ID

VAR-201404-0641


CVE

CVE-2014-2733


TITLE

Siemens SINEMA Service disruption at the server (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2014-002197

DESCRIPTION

Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80. SINEMA Server is a Siemens industrial network management software that can quickly diagnose the communication status of industrial Ethernet, industrial switches SCALANCE, PROFINET and CP443-1, CP343-1, ET200 (PN) and other network devices. Siemens SINEMA Server is prone to a denial-of-service vulnerability. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. Versions prior to SINEMA server V12 SP1 are vulnerable

Trust: 3.15

sources: NVD: CVE-2014-2733 // JVNDB: JVNDB-2014-002197 // CNVD: CNVD-2014-02366 // BID: 66967 // IVD: 7d764e1e-463f-11e9-a596-000c29342cb1 // IVD: 0f8bf198-2352-11e6-abef-000c29c66e3d // IVD: 1eaab8ce-3d56-4f31-a763-9916be696f10 // VULHUB: VHN-70672 // VULMON: CVE-2014-2733

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.2

sources: IVD: 7d764e1e-463f-11e9-a596-000c29342cb1 // IVD: 0f8bf198-2352-11e6-abef-000c29c66e3d // IVD: 1eaab8ce-3d56-4f31-a763-9916be696f10 // CNVD: CNVD-2014-02366

AFFECTED PRODUCTS

vendor:siemensmodel:sinema serverscope:lteversion:12.0

Trust: 1.0

vendor:siemensmodel:sinema serverscope:ltversion:12 sp1

Trust: 0.8

vendor:sinema servermodel: - scope:eqversion:*

Trust: 0.6

vendor:siemensmodel:sinema serverscope:eqversion:12

Trust: 0.6

vendor:siemensmodel:sinema serverscope:eqversion:12.0

Trust: 0.6

sources: IVD: 7d764e1e-463f-11e9-a596-000c29342cb1 // IVD: 0f8bf198-2352-11e6-abef-000c29c66e3d // IVD: 1eaab8ce-3d56-4f31-a763-9916be696f10 // CNVD: CNVD-2014-02366 // JVNDB: JVNDB-2014-002197 // CNNVD: CNNVD-201404-395 // NVD: CVE-2014-2733

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2733
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-2733
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-02366
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201404-395
value: MEDIUM

Trust: 0.6

IVD: 7d764e1e-463f-11e9-a596-000c29342cb1
value: MEDIUM

Trust: 0.2

IVD: 0f8bf198-2352-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: 1eaab8ce-3d56-4f31-a763-9916be696f10
value: MEDIUM

Trust: 0.2

VULHUB: VHN-70672
value: MEDIUM

Trust: 0.1

VULMON: CVE-2014-2733
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-2733
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2014-02366
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7d764e1e-463f-11e9-a596-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 0f8bf198-2352-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 1eaab8ce-3d56-4f31-a763-9916be696f10
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-70672
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 7d764e1e-463f-11e9-a596-000c29342cb1 // IVD: 0f8bf198-2352-11e6-abef-000c29c66e3d // IVD: 1eaab8ce-3d56-4f31-a763-9916be696f10 // CNVD: CNVD-2014-02366 // VULHUB: VHN-70672 // VULMON: CVE-2014-2733 // JVNDB: JVNDB-2014-002197 // CNNVD: CNNVD-201404-395 // NVD: CVE-2014-2733

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-70672 // JVNDB: JVNDB-2014-002197 // NVD: CVE-2014-2733

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-395

TYPE

Input validation

Trust: 1.2

sources: IVD: 7d764e1e-463f-11e9-a596-000c29342cb1 // IVD: 0f8bf198-2352-11e6-abef-000c29c66e3d // IVD: 1eaab8ce-3d56-4f31-a763-9916be696f10 // CNNVD: CNNVD-201404-395

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002197

PATCH

title:SSA-364879url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf

Trust: 0.8

title:Siemens SINEMA Server special HTTP request to handle remote denial of service vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/44896

Trust: 0.6

title:NetworkingToolsurl:https://github.com/virajmane/NetworkingTools

Trust: 0.1

title: - url:https://github.com/lisus18ikrak/testtttttttt

Trust: 0.1

sources: CNVD: CNVD-2014-02366 // VULMON: CVE-2014-2733 // JVNDB: JVNDB-2014-002197

