Details of VAR-201404-0640

ID

VAR-201404-0640

CVE

CVE-2014-2732

TITLE

Siemens SINEMA Server traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-002196

DESCRIPTION

Multiple directory traversal vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to access arbitrary files via HTTP traffic to port (1) 4999 or (2) 80. SINEMA Server is a Siemens industrial network management software that can quickly diagnose the communication status of industrial Ethernet, industrial switches SCALANCE, PROFINET and CP443-1, CP343-1, ET200 (PN) and other network devices. Siemens SINEMA server is prone to a directory-traversal vulnerability. Exploiting this issue can allow an attacker to gain access to arbitrary files. Information harvested may aid in launching further attacks. Versions prior to SINEMA server V12 SP1 are vulnerable

Trust: 3.15

sources: NVD: CVE-2014-2732 // JVNDB: JVNDB-2014-002196 // CNVD: CNVD-2014-02365 // BID: 66965 // IVD: afea3b0b-9f05-4e28-9e5d-d007c4488bda // IVD: 7d762710-463f-11e9-946a-000c29342cb1 // IVD: 0f408816-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-70671 // VULMON: CVE-2014-2732

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.2

sources: IVD: afea3b0b-9f05-4e28-9e5d-d007c4488bda // IVD: 7d762710-463f-11e9-946a-000c29342cb1 // IVD: 0f408816-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02365

AFFECTED PRODUCTS

vendor:	siemens	model:	sinema server	scope:	lte	version:	12.0	Trust: 1.0
vendor:	siemens	model:	sinema server	scope:	lt	version:	12 sp1	Trust: 0.8
vendor:	sinema server	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	siemens	model:	sinema server	scope:	eq	version:	12	Trust: 0.6
vendor:	siemens	model:	sinema server	scope:	eq	version:	12.0	Trust: 0.6

sources: IVD: afea3b0b-9f05-4e28-9e5d-d007c4488bda // IVD: 7d762710-463f-11e9-946a-000c29342cb1 // IVD: 0f408816-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02365 // JVNDB: JVNDB-2014-002196 // CNNVD: CNNVD-201404-394 // NVD: CVE-2014-2732

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2732
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2732
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-02365
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201404-394
value:	MEDIUM
Trust: 0.6
IVD:	afea3b0b-9f05-4e28-9e5d-d007c4488bda
value:	MEDIUM
Trust: 0.2
IVD:	7d762710-463f-11e9-946a-000c29342cb1
value:	MEDIUM
Trust: 0.2
IVD:	0f408816-2352-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-70671
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2014-2732
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-2732
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2014-02365
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	afea3b0b-9f05-4e28-9e5d-d007c4488bda
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	7d762710-463f-11e9-946a-000c29342cb1
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	0f408816-2352-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-70671
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: afea3b0b-9f05-4e28-9e5d-d007c4488bda // IVD: 7d762710-463f-11e9-946a-000c29342cb1 // IVD: 0f408816-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02365 // VULHUB: VHN-70671 // VULMON: CVE-2014-2732 // JVNDB: JVNDB-2014-002196 // CNNVD: CNNVD-201404-394 // NVD: CVE-2014-2732

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-70671 // JVNDB: JVNDB-2014-002196 // NVD: CVE-2014-2732

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-394

TYPE

Path traversal

Trust: 1.2

sources: IVD: afea3b0b-9f05-4e28-9e5d-d007c4488bda // IVD: 7d762710-463f-11e9-946a-000c29342cb1 // IVD: 0f408816-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201404-394

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002196

PATCH

title:	SSA-364879	url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf	Trust: 0.8
title:	Imens SINEMA Server has an unspecified path traversing the remote information disclosure vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/44895	Trust: 0.6
title:	NetworkingTools	url:	https://github.com/virajmane/NetworkingTools	Trust: 0.1
title:	-	url:	https://github.com/lisus18ikrak/testtttttttt	Trust: 0.1

sources: CNVD: CNVD-2014-02365 // VULMON: CVE-2014-2732 // JVNDB: JVNDB-2014-002196

