ID

VAR-201407-0606


CVE

CVE-2014-4686


TITLE

Siemens SIMATIC PCS 7 Used in products such as SIMATIC WinCC Vulnerabilities in which important information is obtained in project management applications

Trust: 0.8

sources: JVNDB: JVNDB-2014-003569

DESCRIPTION

The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive information by extracting this key from another product installation and then employing this key during the sniffing of network traffic on TCP port 1030. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A privilege elevation vulnerability exists in Siemens SIMATIC WinCC and PCS7 that allows an attacker to exploit the vulnerability to gain administrative access on the affected device. Siemens SIMATIC WinCC and PCS7 are prone to a privilege-escalation vulnerability. Siemens SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system of German Siemens (Siemens). The system provides process monitoring, data acquisition and other functions

Trust: 3.06

sources: NVD: CVE-2014-4686 // JVNDB: JVNDB-2014-003569 // CNVD: CNVD-2014-04643 // BID: 68875 // IVD: ea209009-7fdb-4811-b130-403cdc16f255 // IVD: 7d720861-463f-11e9-a37c-000c29342cb1 // IVD: e2ce69a6-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-72627

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.2

sources: IVD: ea209009-7fdb-4811-b130-403cdc16f255 // IVD: 7d720861-463f-11e9-a37c-000c29342cb1 // IVD: e2ce69a6-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-04643

AFFECTED PRODUCTS

vendor:winccmodel: - scope:eqversion:6.0

Trust: 2.4

vendor:winccmodel: - scope:eqversion:7.0

Trust: 2.4

vendor:siemensmodel:winccscope:eqversion:6.0

Trust: 1.6

vendor:siemensmodel:winccscope:eqversion:5.0

Trust: 1.6

vendor:siemensmodel:winccscope:eqversion:7.0

Trust: 1.6

vendor:siemensmodel:simatic winccscope:ltversion:7.3

Trust: 1.4

vendor:winccmodel: - scope:eqversion:5.0

Trust: 1.2

vendor:winccmodel: - scope:eqversion:7.1

Trust: 1.2

vendor:siemensmodel:winccscope:lteversion:7.2

Trust: 1.0

vendor:siemensmodel:simatic pcs7scope:eqversion:7.1

Trust: 1.0

vendor:siemensmodel:simatic pcs7scope:eqversion:8.0

Trust: 1.0

vendor:siemensmodel:simatic pcs7scope:lteversion:8.0

Trust: 1.0

vendor:siemensmodel:winccscope:eqversion:7.1

Trust: 1.0

vendor:siemensmodel:simatic pcs 7scope:ltversion:8.1

Trust: 0.8

vendor:simatic pcs7model: - scope:eqversion:7.1

Trust: 0.6

vendor:simatic pcs7model: - scope:eqversion:8.0

Trust: 0.6

vendor:simatic pcs7model: - scope:eqversion:*

Trust: 0.6

vendor:winccmodel: - scope:eqversion:*

Trust: 0.6

vendor:siemensmodel:pcs7scope:ltversion:8.1

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime advancedscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:6.2

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:0

Trust: 0.3

sources: IVD: ea209009-7fdb-4811-b130-403cdc16f255 // IVD: 7d720861-463f-11e9-a37c-000c29342cb1 // IVD: e2ce69a6-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-04643 // BID: 68875 // JVNDB: JVNDB-2014-003569 // CNNVD: CNNVD-201407-606 // NVD: CVE-2014-4686

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-4686
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-4686
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-04643
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201407-606
value: MEDIUM

Trust: 0.6

IVD: ea209009-7fdb-4811-b130-403cdc16f255
value: MEDIUM

Trust: 0.2

IVD: 7d720861-463f-11e9-a37c-000c29342cb1
value: MEDIUM

Trust: 0.2

IVD: e2ce69a6-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-72627
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-4686
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-04643
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: ea209009-7fdb-4811-b130-403cdc16f255
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 7d720861-463f-11e9-a37c-000c29342cb1
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: e2ce69a6-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-72627
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: ea209009-7fdb-4811-b130-403cdc16f255 // IVD: 7d720861-463f-11e9-a37c-000c29342cb1 // IVD: e2ce69a6-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-04643 // VULHUB: VHN-72627 // JVNDB: JVNDB-2014-003569 // CNNVD: CNNVD-201407-606 // NVD: CVE-2014-4686

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2014-003569 // NVD: CVE-2014-4686

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 130406 // CNNVD: CNNVD-201407-606

TYPE

Encryption issues

Trust: 0.6

sources: IVD: ea209009-7fdb-4811-b130-403cdc16f255 // IVD: 7d720861-463f-11e9-a37c-000c29342cb1 // IVD: e2ce69a6-2351-11e6-abef-000c29c66e3d

