ID

VAR-201404-0640


CVE

CVE-2014-2732


TITLE

Siemens SINEMA Server traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-002196

DESCRIPTION

Multiple directory traversal vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to access arbitrary files via HTTP traffic to port (1) 4999 or (2) 80. SINEMA Server is a Siemens industrial network management software that can quickly diagnose the communication status of industrial Ethernet, industrial switches SCALANCE, PROFINET and CP443-1, CP343-1, ET200 (PN) and other network devices. Siemens SINEMA server is prone to a directory-traversal vulnerability. Exploiting this issue can allow an attacker to gain access to arbitrary files. Information harvested may aid in launching further attacks. Versions prior to SINEMA server V12 SP1 are vulnerable

Trust: 3.15

sources: NVD: CVE-2014-2732 // JVNDB: JVNDB-2014-002196 // CNVD: CNVD-2014-02365 // BID: 66965 // IVD: afea3b0b-9f05-4e28-9e5d-d007c4488bda // IVD: 7d762710-463f-11e9-946a-000c29342cb1 // IVD: 0f408816-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-70671 // VULMON: CVE-2014-2732

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.2

sources: IVD: afea3b0b-9f05-4e28-9e5d-d007c4488bda // IVD: 7d762710-463f-11e9-946a-000c29342cb1 // IVD: 0f408816-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02365

AFFECTED PRODUCTS

vendor:siemensmodel:sinema serverscope:lteversion:12.0

Trust: 1.0

vendor:siemensmodel:sinema serverscope:ltversion:12 sp1

Trust: 0.8

vendor:sinema servermodel: - scope:eqversion:*

Trust: 0.6

vendor:siemensmodel:sinema serverscope:eqversion:12

Trust: 0.6

vendor:siemensmodel:sinema serverscope:eqversion:12.0

Trust: 0.6

sources: IVD: afea3b0b-9f05-4e28-9e5d-d007c4488bda // IVD: 7d762710-463f-11e9-946a-000c29342cb1 // IVD: 0f408816-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02365 // JVNDB: JVNDB-2014-002196 // CNNVD: CNNVD-201404-394 // NVD: CVE-2014-2732

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2732
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-2732
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-02365
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201404-394
value: MEDIUM

Trust: 0.6

IVD: afea3b0b-9f05-4e28-9e5d-d007c4488bda
value: MEDIUM

Trust: 0.2

IVD: 7d762710-463f-11e9-946a-000c29342cb1
value: MEDIUM

Trust: 0.2

IVD: 0f408816-2352-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-70671
value: MEDIUM

Trust: 0.1

VULMON: CVE-2014-2732
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-2732
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2014-02365
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: afea3b0b-9f05-4e28-9e5d-d007c4488bda
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 7d762710-463f-11e9-946a-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 0f408816-2352-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-70671
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: afea3b0b-9f05-4e28-9e5d-d007c4488bda // IVD: 7d762710-463f-11e9-946a-000c29342cb1 // IVD: 0f408816-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02365 // VULHUB: VHN-70671 // VULMON: CVE-2014-2732 // JVNDB: JVNDB-2014-002196 // CNNVD: CNNVD-201404-394 // NVD: CVE-2014-2732

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-70671 // JVNDB: JVNDB-2014-002196 // NVD: CVE-2014-2732

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-394

TYPE

Path traversal

Trust: 1.2

sources: IVD: afea3b0b-9f05-4e28-9e5d-d007c4488bda // IVD: 7d762710-463f-11e9-946a-000c29342cb1 // IVD: 0f408816-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201404-394

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002196

PATCH

title:SSA-364879url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf

Trust: 0.8

title:Imens SINEMA Server has an unspecified path traversing the remote information disclosure vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/44895

Trust: 0.6

title:NetworkingToolsurl:https://github.com/virajmane/NetworkingTools

Trust: 0.1

title: - url:https://github.com/lisus18ikrak/testtttttttt

Trust: 0.1

sources: CNVD: CNVD-2014-02365 // VULMON: CVE-2014-2732 // JVNDB: JVNDB-2014-002196

