ID

VAR-201402-0263


CVE

CVE-2014-1699


TITLE

SIEMENS SIMATIC WinCC Denial of service vulnerability

Trust: 0.8

sources: IVD: 3b596846-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00736

DESCRIPTION

Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999. Based on the Windows platform, Siemens SIMATIC WinCC provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to multi-user systems supporting redundant servers and remote web client solutions. A security vulnerability exists in SIEMENS SIMATIC WinCC OA prior to 3.12. A remote attacker can exploit a vulnerability to cause a denial of service attack. SIEMENS SIMATIC WinCC Open Architecture is prone to denial-of-service vulnerability. The system is mainly applicable to industries such as rail transit, building automation and public power supply

Trust: 2.7

sources: NVD: CVE-2014-1699 // JVNDB: JVNDB-2014-001342 // CNVD: CNVD-2014-00736 // BID: 65347 // IVD: 3b596846-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-69638

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 3b596846-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00736

AFFECTED PRODUCTS

vendor:siemensmodel:simatic wincc open architecturescope:lteversion:3.12

Trust: 1.0

vendor:siemensmodel:simatic wincc oascope:ltversion:3.12 p002 january

Trust: 0.8

vendor:siemensmodel:simatic wincc open architecturescope:ltversion:3.12

Trust: 0.6

vendor:siemensmodel:simatic wincc open architecturescope:eqversion:3.12

Trust: 0.6

vendor:siemensmodel:simatic wincc oascope:eqversion:3.12

Trust: 0.3

vendor:siemensmodel:simatic wincc oa p002scope:neversion:3.12

Trust: 0.3

vendor:simatic wincc open architecturemodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 3b596846-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00736 // BID: 65347 // JVNDB: JVNDB-2014-001342 // CNNVD: CNNVD-201402-089 // NVD: CVE-2014-1699

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-1699
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-1699
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-00736
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201402-089
value: MEDIUM

Trust: 0.6

IVD: 3b596846-2352-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-69638
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-1699
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-00736
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 3b596846-2352-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-69638
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 3b596846-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00736 // VULHUB: VHN-69638 // JVNDB: JVNDB-2014-001342 // CNNVD: CNNVD-201402-089 // NVD: CVE-2014-1699

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-69638 // JVNDB: JVNDB-2014-001342 // NVD: CVE-2014-1699

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-089

TYPE

Resource management error

Trust: 0.8

sources: IVD: 3b596846-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201402-089

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001342

PATCH

title:SSA-342587url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf

Trust: 0.8

title:Patch for SIEMENS SIMATIC WinCC Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/43364

Trust: 0.6

sources: CNVD: CNVD-2014-00736 // JVNDB: JVNDB-2014-001342

EXTERNAL IDS

db:NVDid:CVE-2014-1699

Trust: 3.6

db:ICS CERTid:ICSA-14-035-01

Trust: 2.8

db:BIDid:65347

Trust: 2.0

db:SIEMENSid:SSA-342587

Trust: 2.0

db:SECUNIAid:56651

Trust: 1.1

db:OSVDBid:102812

Trust: 1.1

db:CNNVDid:CNNVD-201402-089

Trust: 0.9

db:CNVDid:CNVD-2014-00736

Trust: 0.8

db:JVNDBid:JVNDB-2014-001342

Trust: 0.8

db:IVDid:3B596846-2352-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-69638

Trust: 0.1

sources: IVD: 3b596846-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00736 // VULHUB: VHN-69638 // BID: 65347 // JVNDB: JVNDB-2014-001342 // CNNVD: CNNVD-201402-089 // NVD: CVE-2014-1699

REFERENCES

url:http://ics-cert.us-cert.gov/advisories/icsa-14-035-01

Trust: 2.8

url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf

Trust: 2.0

url:http://www.securityfocus.com/bid/65347

Trust: 1.7

url:http://osvdb.org/102812

Trust: 1.1

url:http://secunia.com/advisories/56651

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/90936

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1699

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1699

Trust: 0.8

url:http://www.siemens.com/

Trust: 0.3

url:http://www.securelist.com/en/advisories/56651

Trust: 0.3

sources: CNVD: CNVD-2014-00736 // VULHUB: VHN-69638 // BID: 65347 // JVNDB: JVNDB-2014-001342 // CNNVD: CNNVD-201402-089 // NVD: CVE-2014-1699

CREDITS

Gleb Gritsai, Ilya Karpov, and Kirill Nesterov.

Trust: 0.3

sources: BID: 65347

SOURCES

db:IVDid:3b596846-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-00736
db:VULHUBid:VHN-69638
db:BIDid:65347
db:JVNDBid:JVNDB-2014-001342
db:CNNVDid:CNNVD-201402-089
db:NVDid:CVE-2014-1699

LAST UPDATE DATE

2024-08-14T14:46:48.417000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-00736date:2014-02-13T00:00:00
db:VULHUBid:VHN-69638date:2017-08-29T00:00:00
db:BIDid:65347date:2014-02-04T00:00:00
db:JVNDBid:JVNDB-2014-001342date:2014-02-10T00:00:00
db:CNNVDid:CNNVD-201402-089date:2014-02-11T00:00:00
db:NVDid:CVE-2014-1699date:2017-08-29T01:34:27.623

SOURCES RELEASE DATE

db:IVDid:3b596846-2352-11e6-abef-000c29c66e3ddate:2014-02-13T00:00:00
db:CNVDid:CNVD-2014-00736date:2014-02-12T00:00:00
db:VULHUBid:VHN-69638date:2014-02-07T00:00:00
db:BIDid:65347date:2014-02-04T00:00:00
db:JVNDBid:JVNDB-2014-001342date:2014-02-10T00:00:00
db:CNNVDid:CNNVD-201402-089date:2014-02-11T00:00:00
db:NVDid:CVE-2014-1699date:2014-02-07T04:52:04.457