ID

VAR-201504-0234


CVE

CVE-2015-2822


TITLE

Siemens SIMATIC HMI Comfort Panels and SIMATIC WinCC Runtime Advanced Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-002125

DESCRIPTION

Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2 and SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2 allow man-in-the-middle attackers to cause a denial of service via crafted packets on TCP port 102. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. A port that can cause a denial of service attack. Multiple Siemens SIMATIC products are prone to a denial-of-service vulnerability. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. Siemens SIMATIC HMI Comfort Panels and SIMATIC WinCC Runtime Advanced are HMI software for controlling and monitoring machines and equipment from Siemens, Germany

Trust: 2.88

sources: NVD: CVE-2015-2822 // JVNDB: JVNDB-2015-002125 // CNVD: CNVD-2015-02292 // BID: 74028 // IVD: 984ee090-2351-11e6-abef-000c29c66e3d // IVD: cda955ed-285a-41f6-a455-3a71c5e4729a // VULHUB: VHN-80783

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 984ee090-2351-11e6-abef-000c29c66e3d // IVD: cda955ed-285a-41f6-a455-3a71c5e4729a // CNVD: CNVD-2015-02292

AFFECTED PRODUCTS

vendor:siemensmodel:winccscope:lteversion:13.0

Trust: 1.0

vendor:winccmodel: - scope:eqversion:*

Trust: 0.8

vendor:siemensmodel:simatic hmi comfort panelsscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic winccscope:ltversion:runtime advanced 13 sp1 upd2

Trust: 0.8

vendor:siemensmodel:simatic hmi comfort panels before wincc sp1 upd2scope:eqversion:13

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime advanced sp1 upd2scope:eqversion:13

Trust: 0.6

vendor:siemensmodel:winccscope:eqversion:13.0

Trust: 0.6

sources: IVD: 984ee090-2351-11e6-abef-000c29c66e3d // IVD: cda955ed-285a-41f6-a455-3a71c5e4729a // CNVD: CNVD-2015-02292 // JVNDB: JVNDB-2015-002125 // CNNVD: CNNVD-201504-096 // NVD: CVE-2015-2822

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-2822
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-2822
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-02292
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201504-096
value: MEDIUM

Trust: 0.6

IVD: 984ee090-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: cda955ed-285a-41f6-a455-3a71c5e4729a
value: MEDIUM

Trust: 0.2

VULHUB: VHN-80783
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-2822
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-02292
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 984ee090-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: cda955ed-285a-41f6-a455-3a71c5e4729a
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-80783
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 984ee090-2351-11e6-abef-000c29c66e3d // IVD: cda955ed-285a-41f6-a455-3a71c5e4729a // CNVD: CNVD-2015-02292 // VULHUB: VHN-80783 // JVNDB: JVNDB-2015-002125 // CNNVD: CNNVD-201504-096 // NVD: CVE-2015-2822

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-80783 // JVNDB: JVNDB-2015-002125 // NVD: CVE-2015-2822

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-096

TYPE

Input validation

Trust: 1.0

sources: IVD: 984ee090-2351-11e6-abef-000c29c66e3d // IVD: cda955ed-285a-41f6-a455-3a71c5e4729a // CNNVD: CNNVD-201504-096

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002125

PATCH

title:SSA-487246url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf

Trust: 0.8

title:Patch for Siemens SIMATIC and SIMATIC WinCC HMI Comfort Panels denial of service vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/57131

Trust: 0.6

sources: CNVD: CNVD-2015-02292 // JVNDB: JVNDB-2015-002125

EXTERNAL IDS

db:NVDid:CVE-2015-2822

Trust: 3.8

db:BIDid:74028

Trust: 2.0

db:SIEMENSid:SSA-487246

Trust: 1.7

db:CNNVDid:CNNVD-201504-096

Trust: 1.1

db:CNVDid:CNVD-2015-02292

Trust: 1.0

db:ICS CERTid:ICSA-15-099-01

Trust: 0.8

db:JVNDBid:JVNDB-2015-002125

Trust: 0.8

db:IVDid:984EE090-2351-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:CDA955ED-285A-41F6-A455-3A71C5E4729A

Trust: 0.2

db:VULHUBid:VHN-80783

Trust: 0.1

sources: IVD: 984ee090-2351-11e6-abef-000c29c66e3d // IVD: cda955ed-285a-41f6-a455-3a71c5e4729a // CNVD: CNVD-2015-02292 // VULHUB: VHN-80783 // BID: 74028 // JVNDB: JVNDB-2015-002125 // CNNVD: CNNVD-201504-096 // NVD: CVE-2015-2822

REFERENCES

url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-487246.pdf

Trust: 1.7

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2822

Trust: 1.4

url:http://www.securityfocus.com/bid/74028

Trust: 1.1

url:https://cert-portal.siemens.com/productcert/pdf/ssa-487246.pdf

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2822

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-15-099-01

Trust: 0.8

url:http://subscriber.communications.siemens.com/

Trust: 0.3

sources: CNVD: CNVD-2015-02292 // VULHUB: VHN-80783 // BID: 74028 // JVNDB: JVNDB-2015-002125 // CNNVD: CNNVD-201504-096 // NVD: CVE-2015-2822

CREDITS

Quarkslab team and Ilya Karpov from Positive Technologies.

Trust: 0.3

sources: BID: 74028

SOURCES

db:IVDid:984ee090-2351-11e6-abef-000c29c66e3d
db:IVDid:cda955ed-285a-41f6-a455-3a71c5e4729a
db:CNVDid:CNVD-2015-02292
db:VULHUBid:VHN-80783
db:BIDid:74028
db:JVNDBid:JVNDB-2015-002125
db:CNNVDid:CNNVD-201504-096
db:NVDid:CVE-2015-2822

LAST UPDATE DATE

2024-11-23T22:13:31.082000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2015-02292date:2015-04-10T00:00:00
db:VULHUBid:VHN-80783date:2016-11-28T00:00:00
db:BIDid:74028date:2015-10-26T16:22:00
db:JVNDBid:JVNDB-2015-002125date:2015-04-10T00:00:00
db:CNNVDid:CNNVD-201504-096date:2015-04-10T00:00:00
db:NVDid:CVE-2015-2822date:2024-11-21T02:28:09.383

SOURCES RELEASE DATE

db:IVDid:984ee090-2351-11e6-abef-000c29c66e3ddate:2015-04-10T00:00:00
db:IVDid:cda955ed-285a-41f6-a455-3a71c5e4729adate:2015-04-10T00:00:00
db:CNVDid:CNVD-2015-02292date:2015-04-10T00:00:00
db:VULHUBid:VHN-80783date:2015-04-08T00:00:00
db:BIDid:74028date:2015-04-09T00:00:00
db:JVNDBid:JVNDB-2015-002125date:2015-04-10T00:00:00
db:CNNVDid:CNNVD-201504-096date:2015-04-09T00:00:00
db:NVDid:CVE-2015-2822date:2015-04-08T16:59:00.067