Details of VAR-201404-0639

ID

VAR-201404-0639

CVE

CVE-2014-2731

TITLE

Siemens SINEMA Server integration Web Vulnerability in arbitrary code execution on server

Trust: 0.8

sources: JVNDB: JVNDB-2014-002195

DESCRIPTION

Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80. SINEMA Server is a Siemens industrial network management software that can quickly diagnose the communication status of industrial Ethernet, industrial switches SCALANCE, PROFINET and CP443-1, CP343-1, ET200 (PN) and other network devices. Versions prior to SINEMA server V12 SP1 are vulnerable

Trust: 3.15

sources: NVD: CVE-2014-2731 // JVNDB: JVNDB-2014-002195 // CNVD: CNVD-2014-02364 // BID: 66968 // IVD: 7d76c34f-463f-11e9-b0f3-000c29342cb1 // IVD: 0f4ac132-2352-11e6-abef-000c29c66e3d // IVD: 296ec2e8-d1b0-4a83-9bef-af44a0568070 // VULHUB: VHN-70670 // VULMON: CVE-2014-2731

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.2

sources: IVD: 7d76c34f-463f-11e9-b0f3-000c29342cb1 // IVD: 0f4ac132-2352-11e6-abef-000c29c66e3d // IVD: 296ec2e8-d1b0-4a83-9bef-af44a0568070 // CNVD: CNVD-2014-02364

AFFECTED PRODUCTS

vendor:	siemens	model:	sinema server	scope:	lte	version:	12.0	Trust: 1.0
vendor:	siemens	model:	sinema server	scope:	lt	version:	12 sp1	Trust: 0.8
vendor:	sinema server	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	siemens	model:	sinema server	scope:	eq	version:	12	Trust: 0.6
vendor:	siemens	model:	sinema server	scope:	eq	version:	12.0	Trust: 0.6

sources: IVD: 7d76c34f-463f-11e9-b0f3-000c29342cb1 // IVD: 0f4ac132-2352-11e6-abef-000c29c66e3d // IVD: 296ec2e8-d1b0-4a83-9bef-af44a0568070 // CNVD: CNVD-2014-02364 // JVNDB: JVNDB-2014-002195 // CNNVD: CNNVD-201404-393 // NVD: CVE-2014-2731

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2731
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-2731
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-02364
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201404-393
value:	CRITICAL
Trust: 0.6
IVD:	7d76c34f-463f-11e9-b0f3-000c29342cb1
value:	CRITICAL
Trust: 0.2
IVD:	0f4ac132-2352-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
IVD:	296ec2e8-d1b0-4a83-9bef-af44a0568070
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-70670
value:	HIGH
Trust: 0.1
VULMON:	CVE-2014-2731
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-2731
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2014-02364
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7d76c34f-463f-11e9-b0f3-000c29342cb1
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	0f4ac132-2352-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	296ec2e8-d1b0-4a83-9bef-af44a0568070
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-70670
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 7d76c34f-463f-11e9-b0f3-000c29342cb1 // IVD: 0f4ac132-2352-11e6-abef-000c29c66e3d // IVD: 296ec2e8-d1b0-4a83-9bef-af44a0568070 // CNVD: CNVD-2014-02364 // VULHUB: VHN-70670 // VULMON: CVE-2014-2731 // JVNDB: JVNDB-2014-002195 // CNNVD: CNNVD-201404-393 // NVD: CVE-2014-2731

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2014-2731

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-393

TYPE

Code injection

Trust: 1.2

sources: IVD: 7d76c34f-463f-11e9-b0f3-000c29342cb1 // IVD: 0f4ac132-2352-11e6-abef-000c29c66e3d // IVD: 296ec2e8-d1b0-4a83-9bef-af44a0568070 // CNNVD: CNNVD-201404-393

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002195

PATCH

title:	SSA-364879	url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf	Trust: 0.8
title:	Siemens SINEMA Server has a patch for an unknown remote code execution vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/44893	Trust: 0.6
title:	NetworkingTools	url:	https://github.com/virajmane/NetworkingTools	Trust: 0.1
title:	-	url:	https://github.com/lisus18ikrak/testtttttttt	Trust: 0.1

sources: CNVD: CNVD-2014-02364 // VULMON: CVE-2014-2731 // JVNDB: JVNDB-2014-002195

