ID

VAR-201308-0267


CVE

CVE-2013-4912


TITLE

Siemens SIMATIC WinCC TIA Portal URL Redirection Vulnerability

Trust: 0.8

sources: IVD: ce6aff78-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-11281

DESCRIPTION

Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product. Based on the Windows platform, Siemens SIMATIC WinCC provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to multi-user systems supporting redundant servers and remote web client solutions. Siemens SIMATIC WinCC TIA Portal is prone to a remote URL-redirection vulnerability. An attacker can leverage this issue by constructing a URI that includes a malicious site redirection. When an unsuspecting victim follows the URI, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Siemens SIMATIC WinCC TIA Portal prior to 12SP1 are vulnerable. The software enables fast and intuitive development and commissioning of automation systems

Trust: 2.7

sources: NVD: CVE-2013-4912 // JVNDB: JVNDB-2013-003627 // CNVD: CNVD-2013-11281 // BID: 61535 // IVD: ce6aff78-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-64914

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: ce6aff78-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-11281

AFFECTED PRODUCTS

vendor:siemensmodel:winccscope:eqversion:11.0

Trust: 1.6

vendor:siemensmodel:winccscope:eqversion:12.0

Trust: 1.6

vendor:siemensmodel:simatic winccscope:eqversion:11

Trust: 0.8

vendor:siemensmodel:simatic winccscope:ltversion:12

Trust: 0.8

vendor:siemensmodel:simatic winccscope:eqversion:12 sp1

Trust: 0.8

vendor:winccmodel: - scope:eqversion:11.0

Trust: 0.6

vendor:siemensmodel:simatic wincc tia portalscope:eqversion:12.x

Trust: 0.6

vendor:winccmodel: - scope:eqversion:12.0

Trust: 0.2

sources: IVD: ce6aff78-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-11281 // JVNDB: JVNDB-2013-003627 // CNNVD: CNNVD-201307-680 // NVD: CVE-2013-4912

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-4912
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-4912
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-11281
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201307-680
value: MEDIUM

Trust: 0.6

IVD: ce6aff78-2352-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-64914
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-4912
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-11281
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: ce6aff78-2352-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-64914
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: ce6aff78-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-11281 // VULHUB: VHN-64914 // JVNDB: JVNDB-2013-003627 // CNNVD: CNNVD-201307-680 // NVD: CVE-2013-4912

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-64914 // JVNDB: JVNDB-2013-003627 // NVD: CVE-2013-4912

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-680

TYPE

Input validation

Trust: 0.8

sources: IVD: ce6aff78-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201307-680

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003627

PATCH

title:SSA-064884url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf

Trust: 0.8

title:Patch for Siemens SIMATIC WinCC TIA Portal URL Redirection Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/37987

Trust: 0.6

sources: CNVD: CNVD-2013-11281 // JVNDB: JVNDB-2013-003627

EXTERNAL IDS

db:NVDid:CVE-2013-4912

Trust: 3.7

db:BIDid:61535

Trust: 2.6

db:SIEMENSid:SSA-064884

Trust: 2.3

db:ICS CERTid:ICSA-13-213-02

Trust: 1.9

db:SECUNIAid:54051

Trust: 1.7

db:SECUNIAid:54252

Trust: 1.1

db:CNNVDid:CNNVD-201307-680

Trust: 0.9

db:CNVDid:CNVD-2013-11281

Trust: 0.8

db:JVNDBid:JVNDB-2013-003627

Trust: 0.8

db:IVDid:CE6AFF78-2352-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-64914

Trust: 0.1

db:PACKETSTORMid:122647

Trust: 0.1

sources: IVD: ce6aff78-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-11281 // VULHUB: VHN-64914 // BID: 61535 // JVNDB: JVNDB-2013-003627 // PACKETSTORM: 122647 // CNNVD: CNNVD-201307-680 // NVD: CVE-2013-4912

REFERENCES

url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf

Trust: 2.3

url:https://ics-cert.us-cert.gov/advisories/icsa-13-213-02

Trust: 1.9

url:http://www.securityfocus.com/bid/61535

Trust: 1.7

url:http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html

Trust: 1.1

url:http://secunia.com/advisories/54051

Trust: 1.1

url:http://secunia.com/advisories/54252

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/86100

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4912

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4912

Trust: 0.8

url:http://www.secunia.com/advisories/54051/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2013-4911

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-4912

Trust: 0.1

sources: CNVD: CNVD-2013-11281 // VULHUB: VHN-64914 // JVNDB: JVNDB-2013-003627 // PACKETSTORM: 122647 // CNNVD: CNNVD-201307-680 // NVD: CVE-2013-4912

CREDITS

Timur Yunusov and Sergey Bobrov from Positive Technologies

Trust: 0.9

sources: BID: 61535 // CNNVD: CNNVD-201307-680

SOURCES

db:IVDid:ce6aff78-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-11281
db:VULHUBid:VHN-64914
db:BIDid:61535
db:JVNDBid:JVNDB-2013-003627
db:PACKETSTORMid:122647
db:CNNVDid:CNNVD-201307-680
db:NVDid:CVE-2013-4912

LAST UPDATE DATE

2024-08-14T15:19:16.868000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-11281date:2013-08-05T00:00:00
db:VULHUBid:VHN-64914date:2017-08-29T00:00:00
db:BIDid:61535date:2013-08-01T17:55:00
db:JVNDBid:JVNDB-2013-003627date:2013-08-05T00:00:00
db:CNNVDid:CNNVD-201307-680date:2013-08-06T00:00:00
db:NVDid:CVE-2013-4912date:2017-08-29T01:33:41.247

SOURCES RELEASE DATE

db:IVDid:ce6aff78-2352-11e6-abef-000c29c66e3ddate:2013-08-05T00:00:00
db:CNVDid:CNVD-2013-11281date:2013-08-02T00:00:00
db:VULHUBid:VHN-64914date:2013-08-01T00:00:00
db:BIDid:61535date:2013-07-31T00:00:00
db:JVNDBid:JVNDB-2013-003627date:2013-08-05T00:00:00
db:PACKETSTORMid:122647date:2013-08-02T03:07:16
db:CNNVDid:CNNVD-201307-680date:2013-07-31T00:00:00
db:NVDid:CVE-2013-4912date:2013-08-01T13:32:26.127