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2732	Trust: 4.1
db:	ICS CERT	id:	ICSA-14-107-01	Trust: 2.6
db:	SIEMENS	id:	SSA-364879	Trust: 2.4
db:	BID	id:	66965	Trust: 1.5
db:	CNNVD	id:	CNNVD-201404-394	Trust: 1.3
db:	CNVD	id:	CNVD-2014-02365	Trust: 1.2
db:	JVNDB	id:	JVNDB-2014-002196	Trust: 0.8
db:	SECUNIA	id:	58068	Trust: 0.6
db:	IVD	id:	AFEA3B0B-9F05-4E28-9E5D-D007C4488BDA	Trust: 0.2
db:	IVD	id:	7D762710-463F-11E9-946A-000C29342CB1	Trust: 0.2
db:	IVD	id:	0F408816-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-70671	Trust: 0.1
db:	VULMON	id:	CVE-2014-2732	Trust: 0.1

sources: IVD: afea3b0b-9f05-4e28-9e5d-d007c4488bda // IVD: 7d762710-463f-11e9-946a-000c29342cb1 // IVD: 0f408816-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02365 // VULHUB: VHN-70671 // VULMON: CVE-2014-2732 // BID: 66965 // JVNDB: JVNDB-2014-002196 // CNNVD: CNNVD-201404-394 // NVD: CVE-2014-2732

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-107-01	Trust: 2.7
url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf	Trust: 2.4
url:	http://www.securityfocus.com/bid/66965	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2732	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2732	Trust: 0.8
url:	http://secunia.com/advisories/58068	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34140	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2014-02365 // VULHUB: VHN-70671 // VULMON: CVE-2014-2732 // JVNDB: JVNDB-2014-002196 // CNNVD: CNNVD-201404-394 // NVD: CVE-2014-2732

CREDITS

Vendor reported this issue.

Trust: 0.3

sources: BID: 66965

SOURCES

db:	IVD	id:	afea3b0b-9f05-4e28-9e5d-d007c4488bda
db:	IVD	id:	7d762710-463f-11e9-946a-000c29342cb1
db:	IVD	id:	0f408816-2352-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-02365
db:	VULHUB	id:	VHN-70671
db:	VULMON	id:	CVE-2014-2732
db:	BID	id:	66965
db:	JVNDB	id:	JVNDB-2014-002196
db:	CNNVD	id:	CNNVD-201404-394
db:	NVD	id:	CVE-2014-2732

LAST UPDATE DATE

2024-08-14T14:46:46.722000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-02365	date:	2014-04-18T00:00:00
db:	VULHUB	id:	VHN-70671	date:	2015-10-08T00:00:00
db:	VULMON	id:	CVE-2014-2732	date:	2015-10-08T00:00:00
db:	BID	id:	66965	date:	2014-04-22T01:00:00
db:	JVNDB	id:	JVNDB-2014-002196	date:	2014-04-23T00:00:00
db:	CNNVD	id:	CNNVD-201404-394	date:	2014-04-23T00:00:00
db:	NVD	id:	CVE-2014-2732	date:	2015-10-08T14:51:06.893

SOURCES RELEASE DATE

db:	IVD	id:	afea3b0b-9f05-4e28-9e5d-d007c4488bda	date:	2014-04-18T00:00:00
db:	IVD	id:	7d762710-463f-11e9-946a-000c29342cb1	date:	2014-04-18T00:00:00
db:	IVD	id:	0f408816-2352-11e6-abef-000c29c66e3d	date:	2014-04-18T00:00:00
db:	CNVD	id:	CNVD-2014-02365	date:	2014-04-17T00:00:00
db:	VULHUB	id:	VHN-70671	date:	2014-04-19T00:00:00
db:	VULMON	id:	CVE-2014-2732	date:	2014-04-19T00:00:00
db:	BID	id:	66965	date:	2014-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2014-002196	date:	2014-04-23T00:00:00
db:	CNNVD	id:	CNNVD-201404-394	date:	2014-04-23T00:00:00
db:	NVD	id:	CVE-2014-2732	date:	2014-04-19T19:55:07.797