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003569

PATCH

title:SSA-214365url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf

Trust: 0.8

title:Patch for Siemens SIMATIC WinCC and PCS7 Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/47905

Trust: 0.6

sources: CNVD: CNVD-2014-04643 // JVNDB: JVNDB-2014-003569

EXTERNAL IDS

db:NVDid:CVE-2014-4686

Trust: 4.2

db:SIEMENSid:SSA-214365

Trust: 2.3

db:CNNVDid:CNNVD-201407-606

Trust: 1.3

db:CNVDid:CNVD-2014-04643

Trust: 1.2

db:BIDid:68875

Trust: 1.0

db:ICS CERTid:ICSA-14-205-02

Trust: 0.8

db:JVNDBid:JVNDB-2014-003569

Trust: 0.8

db:SECUNIAid:60392

Trust: 0.6

db:SECUNIAid:60388

Trust: 0.6

db:IVDid:EA209009-7FDB-4811-B130-403CDC16F255

Trust: 0.2

db:IVDid:7D720861-463F-11E9-A37C-000C29342CB1

Trust: 0.2

db:IVDid:E2CE69A6-2351-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:PACKETSTORMid:130406

Trust: 0.2

db:VULHUBid:VHN-72627

Trust: 0.1

db:PACKETSTORMid:127660

Trust: 0.1

sources: IVD: ea209009-7fdb-4811-b130-403cdc16f255 // IVD: 7d720861-463f-11e9-a37c-000c29342cb1 // IVD: e2ce69a6-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-04643 // VULHUB: VHN-72627 // BID: 68875 // JVNDB: JVNDB-2014-003569 // PACKETSTORM: 130406 // PACKETSTORM: 127660 // CNNVD: CNNVD-201407-606 // NVD: CVE-2014-4686

REFERENCES

url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf

Trust: 2.3

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4686

Trust: 1.4

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4686

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-14-205-02

Trust: 0.8

url:http://www.securityfocus.com/bid/68875

Trust: 0.6

url:http://secunia.com/advisories/60388

Trust: 0.6

url:http://secunia.com/advisories/60392

Trust: 0.6

url:http://subscriber.communications.siemens.com/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2014-4686

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-1358

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-4684

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-4683

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-4685

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-4682

Trust: 0.1

sources: CNVD: CNVD-2014-04643 // VULHUB: VHN-72627 // BID: 68875 // JVNDB: JVNDB-2014-003569 // PACKETSTORM: 130406 // PACKETSTORM: 127660 // CNNVD: CNNVD-201407-606 // NVD: CVE-2014-4686

CREDITS

Sergey Gordeychik, Alexander Tlyapov, Dmitry Nagibin, and Gleb Gritsai from Positive Technologies.

Trust: 0.3

sources: BID: 68875

SOURCES

db:IVDid:ea209009-7fdb-4811-b130-403cdc16f255
db:IVDid:7d720861-463f-11e9-a37c-000c29342cb1
db:IVDid:e2ce69a6-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-04643
db:VULHUBid:VHN-72627
db:BIDid:68875
db:JVNDBid:JVNDB-2014-003569
db:PACKETSTORMid:130406
db:PACKETSTORMid:127660
db:CNNVDid:CNNVD-201407-606
db:NVDid:CVE-2014-4686

LAST UPDATE DATE

2024-11-23T22:31:17.616000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-04643date:2014-07-28T00:00:00
db:VULHUBid:VHN-72627date:2014-07-25T00:00:00
db:BIDid:68875date:2015-03-19T09:08:00
db:JVNDBid:JVNDB-2014-003569date:2014-08-05T00:00:00
db:CNNVDid:CNNVD-201407-606date:2014-07-25T00:00:00
db:NVDid:CVE-2014-4686date:2024-11-21T02:10:42.220

SOURCES RELEASE DATE

db:IVDid:ea209009-7fdb-4811-b130-403cdc16f255date:2014-07-28T00:00:00
db:IVDid:7d720861-463f-11e9-a37c-000c29342cb1date:2014-07-28T00:00:00
db:IVDid:e2ce69a6-2351-11e6-abef-000c29c66e3ddate:2014-07-28T00:00:00
db:CNVDid:CNVD-2014-04643date:2014-07-28T00:00:00
db:VULHUBid:VHN-72627date:2014-07-24T00:00:00
db:BIDid:68875date:2014-07-23T00:00:00
db:JVNDBid:JVNDB-2014-003569date:2014-07-28T00:00:00
db:PACKETSTORMid:130406date:2015-02-16T17:36:59
db:PACKETSTORMid:127660date:2014-07-29T22:37:22
db:CNNVDid:CNNVD-201407-606date:2014-07-25T00:00:00
db:NVDid:CVE-2014-4686date:2014-07-24T14:55:08.190