ID

VAR-201502-0370


CVE

CVE-2015-1358


TITLE

Siemens SIMATIC WinCC TIA Portal Man-in-the-middle information disclosure vulnerability

Trust: 1.0

sources: IVD: 6c5f6ee2-c09b-4c78-a362-83203bbfe346 // IVD: a11e037c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-01296

DESCRIPTION

The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack. Siemens SIMATIC WinCC is a monitoring control and data acquisition SCADA and human machine interface HMI system. An information disclosure vulnerability exists in Siemens SIMATIC WinCC V13 SP1 that could allow an attacker to obtain sensitive information through man-in-the-middle attacks. Versions prior to Siemens SIMATIC WinCC TIA Portal V13 SP1 are vulnerable. The vulnerability stems from the fact that the program does not properly encrypt the certificate in transmission. A remote attacker could exploit this vulnerability by sniffing the network and performing a decryption attack to obtain clear text certificates

Trust: 2.88

sources: NVD: CVE-2015-1358 // JVNDB: JVNDB-2015-001537 // CNVD: CNVD-2015-01296 // BID: 72625 // IVD: 6c5f6ee2-c09b-4c78-a362-83203bbfe346 // IVD: a11e037c-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-79319

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 6c5f6ee2-c09b-4c78-a362-83203bbfe346 // IVD: a11e037c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-01296

AFFECTED PRODUCTS

vendor:siemensmodel:winccscope:eqversion:13.0

Trust: 1.6

vendor:siemensmodel:simatic winccscope:ltversion:13 sp1

Trust: 0.8

vendor:siemensmodel:simatic wincc tia portal sp1scope:eqversion:v13

Trust: 0.6

vendor:winccmodel: - scope:eqversion:13.0

Trust: 0.4

vendor:siemensmodel:simatic wincc flexible runtimescope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic wincc flexible sp2scope:eqversion:2008

Trust: 0.3

vendor:siemensmodel:simatic wincc flexible sp1scope:eqversion:2008

Trust: 0.3

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2008

Trust: 0.3

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2007

Trust: 0.3

vendor:siemensmodel:simatic wincc flexible sp1scope:eqversion:2005

Trust: 0.3

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2005

Trust: 0.3

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2004

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime advancedscope:eqversion:0

Trust: 0.3

sources: IVD: 6c5f6ee2-c09b-4c78-a362-83203bbfe346 // IVD: a11e037c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-01296 // BID: 72625 // JVNDB: JVNDB-2015-001537 // CNNVD: CNNVD-201502-420 // NVD: CVE-2015-1358

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-1358
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-1358
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-01296
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201502-420
value: MEDIUM

Trust: 0.6

IVD: 6c5f6ee2-c09b-4c78-a362-83203bbfe346
value: MEDIUM

Trust: 0.2

IVD: a11e037c-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-79319
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-1358
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-01296
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 6c5f6ee2-c09b-4c78-a362-83203bbfe346
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: a11e037c-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-79319
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 6c5f6ee2-c09b-4c78-a362-83203bbfe346 // IVD: a11e037c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-01296 // VULHUB: VHN-79319 // JVNDB: JVNDB-2015-001537 // CNNVD: CNNVD-201502-420 // NVD: CVE-2015-1358

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-79319 // JVNDB: JVNDB-2015-001537 // NVD: CVE-2015-1358

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 130406 // CNNVD: CNNVD-201502-420

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201502-420

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001537

PATCH

title:SSA-543623url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-543623.pdf

Trust: 0.8

title:Patch for Siemens SIMATIC WinCC TIA Portal Man-in-the-Middle Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/55531

Trust: 0.6

sources: CNVD: CNVD-2015-01296 // JVNDB: JVNDB-2015-001537

EXTERNAL IDS

db:NVDid:CVE-2015-1358

Trust: 3.9

db:SIEMENSid:SSA-543623

Trust: 2.3

db:BIDid:72625

Trust: 2.0

db:ICS CERTid:ICSA-16-161-02

Trust: 1.9

db:SIEMENSid:SSA-526760

Trust: 1.7

db:CNNVDid:CNNVD-201502-420

Trust: 1.1

db:SECTRACKid:1036090

Trust: 1.1

db:CNVDid:CNVD-2015-01296

Trust: 1.0

db:JVNDBid:JVNDB-2015-001537

Trust: 0.8

db:IVDid:6C5F6EE2-C09B-4C78-A362-83203BBFE346

Trust: 0.2

db:IVDid:A11E037C-2351-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-79319

Trust: 0.1

db:PACKETSTORMid:130406

Trust: 0.1

sources: IVD: 6c5f6ee2-c09b-4c78-a362-83203bbfe346 // IVD: a11e037c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-01296 // VULHUB: VHN-79319 // BID: 72625 // JVNDB: JVNDB-2015-001537 // PACKETSTORM: 130406 // CNNVD: CNNVD-201502-420 // NVD: CVE-2015-1358

REFERENCES

url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-543623.pdf

Trust: 2.3

url:https://ics-cert.us-cert.gov/advisories/icsa-16-161-02

Trust: 1.9

url:http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-526760.pdf

Trust: 1.7

url:http://www.securityfocus.com/bid/72625

Trust: 1.7

url:http://www.securitytracker.com/id/1036090

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1358

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1358

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2015-1358

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-4686

Trust: 0.1

sources: CNVD: CNVD-2015-01296 // VULHUB: VHN-79319 // JVNDB: JVNDB-2015-001537 // PACKETSTORM: 130406 // CNNVD: CNNVD-201502-420 // NVD: CVE-2015-1358

CREDITS

Gleb Gritsai, Roman Ilin, Aleksandr Tlyapov, and Sergey Gordeychik.

Trust: 0.3

sources: BID: 72625

SOURCES

db:IVDid:6c5f6ee2-c09b-4c78-a362-83203bbfe346
db:IVDid:a11e037c-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2015-01296
db:VULHUBid:VHN-79319
db:BIDid:72625
db:JVNDBid:JVNDB-2015-001537
db:PACKETSTORMid:130406
db:CNNVDid:CNNVD-201502-420
db:NVDid:CVE-2015-1358

LAST UPDATE DATE

2024-08-14T13:34:53.371000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2015-01296date:2016-06-12T00:00:00
db:VULHUBid:VHN-79319date:2016-11-30T00:00:00
db:BIDid:72625date:2016-07-06T14:57:00
db:JVNDBid:JVNDB-2015-001537date:2016-06-10T00:00:00
db:CNNVDid:CNNVD-201502-420date:2015-02-28T00:00:00
db:NVDid:CVE-2015-1358date:2016-11-30T02:59:19.423

SOURCES RELEASE DATE

db:IVDid:6c5f6ee2-c09b-4c78-a362-83203bbfe346date:2015-02-27T00:00:00
db:IVDid:a11e037c-2351-11e6-abef-000c29c66e3ddate:2015-02-27T00:00:00
db:CNVDid:CNVD-2015-01296date:2015-02-26T00:00:00
db:VULHUBid:VHN-79319date:2015-02-18T00:00:00
db:BIDid:72625date:2015-02-13T00:00:00
db:JVNDBid:JVNDB-2015-001537date:2015-02-20T00:00:00
db:PACKETSTORMid:130406date:2015-02-16T17:36:59
db:CNNVDid:CNNVD-201502-420date:2015-02-28T00:00:00
db:NVDid:CVE-2015-1358date:2015-02-18T02:59:07.813