Sign-up

ID

VAR-201407-0602


CVE

CVE-2014-4682


TITLE

Siemens SIMATIC WinCC and PCS7 WebNavigator Server Information Disclosure Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2014-04662 // BID: 68876

DESCRIPTION

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. Siemens SIMATIC WinCC and PCS7 are prone to an information-disclosure vulnerability. Siemens SIMATIC WinCC is the German Siemens ( Siemens ) The company's set of automated data collection and monitoring ( SCADA )system. The system provides process monitoring, data acquisition and other functions. PCS7 used with other products Siemens SIMATIC WinCC 7.3 previous version of WebNavigator There is a security hole in the server

Trust: 3.06

sources: NVD: CVE-2014-4682 // JVNDB: JVNDB-2014-003565 // CNVD: CNVD-2014-04662 // BID: 68876 // IVD: e2da5658-2351-11e6-abef-000c29c66e3d // IVD: 00716b3e-ff45-48a1-bc94-7cbfc25e11ed // IVD: 7d801221-463f-11e9-a98b-000c29342cb1 // VULHUB: VHN-72623

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.2

sources: IVD: e2da5658-2351-11e6-abef-000c29c66e3d // IVD: 00716b3e-ff45-48a1-bc94-7cbfc25e11ed // IVD: 7d801221-463f-11e9-a98b-000c29342cb1 // CNVD: CNVD-2014-04662

AFFECTED PRODUCTS

vendor:winccmodel: - scope:eqversion:6.0

Trust: 2.4

vendor:winccmodel: - scope:eqversion:7.0

Trust: 2.4

vendor:siemensmodel:winccscope:eqversion:6.0

Trust: 1.6

vendor:siemensmodel:winccscope:eqversion:7.1

Trust: 1.6

vendor:siemensmodel:winccscope:eqversion:7.0

Trust: 1.6

vendor:siemensmodel:simatic winccscope:ltversion:7.3

Trust: 1.4

vendor:winccmodel: - scope:eqversion:5.0

Trust: 1.2

vendor:winccmodel: - scope:eqversion:7.1

Trust: 1.2

vendor:siemensmodel:winccscope:eqversion:5.0

Trust: 1.0

vendor:siemensmodel:simatic pcs7scope:eqversion:7.1

Trust: 1.0

vendor:siemensmodel:simatic pcs7scope:lteversion:8.0

Trust: 1.0

vendor:siemensmodel:winccscope:lteversion:7.2

Trust: 1.0

vendor:siemensmodel:simatic pcs7scope:eqversion:8.0

Trust: 1.0

vendor:siemensmodel:simatic pcs 7scope:ltversion:8.1

Trust: 0.8

vendor:simatic pcs7model: - scope:eqversion:7.1

Trust: 0.6

vendor:simatic pcs7model: - scope:eqversion:8.0

Trust: 0.6

vendor:simatic pcs7model: - scope:eqversion:*

Trust: 0.6

vendor:winccmodel: - scope:eqversion:*

Trust: 0.6

vendor:siemensmodel:pcs7scope:ltversion:8.1

Trust: 0.6

vendor:siemensmodel:simatic winccscope:eqversion:6.2

Trust: 0.3

sources: IVD: e2da5658-2351-11e6-abef-000c29c66e3d // IVD: 00716b3e-ff45-48a1-bc94-7cbfc25e11ed // IVD: 7d801221-463f-11e9-a98b-000c29342cb1 // CNVD: CNVD-2014-04662 // BID: 68876 // JVNDB: JVNDB-2014-003565 // CNNVD: CNNVD-201407-602 // NVD: CVE-2014-4682

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-4682
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-4682
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-04662
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201407-602
value: MEDIUM

Trust: 0.6

IVD: e2da5658-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: 00716b3e-ff45-48a1-bc94-7cbfc25e11ed
value: MEDIUM

Trust: 0.2

IVD: 7d801221-463f-11e9-a98b-000c29342cb1
value: MEDIUM

Trust: 0.2

VULHUB: VHN-72623
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-4682
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-04662
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2da5658-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 00716b3e-ff45-48a1-bc94-7cbfc25e11ed
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 7d801221-463f-11e9-a98b-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-72623
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: e2da5658-2351-11e6-abef-000c29c66e3d // IVD: 00716b3e-ff45-48a1-bc94-7cbfc25e11ed // IVD: 7d801221-463f-11e9-a98b-000c29342cb1 // CNVD: CNVD-2014-04662 // VULHUB: VHN-72623 // JVNDB: JVNDB-2014-003565 // CNNVD: CNNVD-201407-602 // NVD: CVE-2014-4682

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-72623 // JVNDB: JVNDB-2014-003565 // NVD: CVE-2014-4682

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-602

TYPE

Information leakage

Trust: 0.6

sources: IVD: e2da5658-2351-11e6-abef-000c29c66e3d // IVD: 00716b3e-ff45-48a1-bc94-7cbfc25e11ed // IVD: 7d801221-463f-11e9-a98b-000c29342cb1

