Details of VAR-201404-0641

ID

VAR-201404-0641

CVE

CVE-2014-2733

TITLE

Siemens SINEMA Service disruption at the server (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-002197

DESCRIPTION

Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80. SINEMA Server is a Siemens industrial network management software that can quickly diagnose the communication status of industrial Ethernet, industrial switches SCALANCE, PROFINET and CP443-1, CP343-1, ET200 (PN) and other network devices. Siemens SINEMA Server is prone to a denial-of-service vulnerability. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. Versions prior to SINEMA server V12 SP1 are vulnerable

Trust: 3.15

sources: NVD: CVE-2014-2733 // JVNDB: JVNDB-2014-002197 // CNVD: CNVD-2014-02366 // BID: 66967 // IVD: 7d764e1e-463f-11e9-a596-000c29342cb1 // IVD: 0f8bf198-2352-11e6-abef-000c29c66e3d // IVD: 1eaab8ce-3d56-4f31-a763-9916be696f10 // VULHUB: VHN-70672 // VULMON: CVE-2014-2733

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.2

sources: IVD: 7d764e1e-463f-11e9-a596-000c29342cb1 // IVD: 0f8bf198-2352-11e6-abef-000c29c66e3d // IVD: 1eaab8ce-3d56-4f31-a763-9916be696f10 // CNVD: CNVD-2014-02366

AFFECTED PRODUCTS

vendor:	siemens	model:	sinema server	scope:	lte	version:	12.0	Trust: 1.0
vendor:	siemens	model:	sinema server	scope:	lt	version:	12 sp1	Trust: 0.8
vendor:	sinema server	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	siemens	model:	sinema server	scope:	eq	version:	12	Trust: 0.6
vendor:	siemens	model:	sinema server	scope:	eq	version:	12.0	Trust: 0.6

sources: IVD: 7d764e1e-463f-11e9-a596-000c29342cb1 // IVD: 0f8bf198-2352-11e6-abef-000c29c66e3d // IVD: 1eaab8ce-3d56-4f31-a763-9916be696f10 // CNVD: CNVD-2014-02366 // JVNDB: JVNDB-2014-002197 // CNNVD: CNNVD-201404-395 // NVD: CVE-2014-2733

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2733
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2733
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-02366
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201404-395
value:	MEDIUM
Trust: 0.6
IVD:	7d764e1e-463f-11e9-a596-000c29342cb1
value:	MEDIUM
Trust: 0.2
IVD:	0f8bf198-2352-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
IVD:	1eaab8ce-3d56-4f31-a763-9916be696f10
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-70672
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2014-2733
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-2733
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2014-02366
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7d764e1e-463f-11e9-a596-000c29342cb1
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	0f8bf198-2352-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	1eaab8ce-3d56-4f31-a763-9916be696f10
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-70672
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 7d764e1e-463f-11e9-a596-000c29342cb1 // IVD: 0f8bf198-2352-11e6-abef-000c29c66e3d // IVD: 1eaab8ce-3d56-4f31-a763-9916be696f10 // CNVD: CNVD-2014-02366 // VULHUB: VHN-70672 // VULMON: CVE-2014-2733 // JVNDB: JVNDB-2014-002197 // CNNVD: CNNVD-201404-395 // NVD: CVE-2014-2733

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-70672 // JVNDB: JVNDB-2014-002197 // NVD: CVE-2014-2733

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-395

TYPE

Input validation

Trust: 1.2

sources: IVD: 7d764e1e-463f-11e9-a596-000c29342cb1 // IVD: 0f8bf198-2352-11e6-abef-000c29c66e3d // IVD: 1eaab8ce-3d56-4f31-a763-9916be696f10 // CNNVD: CNNVD-201404-395

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002197

PATCH

title:	SSA-364879	url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf	Trust: 0.8
title:	Siemens SINEMA Server special HTTP request to handle remote denial of service vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/44896	Trust: 0.6
title:	NetworkingTools	url:	https://github.com/virajmane/NetworkingTools	Trust: 0.1
title:	-	url:	https://github.com/lisus18ikrak/testtttttttt	Trust: 0.1

sources: CNVD: CNVD-2014-02366 // VULMON: CVE-2014-2733 // JVNDB: JVNDB-2014-002197

