ID

VAR-201308-0266


CVE

CVE-2013-4911


TITLE

Siemens SIMATIC WinCC TIA Portal Cross-Site Request Forgery Vulnerability

Trust: 1.4

sources: IVD: ce456e70-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-11280 // CNNVD: CNNVD-201307-681

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging improper configuration of SIMATIC HMI panels by the WinCC product. Based on the Windows platform, Siemens SIMATIC WinCC provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to multi-user systems supporting redundant servers and remote web client solutions. Siemens SIMATIC WinCC TIA Portal is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. Siemens SIMATIC WinCC TIA Portal prior to 12SP1 are vulnerable. The software enables fast and intuitive development and commissioning of automation systems. A remote attacker can exploit this vulnerability to hijack user authentication through incorrectly configured SIMATIC HMI panels of WinCC products

Trust: 2.7

sources: NVD: CVE-2013-4911 // JVNDB: JVNDB-2013-003626 // CNVD: CNVD-2013-11280 // BID: 61536 // IVD: ce456e70-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-64913

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: ce456e70-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-11280

AFFECTED PRODUCTS

vendor:siemensmodel:winccscope:eqversion:11.0

Trust: 1.6

vendor:siemensmodel:winccscope:eqversion:12.0

Trust: 1.6

vendor:siemensmodel:simatic winccscope:eqversion:11

Trust: 0.8

vendor:siemensmodel:simatic winccscope:ltversion:12

Trust: 0.8

vendor:siemensmodel:simatic winccscope:eqversion:12 sp1

Trust: 0.8

vendor:winccmodel: - scope:eqversion:11.0

Trust: 0.6

vendor:siemensmodel:simatic wincc tia portalscope:eqversion:12.x

Trust: 0.6

vendor:winccmodel: - scope:eqversion:12.0

Trust: 0.2

sources: IVD: ce456e70-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-11280 // JVNDB: JVNDB-2013-003626 // CNNVD: CNNVD-201307-681 // NVD: CVE-2013-4911

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-4911
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-4911
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-11280
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201307-681
value: MEDIUM

Trust: 0.6

IVD: ce456e70-2352-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-64913
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-4911
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-11280
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: ce456e70-2352-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-64913
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: ce456e70-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-11280 // VULHUB: VHN-64913 // JVNDB: JVNDB-2013-003626 // CNNVD: CNNVD-201307-681 // NVD: CVE-2013-4911

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-64913 // JVNDB: JVNDB-2013-003626 // NVD: CVE-2013-4911

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-681

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201307-681

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003626

PATCH

title:SSA-064884url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf

Trust: 0.8

title:Patch for Siemens SIMATIC WinCC TIA Portal cross-site request forgery vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/37986

Trust: 0.6

sources: CNVD: CNVD-2013-11280 // JVNDB: JVNDB-2013-003626

EXTERNAL IDS

db:NVDid:CVE-2013-4911

Trust: 3.7

db:BIDid:61536

Trust: 2.6

db:SIEMENSid:SSA-064884

Trust: 2.3

db:ICS CERTid:ICSA-13-213-02

Trust: 1.9

db:SECUNIAid:54051

Trust: 1.7

db:SECUNIAid:54252

Trust: 1.1

db:CNNVDid:CNNVD-201307-681

Trust: 0.9

db:CNVDid:CNVD-2013-11280

Trust: 0.8

db:JVNDBid:JVNDB-2013-003626

Trust: 0.8

db:IVDid:CE456E70-2352-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:PACKETSTORMid:122647

Trust: 0.2

db:VULHUBid:VHN-64913

Trust: 0.1

sources: IVD: ce456e70-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-11280 // VULHUB: VHN-64913 // BID: 61536 // JVNDB: JVNDB-2013-003626 // PACKETSTORM: 122647 // CNNVD: CNNVD-201307-681 // NVD: CVE-2013-4911

REFERENCES

url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf

Trust: 2.3

url:https://ics-cert.us-cert.gov/advisories/icsa-13-213-02

Trust: 1.9

url:http://www.securityfocus.com/bid/61536

Trust: 1.7

url:http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html

Trust: 1.1

url:http://secunia.com/advisories/54051

Trust: 1.1

url:http://secunia.com/advisories/54252

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/86099

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4911

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4911

Trust: 0.8

url:http://www.secunia.com/advisories/54051/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2013-4911

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-4912

Trust: 0.1

sources: CNVD: CNVD-2013-11280 // VULHUB: VHN-64913 // JVNDB: JVNDB-2013-003626 // PACKETSTORM: 122647 // CNNVD: CNNVD-201307-681 // NVD: CVE-2013-4911

CREDITS

Timur Yunusov and Sergey Bobrov from Positive Technologies

Trust: 0.9

sources: BID: 61536 // CNNVD: CNNVD-201307-681

SOURCES

db:IVDid:ce456e70-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-11280
db:VULHUBid:VHN-64913
db:BIDid:61536
db:JVNDBid:JVNDB-2013-003626
db:PACKETSTORMid:122647
db:CNNVDid:CNNVD-201307-681
db:NVDid:CVE-2013-4911

LAST UPDATE DATE

2024-08-14T15:19:16.822000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-11280date:2013-08-05T00:00:00
db:VULHUBid:VHN-64913date:2017-08-29T00:00:00
db:BIDid:61536date:2013-08-01T17:55:00
db:JVNDBid:JVNDB-2013-003626date:2013-08-05T00:00:00
db:CNNVDid:CNNVD-201307-681date:2013-08-06T00:00:00
db:NVDid:CVE-2013-4911date:2017-08-29T01:33:41.200

SOURCES RELEASE DATE

db:IVDid:ce456e70-2352-11e6-abef-000c29c66e3ddate:2013-08-05T00:00:00
db:CNVDid:CNVD-2013-11280date:2013-08-02T00:00:00
db:VULHUBid:VHN-64913date:2013-08-01T00:00:00
db:BIDid:61536date:2013-07-31T00:00:00
db:JVNDBid:JVNDB-2013-003626date:2013-08-05T00:00:00
db:PACKETSTORMid:122647date:2013-08-02T03:07:16
db:CNNVDid:CNNVD-201307-681date:2013-07-31T00:00:00
db:NVDid:CVE-2013-4911date:2013-08-01T13:32:26.113