ID

VAR-201404-0639


CVE

CVE-2014-2731


TITLE

Siemens SINEMA Server integration Web Vulnerability in arbitrary code execution on server

Trust: 0.8

sources: JVNDB: JVNDB-2014-002195

DESCRIPTION

Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80. SINEMA Server is a Siemens industrial network management software that can quickly diagnose the communication status of industrial Ethernet, industrial switches SCALANCE, PROFINET and CP443-1, CP343-1, ET200 (PN) and other network devices. Versions prior to SINEMA server V12 SP1 are vulnerable

Trust: 3.15

sources: NVD: CVE-2014-2731 // JVNDB: JVNDB-2014-002195 // CNVD: CNVD-2014-02364 // BID: 66968 // IVD: 7d76c34f-463f-11e9-b0f3-000c29342cb1 // IVD: 0f4ac132-2352-11e6-abef-000c29c66e3d // IVD: 296ec2e8-d1b0-4a83-9bef-af44a0568070 // VULHUB: VHN-70670 // VULMON: CVE-2014-2731

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.2

sources: IVD: 7d76c34f-463f-11e9-b0f3-000c29342cb1 // IVD: 0f4ac132-2352-11e6-abef-000c29c66e3d // IVD: 296ec2e8-d1b0-4a83-9bef-af44a0568070 // CNVD: CNVD-2014-02364

AFFECTED PRODUCTS

vendor:siemensmodel:sinema serverscope:lteversion:12.0

Trust: 1.0

vendor:siemensmodel:sinema serverscope:ltversion:12 sp1

Trust: 0.8

vendor:sinema servermodel: - scope:eqversion:*

Trust: 0.6

vendor:siemensmodel:sinema serverscope:eqversion:12

Trust: 0.6

vendor:siemensmodel:sinema serverscope:eqversion:12.0

Trust: 0.6

sources: IVD: 7d76c34f-463f-11e9-b0f3-000c29342cb1 // IVD: 0f4ac132-2352-11e6-abef-000c29c66e3d // IVD: 296ec2e8-d1b0-4a83-9bef-af44a0568070 // CNVD: CNVD-2014-02364 // JVNDB: JVNDB-2014-002195 // CNNVD: CNNVD-201404-393 // NVD: CVE-2014-2731

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2731
value: HIGH

Trust: 1.0

NVD: CVE-2014-2731
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-02364
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201404-393
value: CRITICAL

Trust: 0.6

IVD: 7d76c34f-463f-11e9-b0f3-000c29342cb1
value: CRITICAL

Trust: 0.2

IVD: 0f4ac132-2352-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

IVD: 296ec2e8-d1b0-4a83-9bef-af44a0568070
value: CRITICAL

Trust: 0.2

VULHUB: VHN-70670
value: HIGH

Trust: 0.1

VULMON: CVE-2014-2731
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-2731
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2014-02364
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7d76c34f-463f-11e9-b0f3-000c29342cb1
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 0f4ac132-2352-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 296ec2e8-d1b0-4a83-9bef-af44a0568070
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-70670
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 7d76c34f-463f-11e9-b0f3-000c29342cb1 // IVD: 0f4ac132-2352-11e6-abef-000c29c66e3d // IVD: 296ec2e8-d1b0-4a83-9bef-af44a0568070 // CNVD: CNVD-2014-02364 // VULHUB: VHN-70670 // VULMON: CVE-2014-2731 // JVNDB: JVNDB-2014-002195 // CNNVD: CNNVD-201404-393 // NVD: CVE-2014-2731

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2014-2731

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-393

TYPE

Code injection

Trust: 1.2

sources: IVD: 7d76c34f-463f-11e9-b0f3-000c29342cb1 // IVD: 0f4ac132-2352-11e6-abef-000c29c66e3d // IVD: 296ec2e8-d1b0-4a83-9bef-af44a0568070 // CNNVD: CNNVD-201404-393

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002195

PATCH

title:SSA-364879url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf

Trust: 0.8

title:Siemens SINEMA Server has a patch for an unknown remote code execution vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/44893

Trust: 0.6

title:NetworkingToolsurl:https://github.com/virajmane/NetworkingTools

Trust: 0.1

title: - url:https://github.com/lisus18ikrak/testtttttttt

Trust: 0.1

sources: CNVD: CNVD-2014-02364 // VULMON: CVE-2014-2731 // JVNDB: JVNDB-2014-002195