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2733	Trust: 4.1
db:	ICS CERT	id:	ICSA-14-107-01	Trust: 2.6
db:	SIEMENS	id:	SSA-364879	Trust: 2.4
db:	CNNVD	id:	CNNVD-201404-395	Trust: 1.3
db:	CNVD	id:	CNVD-2014-02366	Trust: 1.2
db:	JVNDB	id:	JVNDB-2014-002197	Trust: 0.8
db:	SECUNIA	id:	58068	Trust: 0.6
db:	BID	id:	66967	Trust: 0.4
db:	IVD	id:	7D764E1E-463F-11E9-A596-000C29342CB1	Trust: 0.2
db:	IVD	id:	0F8BF198-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	1EAAB8CE-3D56-4F31-A763-9916BE696F10	Trust: 0.2
db:	VULHUB	id:	VHN-70672	Trust: 0.1
db:	VULMON	id:	CVE-2014-2733	Trust: 0.1

sources: IVD: 7d764e1e-463f-11e9-a596-000c29342cb1 // IVD: 0f8bf198-2352-11e6-abef-000c29c66e3d // IVD: 1eaab8ce-3d56-4f31-a763-9916be696f10 // CNVD: CNVD-2014-02366 // VULHUB: VHN-70672 // VULMON: CVE-2014-2733 // BID: 66967 // JVNDB: JVNDB-2014-002197 // CNNVD: CNNVD-201404-395 // NVD: CVE-2014-2733

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-107-01	Trust: 2.7
url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf	Trust: 2.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2733	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2733	Trust: 0.8
url:	http://secunia.com/advisories/58068	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34141	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2014-02366 // VULHUB: VHN-70672 // VULMON: CVE-2014-2733 // JVNDB: JVNDB-2014-002197 // CNNVD: CNNVD-201404-395 // NVD: CVE-2014-2733

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 66967

SOURCES

db:	IVD	id:	7d764e1e-463f-11e9-a596-000c29342cb1
db:	IVD	id:	0f8bf198-2352-11e6-abef-000c29c66e3d
db:	IVD	id:	1eaab8ce-3d56-4f31-a763-9916be696f10
db:	CNVD	id:	CNVD-2014-02366
db:	VULHUB	id:	VHN-70672
db:	VULMON	id:	CVE-2014-2733
db:	BID	id:	66967
db:	JVNDB	id:	JVNDB-2014-002197
db:	CNNVD	id:	CNNVD-201404-395
db:	NVD	id:	CVE-2014-2733

LAST UPDATE DATE

2024-08-14T14:46:46.613000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-02366	date:	2014-04-18T00:00:00
db:	VULHUB	id:	VHN-70672	date:	2014-04-21T00:00:00
db:	VULMON	id:	CVE-2014-2733	date:	2014-04-21T00:00:00
db:	BID	id:	66967	date:	2014-04-22T00:50:00
db:	JVNDB	id:	JVNDB-2014-002197	date:	2014-04-23T00:00:00
db:	CNNVD	id:	CNNVD-201404-395	date:	2014-04-23T00:00:00
db:	NVD	id:	CVE-2014-2733	date:	2014-04-21T19:31:57.517

SOURCES RELEASE DATE

db:	IVD	id:	7d764e1e-463f-11e9-a596-000c29342cb1	date:	2014-04-18T00:00:00
db:	IVD	id:	0f8bf198-2352-11e6-abef-000c29c66e3d	date:	2014-04-18T00:00:00
db:	IVD	id:	1eaab8ce-3d56-4f31-a763-9916be696f10	date:	2014-04-18T00:00:00
db:	CNVD	id:	CNVD-2014-02366	date:	2014-04-17T00:00:00
db:	VULHUB	id:	VHN-70672	date:	2014-04-19T00:00:00
db:	VULMON	id:	CVE-2014-2733	date:	2014-04-19T00:00:00
db:	BID	id:	66967	date:	2014-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2014-002197	date:	2014-04-23T00:00:00
db:	CNNVD	id:	CNNVD-201404-395	date:	2014-04-23T00:00:00
db:	NVD	id:	CVE-2014-2733	date:	2014-04-19T19:55:07.810