Sign-up

ID

VAR-201312-0469


CVE

CVE-2013-6840


TITLE

Siemens COMOS Vulnerable to gaining database privileges

Trust: 0.8

sources: JVNDB: JVNDB-2013-005501

DESCRIPTION

Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors. Siemens COMOS is a factory management software developed by Siemens. The attacker needs to be able to access the system as a windows user and must be able to access the COMOS object. Siemens COMOS is prone to a local privilege-escalation vulnerability. The following product versions are vulnerable: COMOS versions prior to 9.2 COMOS 9.2.x versions prior to 9.2.0.8.1 COMOS 10.0.x versions prior to 10.0.3.1.40 COMOS 10.1.x versions prior to 10.1.0.0.2. The software enables the holistic design and management of plant and machinery assets throughout their lifecycle

Trust: 2.88

sources: NVD: CVE-2013-6840 // JVNDB: JVNDB-2013-005501 // CNVD: CNVD-2013-14971 // BID: 64153 // IVD: 68c3a058-2352-11e6-abef-000c29c66e3d // IVD: 27a69e3e-1ef9-11e6-abef-000c29c66e3d // VULHUB: VHN-66842

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 68c3a058-2352-11e6-abef-000c29c66e3d // IVD: 27a69e3e-1ef9-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14971

AFFECTED PRODUCTS

vendor:siemensmodel:comosscope:eqversion:9.2

Trust: 2.2

vendor:siemensmodel:comosscope:eqversion:10.0

Trust: 2.2

vendor:siemensmodel:comosscope:eqversion:10.1

Trust: 2.2

vendor:siemensmodel:comosscope:eqversion:9.2.0.6.10

Trust: 1.6

vendor:siemensmodel:comosscope:eqversion:10.0.3.0.4

Trust: 1.6

vendor:siemensmodel:comosscope:eqversion:10.1.0.0.2

Trust: 0.8

vendor:siemensmodel:comosscope:ltversion:10.1

Trust: 0.8

vendor:siemensmodel:comosscope:eqversion:10.0.3.1.40

Trust: 0.8

vendor:siemensmodel:comosscope:ltversion:10.0

Trust: 0.8

vendor:comosmodel: - scope:eqversion:9.2

Trust: 0.4

vendor:comosmodel: - scope:eqversion:9.2.0.6.10

Trust: 0.4

vendor:comosmodel: - scope:eqversion:10.0

Trust: 0.4

vendor:comosmodel: - scope:eqversion:10.0.3.0.4

Trust: 0.4

vendor:comosmodel: - scope:eqversion:10.1

Trust: 0.4

sources: IVD: 68c3a058-2352-11e6-abef-000c29c66e3d // IVD: 27a69e3e-1ef9-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14971 // JVNDB: JVNDB-2013-005501 // CNNVD: CNNVD-201312-174 // NVD: CVE-2013-6840

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6840
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6840
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-14971
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201312-174
value: MEDIUM

Trust: 0.6

IVD: 68c3a058-2352-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: 27a69e3e-1ef9-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-66842
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6840
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-14971
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 68c3a058-2352-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 27a69e3e-1ef9-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-66842
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 68c3a058-2352-11e6-abef-000c29c66e3d // IVD: 27a69e3e-1ef9-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14971 // VULHUB: VHN-66842 // JVNDB: JVNDB-2013-005501 // CNNVD: CNNVD-201312-174 // NVD: CVE-2013-6840

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-66842 // JVNDB: JVNDB-2013-005501 // NVD: CVE-2013-6840

THREAT TYPE

local

Trust: 0.9

sources: BID: 64153 // CNNVD: CNNVD-201312-174

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201312-174

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005501

PATCH
title:SSA-568732url:https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-568732.pdf
Trust: 0.8
title:Siemens COMOS Database Access Privilege Escalation Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/41533
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-14971 // 
            
            
            
            JVNDB: JVNDB-2013-005501

EXTERNAL IDS
db:NVDid:CVE-2013-6840
Trust: 3.8
db:BIDid:64153
Trust: 2.6
db:SECUNIAid:56010
Trust: 2.3
db:SIEMENSid:SSA-568732
Trust: 2.3
db:CNNVDid:CNNVD-201312-174
Trust: 1.1
db:CNVDid:CNVD-2013-14971
Trust: 1.0
db:ICS CERTid:ICSA-13-347-01
Trust: 0.8
db:JVNDBid:JVNDB-2013-005501
Trust: 0.8
db:IVDid:68C3A058-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:IVDid:27A69E3E-1EF9-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:SEEBUGid:SSVID-89635
Trust: 0.1
db:VULHUBid:VHN-66842
Trust: 0.1
sources:
            
            
            IVD: 68c3a058-2352-11e6-abef-000c29c66e3d // 
            
            
            
            IVD: 27a69e3e-1ef9-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-14971 // 
            
            
            
            VULHUB: VHN-66842 // 
            
            
            
            BID: 64153 // 
            
            
            
            JVNDB: JVNDB-2013-005501 // 
            
            
            
            CNNVD: CNNVD-201312-174 // 
            
            
            
            NVD: CVE-2013-6840

REFERENCES
url:https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-568732.pdf
Trust: 2.3
url:http://www.securityfocus.com/bid/64153
Trust: 1.7
url:http://secunia.com/advisories/56010
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6840
Trust: 0.8
url:http://ics-cert.us-cert.gov/advisories/icsa-13-347-01
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6840
Trust: 0.8
url:http://secunia.com/advisories/56010/
Trust: 0.6
url:http://subscriber.communications.siemens.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-14971 // 
            
            
            
            VULHUB: VHN-66842 // 
            
            
            
            BID: 64153 // 
            
            
            
            JVNDB: JVNDB-2013-005501 // 
            
            
            
            CNNVD: CNNVD-201312-174 // 
            
            
            
            NVD: CVE-2013-6840

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 64153

SOURCES
db:IVDid:68c3a058-2352-11e6-abef-000c29c66e3d
db:IVDid:27a69e3e-1ef9-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-14971
db:VULHUBid:VHN-66842
db:BIDid:64153
db:JVNDBid:JVNDB-2013-005501
db:CNNVDid:CNNVD-201312-174
db:NVDid:CVE-2013-6840

LAST UPDATE DATE
2024-08-14T15:35:07.452000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-14971date:2013-12-12T00:00:00
db:VULHUBid:VHN-66842date:2013-12-12T00:00:00
db:BIDid:64153date:2013-12-17T00:47:00
db:JVNDBid:JVNDB-2013-005501date:2013-12-16T00:00:00
db:CNNVDid:CNNVD-201312-174date:2013-12-12T00:00:00
db:NVDid:CVE-2013-6840date:2013-12-12T17:11:35.430

SOURCES RELEASE DATE
db:IVDid:68c3a058-2352-11e6-abef-000c29c66e3ddate:2013-12-12T00:00:00
db:IVDid:27a69e3e-1ef9-11e6-abef-000c29c66e3ddate:2013-12-12T00:00:00
db:CNVDid:CNVD-2013-14971date:2013-12-11T00:00:00
db:VULHUBid:VHN-66842date:2013-12-10T00:00:00
db:BIDid:64153date:2013-12-06T00:00:00
db:JVNDBid:JVNDB-2013-005501date:2013-12-16T00:00:00
db:CNNVDid:CNNVD-201312-174date:2013-12-12T00:00:00
db:NVDid:CVE-2013-6840date:2013-12-10T16:55:25.853