Sign-up

ID

VAR-201502-0370


CVE

CVE-2015-1358


TITLE

Siemens SIMATIC WinCC TIA Portal Man-in-the-middle information disclosure vulnerability

Trust: 1.0

sources: IVD: 6c5f6ee2-c09b-4c78-a362-83203bbfe346 // IVD: a11e037c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-01296

DESCRIPTION

The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. An information disclosure vulnerability exists in Siemens SIMATIC WinCC V13 SP1 that could allow an attacker to obtain sensitive information through man-in-the-middle attacks. Versions prior to Siemens SIMATIC WinCC TIA Portal V13 SP1 are vulnerable. The vulnerability stems from the fact that the program does not properly encrypt the certificate in transmission. A remote attacker could exploit this vulnerability by sniffing the network and performing a decryption attack to obtain clear text certificates

Trust: 2.88

sources: NVD: CVE-2015-1358 // JVNDB: JVNDB-2015-001537 // CNVD: CNVD-2015-01296 // BID: 72625 // IVD: 6c5f6ee2-c09b-4c78-a362-83203bbfe346 // IVD: a11e037c-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-79319

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 6c5f6ee2-c09b-4c78-a362-83203bbfe346 // IVD: a11e037c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-01296

AFFECTED PRODUCTS

vendor:siemensmodel:winccscope:eqversion:13.0

Trust: 1.6

vendor:siemensmodel:simatic winccscope:ltversion:13 sp1

Trust: 0.8

vendor:siemensmodel:simatic wincc tia portal sp1scope:eqversion:v13

Trust: 0.6

vendor:winccmodel: - scope:eqversion:13.0

Trust: 0.4

vendor:siemensmodel:simatic wincc flexible runtimescope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic wincc flexible sp2scope:eqversion:2008

Trust: 0.3

vendor:siemensmodel:simatic wincc flexible sp1scope:eqversion:2008

Trust: 0.3

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2008

Trust: 0.3

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2007

Trust: 0.3

vendor:siemensmodel:simatic wincc flexible sp1scope:eqversion:2005

Trust: 0.3

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2005

Trust: 0.3

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2004

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime advancedscope:eqversion:0

Trust: 0.3

sources: IVD: 6c5f6ee2-c09b-4c78-a362-83203bbfe346 // IVD: a11e037c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-01296 // BID: 72625 // JVNDB: JVNDB-2015-001537 // CNNVD: CNNVD-201502-420 // NVD: CVE-2015-1358

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-1358
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-1358
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-01296
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201502-420
value: MEDIUM

Trust: 0.6

IVD: 6c5f6ee2-c09b-4c78-a362-83203bbfe346
value: MEDIUM

Trust: 0.2

IVD: a11e037c-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-79319
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-1358
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-01296
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 6c5f6ee2-c09b-4c78-a362-83203bbfe346
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: a11e037c-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-79319
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 6c5f6ee2-c09b-4c78-a362-83203bbfe346 // IVD: a11e037c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-01296 // VULHUB: VHN-79319 // JVNDB: JVNDB-2015-001537 // CNNVD: CNNVD-201502-420 // NVD: CVE-2015-1358

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-79319 // JVNDB: JVNDB-2015-001537 // NVD: CVE-2015-1358

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 130406 // CNNVD: CNNVD-201502-420

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201502-420

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001537

PATCH
title:SSA-543623url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-543623.pdf
Trust: 0.8
title:Patch for Siemens SIMATIC WinCC TIA Portal Man-in-the-Middle Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/55531
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-01296 // 
            
            
            
            JVNDB: JVNDB-2015-001537

EXTERNAL IDS
db:NVDid:CVE-2015-1358
Trust: 3.9
db:SIEMENSid:SSA-543623
Trust: 2.3
db:BIDid:72625
Trust: 2.0
db:ICS CERTid:ICSA-16-161-02
Trust: 1.9
db:SIEMENSid:SSA-526760
Trust: 1.7
db:CNNVDid:CNNVD-201502-420
Trust: 1.1
db:SECTRACKid:1036090
Trust: 1.1
db:CNVDid:CNVD-2015-01296
Trust: 1.0
db:JVNDBid:JVNDB-2015-001537
Trust: 0.8
db:IVDid:6C5F6EE2-C09B-4C78-A362-83203BBFE346
Trust: 0.2
db:IVDid:A11E037C-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-79319
Trust: 0.1
db:PACKETSTORMid:130406
Trust: 0.1
sources:
            
            
            IVD: 6c5f6ee2-c09b-4c78-a362-83203bbfe346 // 
            
            
            
            IVD: a11e037c-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2015-01296 // 
            
            
            
            VULHUB: VHN-79319 // 
            
            
            
            BID: 72625 // 
            
            
            
            JVNDB: JVNDB-2015-001537 // 
            
            
            
            PACKETSTORM: 130406 // 
            
            
            
            CNNVD: CNNVD-201502-420 // 
            
            
            
            NVD: CVE-2015-1358

REFERENCES
url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-543623.pdf
Trust: 2.3
url:https://ics-cert.us-cert.gov/advisories/icsa-16-161-02
Trust: 1.9
url:http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-526760.pdf
Trust: 1.7
url:http://www.securityfocus.com/bid/72625
Trust: 1.7
url:http://www.securitytracker.com/id/1036090
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1358
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1358
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-1358
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-4686
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-01296 // 
            
            
            
            VULHUB: VHN-79319 // 
            
            
            
            JVNDB: JVNDB-2015-001537 // 
            
            
            
            PACKETSTORM: 130406 // 
            
            
            
            CNNVD: CNNVD-201502-420 // 
            
            
            
            NVD: CVE-2015-1358

CREDITS
Gleb Gritsai, Roman Ilin, Aleksandr Tlyapov, and Sergey Gordeychik.
Trust: 0.3
sources:
            
            
            BID: 72625

SOURCES
db:IVDid:6c5f6ee2-c09b-4c78-a362-83203bbfe346
db:IVDid:a11e037c-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2015-01296
db:VULHUBid:VHN-79319
db:BIDid:72625
db:JVNDBid:JVNDB-2015-001537
db:PACKETSTORMid:130406
db:CNNVDid:CNNVD-201502-420
db:NVDid:CVE-2015-1358

LAST UPDATE DATE
2024-08-14T13:34:53.371000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-01296date:2016-06-12T00:00:00
db:VULHUBid:VHN-79319date:2016-11-30T00:00:00
db:BIDid:72625date:2016-07-06T14:57:00
db:JVNDBid:JVNDB-2015-001537date:2016-06-10T00:00:00
db:CNNVDid:CNNVD-201502-420date:2015-02-28T00:00:00
db:NVDid:CVE-2015-1358date:2016-11-30T02:59:19.423

SOURCES RELEASE DATE
db:IVDid:6c5f6ee2-c09b-4c78-a362-83203bbfe346date:2015-02-27T00:00:00
db:IVDid:a11e037c-2351-11e6-abef-000c29c66e3ddate:2015-02-27T00:00:00
db:CNVDid:CNVD-2015-01296date:2015-02-26T00:00:00
db:VULHUBid:VHN-79319date:2015-02-18T00:00:00
db:BIDid:72625date:2015-02-13T00:00:00
db:JVNDBid:JVNDB-2015-001537date:2015-02-20T00:00:00
db:PACKETSTORMid:130406date:2015-02-16T17:36:59
db:CNNVDid:CNNVD-201502-420date:2015-02-28T00:00:00
db:NVDid:CVE-2015-1358date:2015-02-18T02:59:07.813