Details of VAR-201403-0341

ID

VAR-201403-0341

CVE

CVE-2014-2247

TITLE

Siemens SIMATIC S7-1500 CPU PLC Device integration Web Server header insertion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-001707

DESCRIPTION

The integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject headers via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (Web Related to script on page HTML Improper detoxification of tags ) Has been identified. http://cwe.mitre.org/data/definitions/80.htmlThe header may be inserted by a third party. Siemens SIMATIC is an automation software in a single engineering environment. Siemens SIMATIC S7-1500 is prone to an HTTP response-splitting vulnerability. Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust. Versions prior to SIMATIC S7-1500 1.5.0 are vulnerable. A remote attacker could exploit this vulnerability to inject header data

Trust: 2.7

sources: NVD: CVE-2014-2247 // JVNDB: JVNDB-2014-001707 // CNVD: CNVD-2014-01723 // BID: 66185 // IVD: 25ca4cfc-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-70186

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 25ca4cfc-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01723

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic s7-1500 cpu	scope:	eq	version:	1.0.1	Trust: 1.6
vendor:	siemens	model:	simatic s7-1500 cpu	scope:	eq	version:	1.1.1	Trust: 1.6
vendor:	siemens	model:	simatic s7-1500 cpu	scope:	eq	version:	1.1.0	Trust: 1.6
vendor:	siemens	model:	simatic s7-1500 cpu	scope:	lte	version:	1.1.2	Trust: 1.0
vendor:	siemens	model:	simatic s7-1500 cpu	scope:	lt	version:	1.5.0	Trust: 0.8
vendor:	siemens	model:	simatic s7-1500	scope:	eq	version:	1.x	Trust: 0.6
vendor:	siemens	model:	simatic s7-1500 cpu	scope:	eq	version:	1.1.2	Trust: 0.6
vendor:	simatic s7 1500 cpu	model:	-	scope:	eq	version:	1.0.1	Trust: 0.2
vendor:	simatic s7 1500 cpu	model:	-	scope:	eq	version:	1.1.0	Trust: 0.2
vendor:	simatic s7 1500 cpu	model:	-	scope:	eq	version:	1.1.1	Trust: 0.2
vendor:	simatic s7 1500 cpu	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 25ca4cfc-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01723 // JVNDB: JVNDB-2014-001707 // CNNVD: CNNVD-201403-324 // NVD: CVE-2014-2247

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2247
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2247
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-01723
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201403-324
value:	MEDIUM
Trust: 0.6
IVD:	25ca4cfc-2352-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-70186
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-2247
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-01723
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	25ca4cfc-2352-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-70186
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 25ca4cfc-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01723 // VULHUB: VHN-70186 // JVNDB: JVNDB-2014-001707 // CNNVD: CNNVD-201403-324 // NVD: CVE-2014-2247

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2014-001707 // NVD: CVE-2014-2247

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-324

TYPE

other

Trust: 0.8

sources: IVD: 25ca4cfc-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201403-324

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001707

PATCH

title:	SSA-456423	url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf	Trust: 0.8
title:	Patch for Siemens SIMATIC S7-1500 HTML Injection Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/44305	Trust: 0.6
title:	Siemens SIMATIC S7-1500 CPU PLC Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=109066	Trust: 0.6

sources: CNVD: CNVD-2014-01723 // JVNDB: JVNDB-2014-001707 // CNNVD: CNNVD-201403-324

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2247	Trust: 3.6
db:	ICS CERT	id:	ICSA-14-073-01	Trust: 2.5
db:	SIEMENS	id:	SSA-456423	Trust: 2.3
db:	BID	id:	66185	Trust: 1.0
db:	CNNVD	id:	CNNVD-201403-324	Trust: 0.9
db:	CNVD	id:	CNVD-2014-01723	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-001707	Trust: 0.8
db:	IVD	id:	25CA4CFC-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-70186	Trust: 0.1

sources: IVD: 25ca4cfc-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01723 // VULHUB: VHN-70186 // BID: 66185 // JVNDB: JVNDB-2014-001707 // CNNVD: CNNVD-201403-324 // NVD: CVE-2014-2247

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-073-01	Trust: 2.5
url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-456423.pdf	Trust: 2.3
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-456423.pdf	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2247	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2247	Trust: 0.8

sources: CNVD: CNVD-2014-01723 // VULHUB: VHN-70186 // JVNDB: JVNDB-2014-001707 // CNNVD: CNNVD-201403-324 // NVD: CVE-2014-2247

CREDITS

Dmitry Serebryannikov, Ilya Karpov, Alexey Osipov, Yury Goltsev, Alex Timorin, Alexey Osipov, Ilya Karpov from Positive Technologies

Trust: 0.3

sources: BID: 66185

SOURCES

db:	IVD	id:	25ca4cfc-2352-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-01723
db:	VULHUB	id:	VHN-70186
db:	BID	id:	66185
db:	JVNDB	id:	JVNDB-2014-001707
db:	CNNVD	id:	CNNVD-201403-324
db:	NVD	id:	CVE-2014-2247

LAST UPDATE DATE

2024-11-23T21:45:20.013000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-01723	date:	2014-03-17T00:00:00
db:	VULHUB	id:	VHN-70186	date:	2020-02-10T00:00:00
db:	BID	id:	66185	date:	2014-03-19T02:03:00
db:	JVNDB	id:	JVNDB-2014-001707	date:	2014-03-31T00:00:00
db:	CNNVD	id:	CNNVD-201403-324	date:	2020-02-11T00:00:00
db:	NVD	id:	CVE-2014-2247	date:	2024-11-21T02:05:55.503

SOURCES RELEASE DATE

db:	IVD	id:	25ca4cfc-2352-11e6-abef-000c29c66e3d	date:	2014-03-17T00:00:00
db:	CNVD	id:	CNVD-2014-01723	date:	2014-03-17T00:00:00
db:	VULHUB	id:	VHN-70186	date:	2014-03-16T00:00:00
db:	BID	id:	66185	date:	2014-03-13T00:00:00
db:	JVNDB	id:	JVNDB-2014-001707	date:	2014-03-18T00:00:00
db:	CNNVD	id:	CNNVD-201403-324	date:	2014-03-19T00:00:00
db:	NVD	id:	CVE-2014-2247	date:	2014-03-16T14:06:45.803