ID

VAR-201511-0184


CVE

CVE-2015-8214


TITLE

Siemens SIMATIC Vulnerabilities that allow multiple devices to gain administrative access

Trust: 0.8

sources: JVNDB: JVNDB-2015-006055

DESCRIPTION

A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs' configuration was stored on their corresponding CPUs. Siemens SIMATIC Multiple devices have vulnerabilities that can gain administrative access.By a third party TCP port 102 You may gain administrative access through the above session. Siemens SIMATIC CP 343-1/TIM 3V-IE/TIM 4R-IE/CP 443-1 is a communication module. Siemens SIMATIC CP 343-1 Advanced device prior to 3.0.44, CP 343-1 Lean, CP 343-1, TIM 3V-IE, TIM 3V-IE Advanced, TIM 3V-IE DNP3, TIM 4R-IE, TIM 4R- IE DNP3, CP 443-1, CP 443-1 Advanced has a security vulnerability in the implementation of the access protection layer, allowing unauthenticated remote attackers to exploit this vulnerability to gain administrator access through sessions on TCP port 102. Multiple Siemens SIMATIC products are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. Siemens SIMATIC CP 343-1 Advanced and so on are the Ethernet communication modules used by German Siemens to support PROFINET (a new generation of automation bus standard based on industrial Ethernet technology)

Trust: 2.7

sources: NVD: CVE-2015-8214 // JVNDB: JVNDB-2015-006055 // CNVD: CNVD-2015-07864 // BID: 78345 // IVD: 6bf20e1e-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-86175

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 6bf20e1e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07864

AFFECTED PRODUCTS

vendor:siemensmodel:simatic tim 3v-iescope:eqversion: -

Trust: 2.4

vendor:siemensmodel:simatic cp 343-1scope:eqversion:lean

Trust: 1.4

vendor:siemensmodel:simatic cp 443-1scope:eqversion:advanced

Trust: 1.4

vendor:siemensmodel:simatic tim 4r-iescope:eqversion:dnp3

Trust: 1.4

vendor:siemensmodel:simatic tim 4r-iescope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 343-1scope:lteversion:3.0

Trust: 1.0

vendor:siemensmodel:simatic cp 443-1scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 343-1scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic cp 343-1scope:eqversion:none

Trust: 0.8

vendor:siemensmodel:simatic cp 343-1scope:ltversion:advanced ( firmware 3.0.44 )

Trust: 0.8

vendor:siemensmodel:simatic cp 343-1scope:ltversion:3.0.44 (advanced)

Trust: 0.8

vendor:siemensmodel:simatic cp 343-1scope:eqversion: -

Trust: 0.8

vendor:siemensmodel:simatic cp 443-1scope:eqversion:none

Trust: 0.8

vendor:siemensmodel:simatic cp 443-1scope:eqversion: -

Trust: 0.8

vendor:siemensmodel:simatic tim 3v-iescope:eqversion:none

Trust: 0.8

vendor:siemensmodel:simatic tim 3v-iescope:eqversion:advanced

Trust: 0.8

vendor:siemensmodel:simatic tim 3v-iescope:eqversion:dnp3

Trust: 0.8

vendor:siemensmodel:simatic tim 4r-iescope:eqversion:none

Trust: 0.8

vendor:siemensmodel:simatic tim 4r-iescope:eqversion: -

Trust: 0.8

vendor:simatic tim 3v iemodel: - scope:eqversion: -

Trust: 0.6

vendor:siemensmodel:simatic cp advanced devicesscope:eqversion:343-1<3.0.44

Trust: 0.6

vendor:siemensmodel:cp lean devicesscope:eqversion:343-1

Trust: 0.6

vendor:siemensmodel:cp devicesscope:eqversion:343-1

Trust: 0.6

vendor:siemensmodel:tim 3v-ie devicesscope: - version: -

Trust: 0.6

vendor:siemensmodel:tim 3v-ie advanced devicesscope: - version: -

Trust: 0.6

vendor:siemensmodel:tim 3v-ie dnp3 devicesscope: - version: -

Trust: 0.6

vendor:siemensmodel:tim 4r-ie devicesscope: - version: -

Trust: 0.6

vendor:siemensmodel:tim 4r-ie dnp3 devicesscope: - version: -

Trust: 0.6

vendor:siemensmodel:cp devicesscope:eqversion:443-1

Trust: 0.6

vendor:siemensmodel:cp advanced devicesscope:eqversion:443-1

Trust: 0.6

vendor:siemensmodel:simatic cp 343-1scope:eqversion:3.0

Trust: 0.6

vendor:siemensmodel:simatic tim 4r-iescope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic cp 443-1scope: - version: -

