ID

VAR-201407-0602


CVE

CVE-2014-4682


TITLE

Siemens SIMATIC WinCC and PCS7 WebNavigator Server Information Disclosure Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2014-04662 // BID: 68876

DESCRIPTION

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. Siemens SIMATIC WinCC and PCS7 are prone to an information-disclosure vulnerability. Siemens SIMATIC WinCC is the German Siemens ( Siemens ) The company's set of automated data collection and monitoring ( SCADA )system. The system provides process monitoring, data acquisition and other functions. PCS7 used with other products Siemens SIMATIC WinCC 7.3 previous version of WebNavigator There is a security hole in the server

Trust: 3.06

sources: NVD: CVE-2014-4682 // JVNDB: JVNDB-2014-003565 // CNVD: CNVD-2014-04662 // BID: 68876 // IVD: e2da5658-2351-11e6-abef-000c29c66e3d // IVD: 00716b3e-ff45-48a1-bc94-7cbfc25e11ed // IVD: 7d801221-463f-11e9-a98b-000c29342cb1 // VULHUB: VHN-72623

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.2

sources: IVD: e2da5658-2351-11e6-abef-000c29c66e3d // IVD: 00716b3e-ff45-48a1-bc94-7cbfc25e11ed // IVD: 7d801221-463f-11e9-a98b-000c29342cb1 // CNVD: CNVD-2014-04662

AFFECTED PRODUCTS

vendor:winccmodel: - scope:eqversion:6.0

Trust: 2.4

vendor:winccmodel: - scope:eqversion:7.0

Trust: 2.4

vendor:siemensmodel:winccscope:eqversion:6.0

Trust: 1.6

vendor:siemensmodel:winccscope:eqversion:7.1

Trust: 1.6

vendor:siemensmodel:winccscope:eqversion:7.0

Trust: 1.6

vendor:siemensmodel:simatic winccscope:ltversion:7.3

Trust: 1.4

vendor:winccmodel: - scope:eqversion:5.0

Trust: 1.2

vendor:winccmodel: - scope:eqversion:7.1

Trust: 1.2

vendor:siemensmodel:winccscope:eqversion:5.0

Trust: 1.0

vendor:siemensmodel:simatic pcs7scope:eqversion:7.1

Trust: 1.0

vendor:siemensmodel:simatic pcs7scope:lteversion:8.0

Trust: 1.0

vendor:siemensmodel:winccscope:lteversion:7.2

Trust: 1.0

vendor:siemensmodel:simatic pcs7scope:eqversion:8.0

Trust: 1.0

vendor:siemensmodel:simatic pcs 7scope:ltversion:8.1

Trust: 0.8

vendor:simatic pcs7model: - scope:eqversion:7.1

Trust: 0.6

vendor:simatic pcs7model: - scope:eqversion:8.0

Trust: 0.6

vendor:simatic pcs7model: - scope:eqversion:*

Trust: 0.6

vendor:winccmodel: - scope:eqversion:*

Trust: 0.6

vendor:siemensmodel:pcs7scope:ltversion:8.1

Trust: 0.6

vendor:siemensmodel:simatic winccscope:eqversion:6.2

Trust: 0.3

sources: IVD: e2da5658-2351-11e6-abef-000c29c66e3d // IVD: 00716b3e-ff45-48a1-bc94-7cbfc25e11ed // IVD: 7d801221-463f-11e9-a98b-000c29342cb1 // CNVD: CNVD-2014-04662 // BID: 68876 // JVNDB: JVNDB-2014-003565 // CNNVD: CNNVD-201407-602 // NVD: CVE-2014-4682

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-4682
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-4682
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-04662
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201407-602
value: MEDIUM

Trust: 0.6

IVD: e2da5658-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: 00716b3e-ff45-48a1-bc94-7cbfc25e11ed
value: MEDIUM

Trust: 0.2

IVD: 7d801221-463f-11e9-a98b-000c29342cb1
value: MEDIUM

Trust: 0.2

VULHUB: VHN-72623
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-4682
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-04662
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2da5658-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 00716b3e-ff45-48a1-bc94-7cbfc25e11ed
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 7d801221-463f-11e9-a98b-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-72623
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: e2da5658-2351-11e6-abef-000c29c66e3d // IVD: 00716b3e-ff45-48a1-bc94-7cbfc25e11ed // IVD: 7d801221-463f-11e9-a98b-000c29342cb1 // CNVD: CNVD-2014-04662 // VULHUB: VHN-72623 // JVNDB: JVNDB-2014-003565 // CNNVD: CNNVD-201407-602 // NVD: CVE-2014-4682

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-72623 // JVNDB: JVNDB-2014-003565 // NVD: CVE-2014-4682

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-602

TYPE

Information leakage

Trust: 0.6

sources: IVD: e2da5658-2351-11e6-abef-000c29c66e3d // IVD: 00716b3e-ff45-48a1-bc94-7cbfc25e11ed // IVD: 7d801221-463f-11e9-a98b-000c29342cb1

