Details of VAR-201402-0263

ID

VAR-201402-0263

CVE

CVE-2014-1699

TITLE

SIEMENS SIMATIC WinCC Denial of service vulnerability

Trust: 0.8

sources: IVD: 3b596846-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00736

DESCRIPTION

Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attackers to cause a denial of service (monitoring-service outage) via malformed HTTP requests to port 4999. Based on the Windows platform, Siemens SIMATIC WinCC provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to multi-user systems supporting redundant servers and remote web client solutions. A security vulnerability exists in SIEMENS SIMATIC WinCC OA prior to 3.12. A remote attacker can exploit a vulnerability to cause a denial of service attack. SIEMENS SIMATIC WinCC Open Architecture is prone to denial-of-service vulnerability. The system is mainly applicable to industries such as rail transit, building automation and public power supply

Trust: 2.7

sources: NVD: CVE-2014-1699 // JVNDB: JVNDB-2014-001342 // CNVD: CNVD-2014-00736 // BID: 65347 // IVD: 3b596846-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-69638

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 3b596846-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00736

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic wincc open architecture	scope:	lte	version:	3.12	Trust: 1.0
vendor:	siemens	model:	simatic wincc oa	scope:	lt	version:	3.12 p002 january	Trust: 0.8
vendor:	siemens	model:	simatic wincc open architecture	scope:	lt	version:	3.12	Trust: 0.6
vendor:	siemens	model:	simatic wincc open architecture	scope:	eq	version:	3.12	Trust: 0.6
vendor:	siemens	model:	simatic wincc oa	scope:	eq	version:	3.12	Trust: 0.3
vendor:	siemens	model:	simatic wincc oa p002	scope:	ne	version:	3.12	Trust: 0.3
vendor:	simatic wincc open architecture	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 3b596846-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00736 // BID: 65347 // JVNDB: JVNDB-2014-001342 // CNNVD: CNNVD-201402-089 // NVD: CVE-2014-1699

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-1699
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-1699
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-00736
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201402-089
value:	MEDIUM
Trust: 0.6
IVD:	3b596846-2352-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-69638
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-1699
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-00736
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	3b596846-2352-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-69638
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 3b596846-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00736 // VULHUB: VHN-69638 // JVNDB: JVNDB-2014-001342 // CNNVD: CNNVD-201402-089 // NVD: CVE-2014-1699

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-69638 // JVNDB: JVNDB-2014-001342 // NVD: CVE-2014-1699

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-089

TYPE

Resource management error

Trust: 0.8

sources: IVD: 3b596846-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201402-089

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001342

PATCH

title:	SSA-342587	url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf	Trust: 0.8
title:	Patch for SIEMENS SIMATIC WinCC Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/43364	Trust: 0.6

sources: CNVD: CNVD-2014-00736 // JVNDB: JVNDB-2014-001342

EXTERNAL IDS

db:	NVD	id:	CVE-2014-1699	Trust: 3.6
db:	ICS CERT	id:	ICSA-14-035-01	Trust: 2.8
db:	BID	id:	65347	Trust: 2.0
db:	SIEMENS	id:	SSA-342587	Trust: 2.0
db:	SECUNIA	id:	56651	Trust: 1.1
db:	OSVDB	id:	102812	Trust: 1.1
db:	CNNVD	id:	CNNVD-201402-089	Trust: 0.9
db:	CNVD	id:	CNVD-2014-00736	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-001342	Trust: 0.8
db:	IVD	id:	3B596846-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-69638	Trust: 0.1

sources: IVD: 3b596846-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00736 // VULHUB: VHN-69638 // BID: 65347 // JVNDB: JVNDB-2014-001342 // CNNVD: CNNVD-201402-089 // NVD: CVE-2014-1699

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-035-01	Trust: 2.8
url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-342587.pdf	Trust: 2.0
url:	http://www.securityfocus.com/bid/65347	Trust: 1.7
url:	http://osvdb.org/102812	Trust: 1.1
url:	http://secunia.com/advisories/56651	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/90936	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1699	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1699	Trust: 0.8
url:	http://www.siemens.com/	Trust: 0.3
url:	http://www.securelist.com/en/advisories/56651	Trust: 0.3

sources: CNVD: CNVD-2014-00736 // VULHUB: VHN-69638 // BID: 65347 // JVNDB: JVNDB-2014-001342 // CNNVD: CNNVD-201402-089 // NVD: CVE-2014-1699

CREDITS

Gleb Gritsai, Ilya Karpov, and Kirill Nesterov.

Trust: 0.3

sources: BID: 65347

SOURCES

db:	IVD	id:	3b596846-2352-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-00736
db:	VULHUB	id:	VHN-69638
db:	BID	id:	65347
db:	JVNDB	id:	JVNDB-2014-001342
db:	CNNVD	id:	CNNVD-201402-089
db:	NVD	id:	CVE-2014-1699

LAST UPDATE DATE

2024-08-14T14:46:48.417000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-00736	date:	2014-02-13T00:00:00
db:	VULHUB	id:	VHN-69638	date:	2017-08-29T00:00:00
db:	BID	id:	65347	date:	2014-02-04T00:00:00
db:	JVNDB	id:	JVNDB-2014-001342	date:	2014-02-10T00:00:00
db:	CNNVD	id:	CNNVD-201402-089	date:	2014-02-11T00:00:00
db:	NVD	id:	CVE-2014-1699	date:	2017-08-29T01:34:27.623

SOURCES RELEASE DATE

db:	IVD	id:	3b596846-2352-11e6-abef-000c29c66e3d	date:	2014-02-13T00:00:00
db:	CNVD	id:	CNVD-2014-00736	date:	2014-02-12T00:00:00
db:	VULHUB	id:	VHN-69638	date:	2014-02-07T00:00:00
db:	BID	id:	65347	date:	2014-02-04T00:00:00
db:	JVNDB	id:	JVNDB-2014-001342	date:	2014-02-10T00:00:00
db:	CNNVD	id:	CNNVD-201402-089	date:	2014-02-11T00:00:00
db:	NVD	id:	CVE-2014-1699	date:	2014-02-07T04:52:04.457