Sign-up

ID

VAR-201402-0262


CVE

CVE-2014-1698


TITLE

SIEMENS SIMATIC WinCC Open Architecture Information Disclosure Vulnerability

Trust: 1.1

sources: IVD: 3b5d689c-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00737 // BID: 65349

DESCRIPTION

Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to read arbitrary files via crafted packets to TCP port 4999. Based on the Windows platform, Siemens SIMATIC WinCC provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to multi-user systems supporting redundant servers and remote web client solutions. SIEMENS SIMATIC WinCC Open Architecture has an information disclosure vulnerability that can be exploited by remote attackers to obtain sensitive information. The system is mainly applicable to industries such as rail transit, building automation and public power supply. There is a directory traversal vulnerability in Siemens SIMATIC WinCC OA 3.12 and earlier versions

Trust: 2.7

sources: NVD: CVE-2014-1698 // JVNDB: JVNDB-2014-001341 // CNVD: CNVD-2014-00737 // BID: 65349 // IVD: 3b5d689c-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-69637

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 3b5d689c-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00737

AFFECTED PRODUCTS

vendor:siemensmodel:simatic wincc open architecturescope:lteversion:3.12

Trust: 1.0

vendor:siemensmodel:simatic wincc oascope:ltversion:3.12 p002 january

Trust: 0.8

vendor:siemensmodel:simatic wincc open architecturescope:ltversion:3.12

Trust: 0.6

vendor:siemensmodel:simatic wincc open architecturescope:eqversion:3.12

Trust: 0.6

vendor:simatic wincc open architecturemodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 3b5d689c-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00737 // JVNDB: JVNDB-2014-001341 // CNNVD: CNNVD-201402-088 // NVD: CVE-2014-1698

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-1698
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-1698
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-00737
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201402-088
value: MEDIUM

Trust: 0.6

IVD: 3b5d689c-2352-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-69637
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-1698
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-00737
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 3b5d689c-2352-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-69637
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 3b5d689c-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00737 // VULHUB: VHN-69637 // JVNDB: JVNDB-2014-001341 // CNNVD: CNNVD-201402-088 // NVD: CVE-2014-1698

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-69637 // JVNDB: JVNDB-2014-001341 // NVD: CVE-2014-1698

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-088

TYPE

Path traversal

Trust: 0.8

sources: IVD: 3b5d689c-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201402-088

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001341

PATCH
title:SSA-342587url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf
Trust: 0.8
title:SIEMENS SIMATIC WinCC Open Architecture Information Disclosure Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/43369
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-00737 // 
            
            
            
            JVNDB: JVNDB-2014-001341

EXTERNAL IDS
db:NVDid:CVE-2014-1698
Trust: 3.6
db:ICS CERTid:ICSA-14-035-01
Trust: 2.8
db:BIDid:65349
Trust: 2.0
db:SIEMENSid:SSA-342587
Trust: 2.0
db:SECUNIAid:56651
Trust: 1.1
db:OSVDBid:102811
Trust: 1.1
db:CNNVDid:CNNVD-201402-088
Trust: 0.9
db:CNVDid:CNVD-2014-00737
Trust: 0.8
db:JVNDBid:JVNDB-2014-001341
Trust: 0.8
db:IVDid:3B5D689C-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-69637
Trust: 0.1
sources:
            
            
            IVD: 3b5d689c-2352-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2014-00737 // 
            
            
            
            VULHUB: VHN-69637 // 
            
            
            
            BID: 65349 // 
            
            
            
            JVNDB: JVNDB-2014-001341 // 
            
            
            
            CNNVD: CNNVD-201402-088 // 
            
            
            
            NVD: CVE-2014-1698

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-14-035-01
Trust: 2.8
url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf
Trust: 2.0
url:http://www.securityfocus.com/bid/65349
Trust: 1.7
url:http://osvdb.org/102811
Trust: 1.1
url:http://secunia.com/advisories/56651
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/90935
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1698
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1698
Trust: 0.8
url:http://www.siemens.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-00737 // 
            
            
            
            VULHUB: VHN-69637 // 
            
            
            
            BID: 65349 // 
            
            
            
            JVNDB: JVNDB-2014-001341 // 
            
            
            
            CNNVD: CNNVD-201402-088 // 
            
            
            
            NVD: CVE-2014-1698

CREDITS
Gleb Gritsai, Ilya Karpov, and Kirill Nesterov of Positive Technologies
Trust: 0.3
sources:
            
            
            BID: 65349

SOURCES
db:IVDid:3b5d689c-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-00737
db:VULHUBid:VHN-69637
db:BIDid:65349
db:JVNDBid:JVNDB-2014-001341
db:CNNVDid:CNNVD-201402-088
db:NVDid:CVE-2014-1698

LAST UPDATE DATE
2024-08-14T14:46:48.545000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-00737date:2014-02-13T00:00:00
db:VULHUBid:VHN-69637date:2017-08-29T00:00:00
db:BIDid:65349date:2014-02-05T00:00:00
db:JVNDBid:JVNDB-2014-001341date:2014-02-10T00:00:00
db:CNNVDid:CNNVD-201402-088date:2014-02-11T00:00:00
db:NVDid:CVE-2014-1698date:2017-08-29T01:34:27.560

SOURCES RELEASE DATE
db:IVDid:3b5d689c-2352-11e6-abef-000c29c66e3ddate:2014-02-13T00:00:00
db:CNVDid:CNVD-2014-00737date:2014-02-12T00:00:00
db:VULHUBid:VHN-69637date:2014-02-07T00:00:00
db:BIDid:65349date:2014-02-05T00:00:00
db:JVNDBid:JVNDB-2014-001341date:2014-02-10T00:00:00
db:CNNVDid:CNNVD-201402-088date:2014-02-11T00:00:00
db:NVDid:CVE-2014-1698date:2014-02-07T04:52:04.443