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003565

PATCH

title:SSA-214365url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf

Trust: 0.8

title:Patch for Siemens SIMATIC WinCC and PCS7 WebNavigator Server Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/47904

Trust: 0.6

sources: CNVD: CNVD-2014-04662 // JVNDB: JVNDB-2014-003565

EXTERNAL IDS

db:NVDid:CVE-2014-4682

Trust: 4.1

db:SIEMENSid:SSA-214365

Trust: 2.6

db:CNNVDid:CNNVD-201407-602

Trust: 1.3

db:CNVDid:CNVD-2014-04662

Trust: 1.2

db:ICS CERTid:ICSA-14-205-02

Trust: 1.1

db:BIDid:68876

Trust: 1.0

db:JVNDBid:JVNDB-2014-003565

Trust: 0.8

db:SECUNIAid:60392

Trust: 0.6

db:SECUNIAid:60388

Trust: 0.6

db:IVDid:E2DA5658-2351-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:00716B3E-FF45-48A1-BC94-7CBFC25E11ED

Trust: 0.2

db:IVDid:7D801221-463F-11E9-A98B-000C29342CB1

Trust: 0.2

db:PACKETSTORMid:127660

Trust: 0.2

db:VULHUBid:VHN-72623

Trust: 0.1

sources: IVD: e2da5658-2351-11e6-abef-000c29c66e3d // IVD: 00716b3e-ff45-48a1-bc94-7cbfc25e11ed // IVD: 7d801221-463f-11e9-a98b-000c29342cb1 // CNVD: CNVD-2014-04662 // VULHUB: VHN-72623 // BID: 68876 // JVNDB: JVNDB-2014-003565 // PACKETSTORM: 127660 // CNNVD: CNNVD-201407-602 // NVD: CVE-2014-4682

REFERENCES

url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf

Trust: 2.6

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4682

Trust: 1.4

url:https://ics-cert.us-cert.gov/advisories/icsa-14-205-02

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4682

Trust: 0.8

url:http://www.securityfocus.com/bid/68876

Trust: 0.6

url:http://secunia.com/advisories/60388

Trust: 0.6

url:http://secunia.com/advisories/60392

Trust: 0.6

url:http://www.siemens.com/

Trust: 0.3

url:http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/scada/simatic-wincc/pages/default.aspx

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2014-4684

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-4683

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-4685

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-4686

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-4682

Trust: 0.1

sources: CNVD: CNVD-2014-04662 // VULHUB: VHN-72623 // BID: 68876 // JVNDB: JVNDB-2014-003565 // PACKETSTORM: 127660 // CNNVD: CNNVD-201407-602 // NVD: CVE-2014-4682

CREDITS

Sergey Gordeychik, Alexander Tlyapov, Dmitry Nagibin, and Gleb Gritsai from Positive Technologies.

Trust: 0.3

sources: BID: 68876

SOURCES

db:IVDid:e2da5658-2351-11e6-abef-000c29c66e3d
db:IVDid:00716b3e-ff45-48a1-bc94-7cbfc25e11ed
db:IVDid:7d801221-463f-11e9-a98b-000c29342cb1
db:CNVDid:CNVD-2014-04662
db:VULHUBid:VHN-72623
db:BIDid:68876
db:JVNDBid:JVNDB-2014-003565
db:PACKETSTORMid:127660
db:CNNVDid:CNNVD-201407-602
db:NVDid:CVE-2014-4682

LAST UPDATE DATE

2024-08-14T13:34:53.319000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-04662date:2014-07-28T00:00:00
db:VULHUBid:VHN-72623date:2014-07-25T00:00:00
db:BIDid:68876date:2015-03-19T08:39:00
db:JVNDBid:JVNDB-2014-003565date:2014-08-05T00:00:00
db:CNNVDid:CNNVD-201407-602date:2014-07-25T00:00:00
db:NVDid:CVE-2014-4682date:2014-07-25T14:27:43.193

SOURCES RELEASE DATE

db:IVDid:e2da5658-2351-11e6-abef-000c29c66e3ddate:2014-07-28T00:00:00
db:IVDid:00716b3e-ff45-48a1-bc94-7cbfc25e11eddate:2014-07-28T00:00:00
db:IVDid:7d801221-463f-11e9-a98b-000c29342cb1date:2014-07-28T00:00:00
db:CNVDid:CNVD-2014-04662date:2014-07-28T00:00:00
db:VULHUBid:VHN-72623date:2014-07-24T00:00:00
db:BIDid:68876date:2014-07-24T00:00:00
db:JVNDBid:JVNDB-2014-003565date:2014-07-28T00:00:00
db:PACKETSTORMid:127660date:2014-07-29T22:37:22
db:CNNVDid:CNNVD-201407-602date:2014-07-25T00:00:00
db:NVDid:CVE-2014-4682date:2014-07-24T14:55:08.020