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003565

PATCH
title:SSA-214365url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf
Trust: 0.8
title:Patch for Siemens SIMATIC WinCC and PCS7 WebNavigator Server Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/47904
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-04662 // 
            
            
            
            JVNDB: JVNDB-2014-003565

EXTERNAL IDS
db:NVDid:CVE-2014-4682
Trust: 4.1
db:SIEMENSid:SSA-214365
Trust: 2.6
db:CNNVDid:CNNVD-201407-602
Trust: 1.3
db:CNVDid:CNVD-2014-04662
Trust: 1.2
db:ICS CERTid:ICSA-14-205-02
Trust: 1.1
db:BIDid:68876
Trust: 1.0
db:JVNDBid:JVNDB-2014-003565
Trust: 0.8
db:SECUNIAid:60392
Trust: 0.6
db:SECUNIAid:60388
Trust: 0.6
db:IVDid:E2DA5658-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:IVDid:00716B3E-FF45-48A1-BC94-7CBFC25E11ED
Trust: 0.2
db:IVDid:7D801221-463F-11E9-A98B-000C29342CB1
Trust: 0.2
db:PACKETSTORMid:127660
Trust: 0.2
db:VULHUBid:VHN-72623
Trust: 0.1
sources:
            
            
            IVD: e2da5658-2351-11e6-abef-000c29c66e3d // 
            
            
            
            IVD: 00716b3e-ff45-48a1-bc94-7cbfc25e11ed // 
            
            
            
            IVD: 7d801221-463f-11e9-a98b-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2014-04662 // 
            
            
            
            VULHUB: VHN-72623 // 
            
            
            
            BID: 68876 // 
            
            
            
            JVNDB: JVNDB-2014-003565 // 
            
            
            
            PACKETSTORM: 127660 // 
            
            
            
            CNNVD: CNNVD-201407-602 // 
            
            
            
            NVD: CVE-2014-4682

REFERENCES
url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf
Trust: 2.6
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4682
Trust: 1.4
url:https://ics-cert.us-cert.gov/advisories/icsa-14-205-02
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4682
Trust: 0.8
url:http://www.securityfocus.com/bid/68876
Trust: 0.6
url:http://secunia.com/advisories/60388
Trust: 0.6
url:http://secunia.com/advisories/60392
Trust: 0.6
url:http://www.siemens.com/
Trust: 0.3
url:http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/scada/simatic-wincc/pages/default.aspx
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2014-4684
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-4683
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-4685
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-4686
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-4682
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-04662 // 
            
            
            
            VULHUB: VHN-72623 // 
            
            
            
            BID: 68876 // 
            
            
            
            JVNDB: JVNDB-2014-003565 // 
            
            
            
            PACKETSTORM: 127660 // 
            
            
            
            CNNVD: CNNVD-201407-602 // 
            
            
            
            NVD: CVE-2014-4682

CREDITS
Sergey Gordeychik, Alexander Tlyapov, Dmitry Nagibin, and Gleb Gritsai from Positive Technologies.
Trust: 0.3
sources:
            
            
            BID: 68876

SOURCES
db:IVDid:e2da5658-2351-11e6-abef-000c29c66e3d
db:IVDid:00716b3e-ff45-48a1-bc94-7cbfc25e11ed
db:IVDid:7d801221-463f-11e9-a98b-000c29342cb1
db:CNVDid:CNVD-2014-04662
db:VULHUBid:VHN-72623
db:BIDid:68876
db:JVNDBid:JVNDB-2014-003565
db:PACKETSTORMid:127660
db:CNNVDid:CNNVD-201407-602
db:NVDid:CVE-2014-4682

LAST UPDATE DATE
2024-08-14T13:34:53.319000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-04662date:2014-07-28T00:00:00
db:VULHUBid:VHN-72623date:2014-07-25T00:00:00
db:BIDid:68876date:2015-03-19T08:39:00
db:JVNDBid:JVNDB-2014-003565date:2014-08-05T00:00:00
db:CNNVDid:CNNVD-201407-602date:2014-07-25T00:00:00
db:NVDid:CVE-2014-4682date:2014-07-25T14:27:43.193

SOURCES RELEASE DATE
db:IVDid:e2da5658-2351-11e6-abef-000c29c66e3ddate:2014-07-28T00:00:00
db:IVDid:00716b3e-ff45-48a1-bc94-7cbfc25e11eddate:2014-07-28T00:00:00
db:IVDid:7d801221-463f-11e9-a98b-000c29342cb1date:2014-07-28T00:00:00
db:CNVDid:CNVD-2014-04662date:2014-07-28T00:00:00
db:VULHUBid:VHN-72623date:2014-07-24T00:00:00
db:BIDid:68876date:2014-07-24T00:00:00
db:JVNDBid:JVNDB-2014-003565date:2014-07-28T00:00:00
db:PACKETSTORMid:127660date:2014-07-29T22:37:22
db:CNNVDid:CNNVD-201407-602date:2014-07-25T00:00:00
db:NVDid:CVE-2014-4682date:2014-07-24T14:55:08.020