Sign-up

ID

VAR-201306-0123


CVE

CVE-2013-3927


TITLE

Siemens COMOS Local Security Bypass Vulnerability

Trust: 0.8

sources: IVD: e55c58da-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-07763

DESCRIPTION

Unspecified vulnerability in the client library in Siemens COMOS 9.2 before 9.2.0.6.10 and 10.0 before 10.0.3.0.4 allows local users to obtain unintended write access to the database by leveraging read access. Siemens COMOS is Siemens' all-in-one software solution that designs and manages the entire plant and machinery assets throughout their lifecycle. Siemens COMOS is prone to a local security-bypass vulnerability. Local attackers can exploit this issue to bypass certain security restrictions and obtain sensitive information which may aid in further attacks. Versions prior to Siemens COMOS 10.0.3.0.4 and 9.2.0.6.10 are vulnerable

Trust: 2.7

sources: NVD: CVE-2013-3927 // JVNDB: JVNDB-2013-003075 // CNVD: CNVD-2013-07763 // BID: 60609 // IVD: e55c58da-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-63929

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e55c58da-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-07763

AFFECTED PRODUCTS

vendor:siemensmodel:comosscope:eqversion:9.2

Trust: 2.2

vendor:siemensmodel:comosscope:eqversion:10.0

Trust: 2.2

vendor:siemensmodel:comosscope:ltversion:9.2

Trust: 0.8

vendor:siemensmodel:comosscope:eqversion:9.2.0.6.10

Trust: 0.8

vendor:siemensmodel:comosscope:ltversion:10.0

Trust: 0.8

vendor:siemensmodel:comosscope:eqversion:10.0.3.0.4

Trust: 0.8

vendor:comosmodel: - scope:eqversion:9.2

Trust: 0.2

vendor:comosmodel: - scope:eqversion:10.0

Trust: 0.2

sources: IVD: e55c58da-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-07763 // JVNDB: JVNDB-2013-003075 // CNNVD: CNNVD-201306-291 // NVD: CVE-2013-3927

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3927
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3927
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-07763
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201306-291
value: MEDIUM

Trust: 0.6

IVD: e55c58da-2352-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-63929
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3927
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-07763
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e55c58da-2352-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-63929
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: e55c58da-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-07763 // VULHUB: VHN-63929 // JVNDB: JVNDB-2013-003075 // CNNVD: CNNVD-201306-291 // NVD: CVE-2013-3927

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2013-3927

THREAT TYPE

local

Trust: 0.9

sources: BID: 60609 // CNNVD: CNNVD-201306-291

TYPE

Access Validation Error

Trust: 0.3

sources: BID: 60609

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003075

PATCH
title:SSA-194865: Security Vulnerability in Siemens COMOSurl:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-194865.pdf
Trust: 0.8
title:Siemens COMOS Local Security Bypass Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/34711
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-07763 // 
            
            
            
            JVNDB: JVNDB-2013-003075

EXTERNAL IDS
db:NVDid:CVE-2013-3927
Trust: 3.6
db:SIEMENSid:SSA-194865
Trust: 2.3
db:BIDid:60609
Trust: 1.0
db:CNNVDid:CNNVD-201306-291
Trust: 0.9
db:CNVDid:CNVD-2013-07763
Trust: 0.8
db:ICS CERTid:ICSA-13-169-03
Trust: 0.8
db:JVNDBid:JVNDB-2013-003075
Trust: 0.8
db:IVDid:E55C58DA-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-63929
Trust: 0.1
sources:
            
            
            IVD: e55c58da-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-07763 // 
            
            
            
            VULHUB: VHN-63929 // 
            
            
            
            BID: 60609 // 
            
            
            
            JVNDB: JVNDB-2013-003075 // 
            
            
            
            CNNVD: CNNVD-201306-291 // 
            
            
            
            NVD: CVE-2013-3927

REFERENCES
url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-194865.pdf
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3927
Trust: 0.8
url:http://ics-cert.us-cert.gov/advisories/icsa-13-169-03
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3927
Trust: 0.8
url:http://subscriber.communications.siemens.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-07763 // 
            
            
            
            VULHUB: VHN-63929 // 
            
            
            
            BID: 60609 // 
            
            
            
            JVNDB: JVNDB-2013-003075 // 
            
            
            
            CNNVD: CNNVD-201306-291 // 
            
            
            
            NVD: CVE-2013-3927

CREDITS
Reported by the vendor
Trust: 0.3
sources:
            
            
            BID: 60609

SOURCES
db:IVDid:e55c58da-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-07763
db:VULHUBid:VHN-63929
db:BIDid:60609
db:JVNDBid:JVNDB-2013-003075
db:CNNVDid:CNNVD-201306-291
db:NVDid:CVE-2013-3927

LAST UPDATE DATE
2024-08-14T15:14:04.793000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-07763date:2013-06-20T00:00:00
db:VULHUBid:VHN-63929date:2013-06-19T00:00:00
db:BIDid:60609date:2013-06-19T06:57:00
db:JVNDBid:JVNDB-2013-003075date:2013-06-20T00:00:00
db:CNNVDid:CNNVD-201306-291date:2013-06-19T00:00:00
db:NVDid:CVE-2013-3927date:2013-06-19T04:00:00

SOURCES RELEASE DATE
db:IVDid:e55c58da-2352-11e6-abef-000c29c66e3ddate:2013-06-20T00:00:00
db:CNVDid:CNVD-2013-07763date:2013-06-20T00:00:00
db:VULHUBid:VHN-63929date:2013-06-18T00:00:00
db:BIDid:60609date:2013-06-18T00:00:00
db:JVNDBid:JVNDB-2013-003075date:2013-06-20T00:00:00
db:CNNVDid:CNNVD-201306-291date:2013-06-19T00:00:00
db:NVDid:CVE-2013-3927date:2013-06-18T18:55:09.350