Trust: 0.6

vendor:simatic cp 443 1model: - scope:eqversion:*

Trust: 0.4

vendor:simatic tim 4r iemodel: - scope:eqversion:*

Trust: 0.4

vendor:simatic cp 343 1model: - scope:eqversion:*

Trust: 0.4

sources: IVD: 6bf20e1e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07864 // JVNDB: JVNDB-2015-006055 // CNNVD: CNNVD-201511-434 // NVD: CVE-2015-8214

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-8214
value: HIGH

Trust: 1.0

NVD: CVE-2015-8214
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-07864
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201511-434
value: CRITICAL

Trust: 0.6

IVD: 6bf20e1e-2351-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-86175
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-8214
severity: HIGH
baseScore: 9.7
vectorString: AV:N/AC:L/AU:N/C:P/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-07864
severity: HIGH
baseScore: 9.7
vectorString: AV:N/AC:L/AU:N/C:P/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 6bf20e1e-2351-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 9.7
vectorString: AV:N/AC:L/AU:N/C:P/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-86175
severity: HIGH
baseScore: 9.7
vectorString: AV:N/AC:L/AU:N/C:P/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 6bf20e1e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07864 // VULHUB: VHN-86175 // JVNDB: JVNDB-2015-006055 // CNNVD: CNNVD-201511-434 // NVD: CVE-2015-8214

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-86175 // JVNDB: JVNDB-2015-006055 // NVD: CVE-2015-8214

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-434

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201511-434

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006055

PATCH

title:SSA-763427url:http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf

Trust: 0.8

title:Patch for Siemens SIMATIC Communicator Module Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/67396

Trust: 0.6

title:Multiple Siemens SIMATIC Product Privilege License and Access Control Vulnerability Fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58866

Trust: 0.6

sources: CNVD: CNVD-2015-07864 // JVNDB: JVNDB-2015-006055 // CNNVD: CNNVD-201511-434

EXTERNAL IDS

db:NVDid:CVE-2015-8214

Trust: 3.6

db:SIEMENSid:SSA-763427

Trust: 2.3

db:BIDid:78345

Trust: 2.0

db:SECTRACKid:1034279

Trust: 1.7

db:CNNVDid:CNNVD-201511-434

Trust: 0.9

db:CNVDid:CNVD-2015-07864

Trust: 0.8

db:ICS CERTid:ICSA-15-335-03

Trust: 0.8

db:JVNDBid:JVNDB-2015-006055

Trust: 0.8

db:ICS CERTid:ICSA-15-335-03A

Trust: 0.6

db:IVDid:6BF20E1E-2351-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-86175

Trust: 0.1

sources: IVD: 6bf20e1e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07864 // VULHUB: VHN-86175 // BID: 78345 // JVNDB: JVNDB-2015-006055 // CNNVD: CNNVD-201511-434 // NVD: CVE-2015-8214

REFERENCES

url:http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf

Trust: 2.3

url:http://www.securityfocus.com/bid/78345

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf

Trust: 1.7

url:http://www.securitytracker.com/id/1034279

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8214

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-15-335-03

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8214

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsa-15-335-03a

Trust: 0.6

url:http://subscriber.communications.siemens.com/

Trust: 0.3

sources: CNVD: CNVD-2015-07864 // VULHUB: VHN-86175 // BID: 78345 // JVNDB: JVNDB-2015-006055 // CNNVD: CNNVD-201511-434 // NVD: CVE-2015-8214

CREDITS

Lei ChengLin (Z-0ne) from Fengtai Technologies.

Trust: 0.3

sources: BID: 78345

SOURCES

db:IVDid:6bf20e1e-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2015-07864
db:VULHUBid:VHN-86175
db:BIDid:78345
db:JVNDBid:JVNDB-2015-006055
db:CNNVDid:CNNVD-201511-434
db:NVDid:CVE-2015-8214

LAST UPDATE DATE

2024-11-23T23:12:37.447000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2015-07864date:2015-12-01T00:00:00
db:VULHUBid:VHN-86175date:2016-12-07T00:00:00
db:BIDid:78345date:2015-12-08T22:20:00
db:JVNDBid:JVNDB-2015-006055date:2015-12-02T00:00:00
db:CNNVDid:CNNVD-201511-434date:2021-04-23T00:00:00
db:NVDid:CVE-2015-8214date:2024-11-21T02:38:06.013

SOURCES RELEASE DATE

db:IVDid:6bf20e1e-2351-11e6-abef-000c29c66e3ddate:2015-12-01T00:00:00
db:CNVDid:CNVD-2015-07864date:2015-12-01T00:00:00
db:VULHUBid:VHN-86175date:2015-11-27T00:00:00
db:BIDid:78345date:2015-11-27T00:00:00
db:JVNDBid:JVNDB-2015-006055date:2015-12-01T00:00:00
db:CNNVDid:CNNVD-201511-434date:2015-11-30T00:00:00
db:NVDid:CVE-2015-8214date:2015-11-27T15:59:00.133