EXTERNAL IDS

db:NVDid:CVE-2014-2732

Trust: 4.1

db:ICS CERTid:ICSA-14-107-01

Trust: 2.6

db:SIEMENSid:SSA-364879

Trust: 2.4

db:BIDid:66965

Trust: 1.5

db:CNNVDid:CNNVD-201404-394

Trust: 1.3

db:CNVDid:CNVD-2014-02365

Trust: 1.2

db:JVNDBid:JVNDB-2014-002196

Trust: 0.8

db:SECUNIAid:58068

Trust: 0.6

db:IVDid:AFEA3B0B-9F05-4E28-9E5D-D007C4488BDA

Trust: 0.2

db:IVDid:7D762710-463F-11E9-946A-000C29342CB1

Trust: 0.2

db:IVDid:0F408816-2352-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-70671

Trust: 0.1

db:VULMONid:CVE-2014-2732

Trust: 0.1

sources: IVD: afea3b0b-9f05-4e28-9e5d-d007c4488bda // IVD: 7d762710-463f-11e9-946a-000c29342cb1 // IVD: 0f408816-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02365 // VULHUB: VHN-70671 // VULMON: CVE-2014-2732 // BID: 66965 // JVNDB: JVNDB-2014-002196 // CNNVD: CNNVD-201404-394 // NVD: CVE-2014-2732

REFERENCES

url:http://ics-cert.us-cert.gov/advisories/icsa-14-107-01

Trust: 2.7

url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf

Trust: 2.4

url:http://www.securityfocus.com/bid/66965

Trust: 1.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2732

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2732

Trust: 0.8

url:http://secunia.com/advisories/58068

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/22.html

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=34140

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2014-02365 // VULHUB: VHN-70671 // VULMON: CVE-2014-2732 // JVNDB: JVNDB-2014-002196 // CNNVD: CNNVD-201404-394 // NVD: CVE-2014-2732

CREDITS

Vendor reported this issue.

Trust: 0.3

sources: BID: 66965

SOURCES

db:IVDid:afea3b0b-9f05-4e28-9e5d-d007c4488bda
db:IVDid:7d762710-463f-11e9-946a-000c29342cb1
db:IVDid:0f408816-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-02365
db:VULHUBid:VHN-70671
db:VULMONid:CVE-2014-2732
db:BIDid:66965
db:JVNDBid:JVNDB-2014-002196
db:CNNVDid:CNNVD-201404-394
db:NVDid:CVE-2014-2732

LAST UPDATE DATE

2024-08-14T14:46:46.722000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-02365date:2014-04-18T00:00:00
db:VULHUBid:VHN-70671date:2015-10-08T00:00:00
db:VULMONid:CVE-2014-2732date:2015-10-08T00:00:00
db:BIDid:66965date:2014-04-22T01:00:00
db:JVNDBid:JVNDB-2014-002196date:2014-04-23T00:00:00
db:CNNVDid:CNNVD-201404-394date:2014-04-23T00:00:00
db:NVDid:CVE-2014-2732date:2015-10-08T14:51:06.893

SOURCES RELEASE DATE

db:IVDid:afea3b0b-9f05-4e28-9e5d-d007c4488bdadate:2014-04-18T00:00:00
db:IVDid:7d762710-463f-11e9-946a-000c29342cb1date:2014-04-18T00:00:00
db:IVDid:0f408816-2352-11e6-abef-000c29c66e3ddate:2014-04-18T00:00:00
db:CNVDid:CNVD-2014-02365date:2014-04-17T00:00:00
db:VULHUBid:VHN-70671date:2014-04-19T00:00:00
db:VULMONid:CVE-2014-2732date:2014-04-19T00:00:00
db:BIDid:66965date:2014-04-17T00:00:00
db:JVNDBid:JVNDB-2014-002196date:2014-04-23T00:00:00
db:CNNVDid:CNNVD-201404-394date:2014-04-23T00:00:00
db:NVDid:CVE-2014-2732date:2014-04-19T19:55:07.797