDid:CNNVD-201306-291
db:NVDid:CVE-2013-3927

LAST UPDATE DATE

2024-08-14T15:14:04.793000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-07763date:2013-06-20T00:00:00
db:VULHUBid:VHN-63929date:2013-06-19T00:00:00
db:BIDid:60609date:2013-06-19T06:57:00
db:JVNDBid:JVNDB-2013-003075date:2013-06-20T00:00:00
db:CNNVDid:CNNVD-201306-291date:2013-06-19T00:00:00
db:NVDid:CVE-2013-3927date:2013-06-19T04:00:00

SOURCES RELEASE DATE

db:IVDid:e55c58da-2352-11e6-abef-000c29c66e3ddate:2013-06-20T00:00:00
db:CNVDid:CNVD-2013-07763date:2013-06-20T00:00:00
db:VULHUBid:VHN-63929date:2013-06-18T00:00:00
db:BIDid:60609date:2013-06-18T00:00:00
db:JVNDBid:JVNDB-2013-003075date:2013-06-20T00:00:00
db:CNNVDid:CNNVD-201306-291date:2013-06-19T00:00:00
db:NVDid:CVE-2013-3927date:2013-06-18T18:55:09.350