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2731	Trust: 4.1
db:	ICS CERT	id:	ICSA-14-107-01	Trust: 2.6
db:	SIEMENS	id:	SSA-364879	Trust: 2.4
db:	CNNVD	id:	CNNVD-201404-393	Trust: 1.3
db:	CNVD	id:	CNVD-2014-02364	Trust: 1.2
db:	JVNDB	id:	JVNDB-2014-002195	Trust: 0.8
db:	SECUNIA	id:	58068	Trust: 0.6
db:	BID	id:	66968	Trust: 0.4
db:	IVD	id:	7D76C34F-463F-11E9-B0F3-000C29342CB1	Trust: 0.2
db:	IVD	id:	0F4AC132-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	296EC2E8-D1B0-4A83-9BEF-AF44A0568070	Trust: 0.2
db:	SEEBUG	id:	SSVID-62224	Trust: 0.1
db:	VULHUB	id:	VHN-70670	Trust: 0.1
db:	VULMON	id:	CVE-2014-2731	Trust: 0.1

sources: IVD: 7d76c34f-463f-11e9-b0f3-000c29342cb1 // IVD: 0f4ac132-2352-11e6-abef-000c29c66e3d // IVD: 296ec2e8-d1b0-4a83-9bef-af44a0568070 // CNVD: CNVD-2014-02364 // VULHUB: VHN-70670 // VULMON: CVE-2014-2731 // BID: 66968 // JVNDB: JVNDB-2014-002195 // CNNVD: CNNVD-201404-393 // NVD: CVE-2014-2731

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-107-01	Trust: 2.7
url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf	Trust: 2.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2731	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2731	Trust: 0.8
url:	http://secunia.com/advisories/58068	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34139	Trust: 0.1

sources: CNVD: CNVD-2014-02364 // VULHUB: VHN-70670 // VULMON: CVE-2014-2731 // JVNDB: JVNDB-2014-002195 // CNNVD: CNNVD-201404-393 // NVD: CVE-2014-2731

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 66968

SOURCES

db:	IVD	id:	7d76c34f-463f-11e9-b0f3-000c29342cb1
db:	IVD	id:	0f4ac132-2352-11e6-abef-000c29c66e3d
db:	IVD	id:	296ec2e8-d1b0-4a83-9bef-af44a0568070
db:	CNVD	id:	CNVD-2014-02364
db:	VULHUB	id:	VHN-70670
db:	VULMON	id:	CVE-2014-2731
db:	BID	id:	66968
db:	JVNDB	id:	JVNDB-2014-002195
db:	CNNVD	id:	CNNVD-201404-393
db:	NVD	id:	CVE-2014-2731

LAST UPDATE DATE

2024-08-14T14:46:46.670000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-02364	date:	2014-04-18T00:00:00
db:	VULHUB	id:	VHN-70670	date:	2014-04-21T00:00:00
db:	VULMON	id:	CVE-2014-2731	date:	2014-04-21T00:00:00
db:	BID	id:	66968	date:	2014-04-22T00:50:00
db:	JVNDB	id:	JVNDB-2014-002195	date:	2014-04-23T00:00:00
db:	CNNVD	id:	CNNVD-201404-393	date:	2014-04-23T00:00:00
db:	NVD	id:	CVE-2014-2731	date:	2014-04-21T19:28:08.697

SOURCES RELEASE DATE

db:	IVD	id:	7d76c34f-463f-11e9-b0f3-000c29342cb1	date:	2014-04-18T00:00:00
db:	IVD	id:	0f4ac132-2352-11e6-abef-000c29c66e3d	date:	2014-04-18T00:00:00
db:	IVD	id:	296ec2e8-d1b0-4a83-9bef-af44a0568070	date:	2014-04-18T00:00:00
db:	CNVD	id:	CNVD-2014-02364	date:	2014-04-17T00:00:00
db:	VULHUB	id:	VHN-70670	date:	2014-04-19T00:00:00
db:	VULMON	id:	CVE-2014-2731	date:	2014-04-19T00:00:00
db:	BID	id:	66968	date:	2014-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2014-002195	date:	2014-04-23T00:00:00
db:	CNNVD	id:	CNNVD-201404-393	date:	2014-04-23T00:00:00
db:	NVD	id:	CVE-2014-2731	date:	2014-04-19T19:55:07.763