EXTERNAL IDS

db:NVDid:CVE-2014-2733

Trust: 4.1

db:ICS CERTid:ICSA-14-107-01

Trust: 2.6

db:SIEMENSid:SSA-364879

Trust: 2.4

db:CNNVDid:CNNVD-201404-395

Trust: 1.3

db:CNVDid:CNVD-2014-02366

Trust: 1.2

db:JVNDBid:JVNDB-2014-002197

Trust: 0.8

db:SECUNIAid:58068

Trust: 0.6

db:BIDid:66967

Trust: 0.4

db:IVDid:7D764E1E-463F-11E9-A596-000C29342CB1

Trust: 0.2

db:IVDid:0F8BF198-2352-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:1EAAB8CE-3D56-4F31-A763-9916BE696F10

Trust: 0.2

db:VULHUBid:VHN-70672

Trust: 0.1

db:VULMONid:CVE-2014-2733

Trust: 0.1

sources: IVD: 7d764e1e-463f-11e9-a596-000c29342cb1 // IVD: 0f8bf198-2352-11e6-abef-000c29c66e3d // IVD: 1eaab8ce-3d56-4f31-a763-9916be696f10 // CNVD: CNVD-2014-02366 // VULHUB: VHN-70672 // VULMON: CVE-2014-2733 // BID: 66967 // JVNDB: JVNDB-2014-002197 // CNNVD: CNNVD-201404-395 // NVD: CVE-2014-2733

REFERENCES

url:http://ics-cert.us-cert.gov/advisories/icsa-14-107-01

Trust: 2.7

url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-364879.pdf

Trust: 2.4

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2733

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2733

Trust: 0.8

url:http://secunia.com/advisories/58068

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=34141

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2014-02366 // VULHUB: VHN-70672 // VULMON: CVE-2014-2733 // JVNDB: JVNDB-2014-002197 // CNNVD: CNNVD-201404-395 // NVD: CVE-2014-2733

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 66967

SOURCES

db:IVDid:7d764e1e-463f-11e9-a596-000c29342cb1
db:IVDid:0f8bf198-2352-11e6-abef-000c29c66e3d
db:IVDid:1eaab8ce-3d56-4f31-a763-9916be696f10
db:CNVDid:CNVD-2014-02366
db:VULHUBid:VHN-70672
db:VULMONid:CVE-2014-2733
db:BIDid:66967
db:JVNDBid:JVNDB-2014-002197
db:CNNVDid:CNNVD-201404-395
db:NVDid:CVE-2014-2733

LAST UPDATE DATE

2024-08-14T14:46:46.613000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-02366date:2014-04-18T00:00:00
db:VULHUBid:VHN-70672date:2014-04-21T00:00:00
db:VULMONid:CVE-2014-2733date:2014-04-21T00:00:00
db:BIDid:66967date:2014-04-22T00:50:00
db:JVNDBid:JVNDB-2014-002197date:2014-04-23T00:00:00
db:CNNVDid:CNNVD-201404-395date:2014-04-23T00:00:00
db:NVDid:CVE-2014-2733date:2014-04-21T19:31:57.517

SOURCES RELEASE DATE

db:IVDid:7d764e1e-463f-11e9-a596-000c29342cb1date:2014-04-18T00:00:00
db:IVDid:0f8bf198-2352-11e6-abef-000c29c66e3ddate:2014-04-18T00:00:00
db:IVDid:1eaab8ce-3d56-4f31-a763-9916be696f10date:2014-04-18T00:00:00
db:CNVDid:CNVD-2014-02366date:2014-04-17T00:00:00
db:VULHUBid:VHN-70672date:2014-04-19T00:00:00
db:VULMONid:CVE-2014-2733date:2014-04-19T00:00:00
db:BIDid:66967date:2014-04-17T00:00:00
db:JVNDBid:JVNDB-2014-002197date:2014-04-23T00:00:00
db:CNNVDid:CNNVD-201404-395date:2014-04-23T00:00:00
db:NVDid:CVE-2014-2733date:2014-04-19T19:55:07.810