Details of VAR-201407-0606

ID

VAR-201407-0606

CVE

CVE-2014-4686

TITLE

Siemens SIMATIC PCS 7 Used in products such as SIMATIC WinCC Vulnerabilities in which important information is obtained in project management applications

Trust: 0.8

sources: JVNDB: JVNDB-2014-003569

DESCRIPTION

The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during the sniffing of network traffic on TCP port 1030. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A privilege elevation vulnerability exists in Siemens SIMATIC WinCC and PCS7 that allows an attacker to exploit the vulnerability to gain administrative access on the affected device. Siemens SIMATIC WinCC and PCS7 are prone to a privilege-escalation vulnerability. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions

Trust: 3.06

sources: NVD: CVE-2014-4686 // JVNDB: JVNDB-2014-003569 // CNVD: CNVD-2014-04643 // BID: 68875 // IVD: ea209009-7fdb-4811-b130-403cdc16f255 // IVD: 7d720861-463f-11e9-a37c-000c29342cb1 // IVD: e2ce69a6-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-72627

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.2

sources: IVD: ea209009-7fdb-4811-b130-403cdc16f255 // IVD: 7d720861-463f-11e9-a37c-000c29342cb1 // IVD: e2ce69a6-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-04643

AFFECTED PRODUCTS

vendor:	wincc	model:	-	scope:	eq	version:	6.0	Trust: 2.4
vendor:	wincc	model:	-	scope:	eq	version:	7.0	Trust: 2.4
vendor:	siemens	model:	wincc	scope:	eq	version:	6.0	Trust: 1.6
vendor:	siemens	model:	wincc	scope:	eq	version:	5.0	Trust: 1.6
vendor:	siemens	model:	wincc	scope:	eq	version:	7.0	Trust: 1.6
vendor:	siemens	model:	simatic wincc	scope:	lt	version:	7.3	Trust: 1.4
vendor:	wincc	model:	-	scope:	eq	version:	5.0	Trust: 1.2
vendor:	wincc	model:	-	scope:	eq	version:	7.1	Trust: 1.2
vendor:	siemens	model:	wincc	scope:	eq	version:	7.1	Trust: 1.0
vendor:	siemens	model:	simatic pcs7	scope:	eq	version:	7.1	Trust: 1.0
vendor:	siemens	model:	simatic pcs7	scope:	lte	version:	8.0	Trust: 1.0
vendor:	siemens	model:	wincc	scope:	lte	version:	7.2	Trust: 1.0
vendor:	siemens	model:	simatic pcs7	scope:	eq	version:	8.0	Trust: 1.0
vendor:	siemens	model:	simatic pcs 7	scope:	lt	version:	8.1	Trust: 0.8
vendor:	simatic pcs7	model:	-	scope:	eq	version:	7.1	Trust: 0.6
vendor:	simatic pcs7	model:	-	scope:	eq	version:	8.0	Trust: 0.6
vendor:	simatic pcs7	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	wincc	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	siemens	model:	pcs7	scope:	lt	version:	8.1	Trust: 0.6
vendor:	siemens	model:	simatic wincc runtime advanced	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	6.2	Trust: 0.3
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	0	Trust: 0.3

sources: IVD: ea209009-7fdb-4811-b130-403cdc16f255 // IVD: 7d720861-463f-11e9-a37c-000c29342cb1 // IVD: e2ce69a6-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-04643 // BID: 68875 // JVNDB: JVNDB-2014-003569 // CNNVD: CNNVD-201407-606 // NVD: CVE-2014-4686

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-4686
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-4686
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-04643
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201407-606
value:	MEDIUM
Trust: 0.6
IVD:	ea209009-7fdb-4811-b130-403cdc16f255
value:	MEDIUM
Trust: 0.2
IVD:	7d720861-463f-11e9-a37c-000c29342cb1
value:	MEDIUM
Trust: 0.2
IVD:	e2ce69a6-2351-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-72627
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-4686
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-04643
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	ea209009-7fdb-4811-b130-403cdc16f255
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	7d720861-463f-11e9-a37c-000c29342cb1
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	e2ce69a6-2351-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-72627
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: ea209009-7fdb-4811-b130-403cdc16f255 // IVD: 7d720861-463f-11e9-a37c-000c29342cb1 // IVD: e2ce69a6-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-04643 // VULHUB: VHN-72627 // JVNDB: JVNDB-2014-003569 // CNNVD: CNNVD-201407-606 // NVD: CVE-2014-4686

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2014-003569 // NVD: CVE-2014-4686

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 130406 // CNNVD: CNNVD-201407-606

TYPE

Encryption issues

Trust: 0.6

sources: IVD: ea209009-7fdb-4811-b130-403cdc16f255 // IVD: 7d720861-463f-11e9-a37c-000c29342cb1 // IVD: e2ce69a6-2351-11e6-abef-000c29c66e3d