EXTERNAL IDS

db:NVDid:CVE-2014-2731

Trust: 4.1

db:ICS CERTid:ICSA-14-107-01

Trust: 2.6

db:SIEMENSid:SSA-364879

Trust: 2.4

db:CNNVDid:CNNVD-201404-393

Trust: 1.3

db:CNVDid:CNVD-2014-02364

Trust: 1.2

db:JVNDBid:JVNDB-2014-002195

Trust: 0.8

db:SECUNIAid:58068

Trust: 0.6

db:BIDid:66968

Trust: 0.4

db:IVDid:7D76C34F-463F-11E9-B0F3-000C29342CB1

Trust: 0.2

db:IVDid:0F4AC132-2352-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:296EC2E8-D1B0-4A83-9BEF-AF44A0568070

Trust: 0.2

db:SEEBUGid:SSVID-62224

Trust: 0.1

db:VULHUBid:VHN-70670

Trust: 0.1

db:VULMONid:CVE-2014-2731

Trust: 0.1

sources: IVD: 7d76c34f-463f-11e9-b0f3-000c29342cb1 // IVD: 0f4ac132-2352-11e6-abef-000c29c66e3d // IVD: 296ec2e8-d1b0-4a83-9bef-af44a0568070 // CNVD: CNVD-2014-02364 // VULHUB: VHN-70670 // VULMON: CVE-2014-2731 // BID: 66968 // JVNDB: JVNDB-2014-002195 // CNNVD: CNNVD-201404-393 // NVD: CVE-2014-2731

REFERENCES

url:http://ics-cert.us-cert.gov/advisories/icsa-14-107-01

Trust: 2.7

url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf

Trust: 2.4

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2731

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2731

Trust: 0.8

url:http://secunia.com/advisories/58068

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=34139

Trust: 0.1

sources: CNVD: CNVD-2014-02364 // VULHUB: VHN-70670 // VULMON: CVE-2014-2731 // JVNDB: JVNDB-2014-002195 // CNNVD: CNNVD-201404-393 // NVD: CVE-2014-2731

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 66968

SOURCES

db:IVDid:7d76c34f-463f-11e9-b0f3-000c29342cb1
db:IVDid:0f4ac132-2352-11e6-abef-000c29c66e3d
db:IVDid:296ec2e8-d1b0-4a83-9bef-af44a0568070
db:CNVDid:CNVD-2014-02364
db:VULHUBid:VHN-70670
db:VULMONid:CVE-2014-2731
db:BIDid:66968
db:JVNDBid:JVNDB-2014-002195
db:CNNVDid:CNNVD-201404-393
db:NVDid:CVE-2014-2731

LAST UPDATE DATE

2024-08-14T14:46:46.670000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-02364date:2014-04-18T00:00:00
db:VULHUBid:VHN-70670date:2014-04-21T00:00:00
db:VULMONid:CVE-2014-2731date:2014-04-21T00:00:00
db:BIDid:66968date:2014-04-22T00:50:00
db:JVNDBid:JVNDB-2014-002195date:2014-04-23T00:00:00
db:CNNVDid:CNNVD-201404-393date:2014-04-23T00:00:00
db:NVDid:CVE-2014-2731date:2014-04-21T19:28:08.697

SOURCES RELEASE DATE

db:IVDid:7d76c34f-463f-11e9-b0f3-000c29342cb1date:2014-04-18T00:00:00
db:IVDid:0f4ac132-2352-11e6-abef-000c29c66e3ddate:2014-04-18T00:00:00
db:IVDid:296ec2e8-d1b0-4a83-9bef-af44a0568070date:2014-04-18T00:00:00
db:CNVDid:CNVD-2014-02364date:2014-04-17T00:00:00
db:VULHUBid:VHN-70670date:2014-04-19T00:00:00
db:VULMONid:CVE-2014-2731date:2014-04-19T00:00:00
db:BIDid:66968date:2014-04-17T00:00:00
db:JVNDBid:JVNDB-2014-002195date:2014-04-23T00:00:00
db:CNNVDid:CNNVD-201404-393date:2014-04-23T00:00:00
db:NVDid:CVE-2014-2731date:2014-04-19T19:55:07.763