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003569

PATCH

title:	SSA-214365	url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf	Trust: 0.8
title:	Patch for Siemens SIMATIC WinCC and PCS7 Privilege Escalation Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/47905	Trust: 0.6

sources: CNVD: CNVD-2014-04643 // JVNDB: JVNDB-2014-003569

EXTERNAL IDS

db:	NVD	id:	CVE-2014-4686	Trust: 4.2
db:	SIEMENS	id:	SSA-214365	Trust: 2.3
db:	CNNVD	id:	CNNVD-201407-606	Trust: 1.3
db:	CNVD	id:	CNVD-2014-04643	Trust: 1.2
db:	BID	id:	68875	Trust: 1.0
db:	ICS CERT	id:	ICSA-14-205-02	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-003569	Trust: 0.8
db:	SECUNIA	id:	60392	Trust: 0.6
db:	SECUNIA	id:	60388	Trust: 0.6
db:	IVD	id:	EA209009-7FDB-4811-B130-403CDC16F255	Trust: 0.2
db:	IVD	id:	7D720861-463F-11E9-A37C-000C29342CB1	Trust: 0.2
db:	IVD	id:	E2CE69A6-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	PACKETSTORM	id:	130406	Trust: 0.2
db:	VULHUB	id:	VHN-72627	Trust: 0.1
db:	PACKETSTORM	id:	127660	Trust: 0.1

sources: IVD: ea209009-7fdb-4811-b130-403cdc16f255 // IVD: 7d720861-463f-11e9-a37c-000c29342cb1 // IVD: e2ce69a6-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-04643 // VULHUB: VHN-72627 // BID: 68875 // JVNDB: JVNDB-2014-003569 // PACKETSTORM: 130406 // PACKETSTORM: 127660 // CNNVD: CNNVD-201407-606 // NVD: CVE-2014-4686

REFERENCES

url:	http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf	Trust: 2.3
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4686	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4686	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-14-205-02	Trust: 0.8
url:	http://www.securityfocus.com/bid/68875	Trust: 0.6
url:	http://secunia.com/advisories/60388	Trust: 0.6
url:	http://secunia.com/advisories/60392	Trust: 0.6
url:	http://subscriber.communications.siemens.com/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4686	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1358	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4684	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4683	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4685	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-4682	Trust: 0.1

sources: CNVD: CNVD-2014-04643 // VULHUB: VHN-72627 // BID: 68875 // JVNDB: JVNDB-2014-003569 // PACKETSTORM: 130406 // PACKETSTORM: 127660 // CNNVD: CNNVD-201407-606 // NVD: CVE-2014-4686

CREDITS

Sergey Gordeychik, Alexander Tlyapov, Dmitry Nagibin, and Gleb Gritsai from Positive Technologies.

Trust: 0.3

sources: BID: 68875

SOURCES

db:	IVD	id:	ea209009-7fdb-4811-b130-403cdc16f255
db:	IVD	id:	7d720861-463f-11e9-a37c-000c29342cb1
db:	IVD	id:	e2ce69a6-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-04643
db:	VULHUB	id:	VHN-72627
db:	BID	id:	68875
db:	JVNDB	id:	JVNDB-2014-003569
db:	PACKETSTORM	id:	130406
db:	PACKETSTORM	id:	127660
db:	CNNVD	id:	CNNVD-201407-606
db:	NVD	id:	CVE-2014-4686

LAST UPDATE DATE

2024-08-14T13:34:53.201000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-04643	date:	2014-07-28T00:00:00
db:	VULHUB	id:	VHN-72627	date:	2014-07-25T00:00:00
db:	BID	id:	68875	date:	2015-03-19T09:08:00
db:	JVNDB	id:	JVNDB-2014-003569	date:	2014-08-05T00:00:00
db:	CNNVD	id:	CNNVD-201407-606	date:	2014-07-25T00:00:00
db:	NVD	id:	CVE-2014-4686	date:	2014-07-25T14:59:40.003

SOURCES RELEASE DATE

db:	IVD	id:	ea209009-7fdb-4811-b130-403cdc16f255	date:	2014-07-28T00:00:00
db:	IVD	id:	7d720861-463f-11e9-a37c-000c29342cb1	date:	2014-07-28T00:00:00
db:	IVD	id:	e2ce69a6-2351-11e6-abef-000c29c66e3d	date:	2014-07-28T00:00:00
db:	CNVD	id:	CNVD-2014-04643	date:	2014-07-28T00:00:00
db:	VULHUB	id:	VHN-72627	date:	2014-07-24T00:00:00
db:	BID	id:	68875	date:	2014-07-23T00:00:00
db:	JVNDB	id:	JVNDB-2014-003569	date:	2014-07-28T00:00:00
db:	PACKETSTORM	id:	130406	date:	2015-02-16T17:36:59
db:	PACKETSTORM	id:	127660	date:	2014-07-29T22:37:22
db:	CNNVD	id:	CNNVD-201407-606	date:	2014-07-25T00:00:00
db:	NVD	id:	CVE-2014-4686	date:	2014-07-24T14:55:08.190