Details of VAR-201511-0184

ID

VAR-201511-0184

CVE

CVE-2015-8214

TITLE

Siemens SIMATIC Vulnerabilities that allow multiple devices to gain administrative access

Trust: 0.8

sources: JVNDB: JVNDB-2015-006055

DESCRIPTION

A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions < V3.1.1), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-1 Standard (incl. SIPLUS variants) (All versions < V3.2.9), SIMATIC NET CP 443-5 Basic (incl. SIPLUS variants) (All versions), SIMATIC NET CP 443-5 Extended (All versions), TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.6.0), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.1.0). The implemented access protection level enforcement of the affected communication processors (CP) could possibly allow unauthenticated users to perform administrative operations on the CPs if network access (port 102/TCP) is available and the CPs' configuration was stored on their corresponding CPUs. Siemens SIMATIC Multiple devices have vulnerabilities that can gain administrative access.By a third party TCP port 102 You may gain administrative access through the above session. Siemens SIMATIC CP 343-1/TIM 3V-IE/TIM 4R-IE/CP 443-1 is a communication module. Siemens SIMATIC CP 343-1 Advanced device prior to 3.0.44, CP 343-1 Lean, CP 343-1, TIM 3V-IE, TIM 3V-IE Advanced, TIM 3V-IE DNP3, TIM 4R-IE, TIM 4R- IE DNP3, CP 443-1, CP 443-1 Advanced has a security vulnerability in the implementation of the access protection layer, allowing unauthenticated remote attackers to exploit this vulnerability to gain administrator access through sessions on TCP port 102. Multiple Siemens SIMATIC products are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. Siemens SIMATIC CP 343-1 Advanced and so on are the Ethernet communication modules used by German Siemens to support PROFINET (a new generation of automation bus standard based on industrial Ethernet technology)

Trust: 2.7

sources: NVD: CVE-2015-8214 // JVNDB: JVNDB-2015-006055 // CNVD: CNVD-2015-07864 // BID: 78345 // IVD: 6bf20e1e-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-86175

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 6bf20e1e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07864

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic tim 3v-ie	scope:	eq	version:	-	Trust: 2.4
vendor:	siemens	model:	simatic cp 343-1	scope:	eq	version:	lean	Trust: 1.4
vendor:	siemens	model:	simatic cp 443-1	scope:	eq	version:	advanced	Trust: 1.4
vendor:	siemens	model:	simatic tim 4r-ie	scope:	eq	version:	dnp3	Trust: 1.4
vendor:	siemens	model:	simatic cp 343-1	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic cp 343-1	scope:	lte	version:	3.0	Trust: 1.0
vendor:	siemens	model:	simatic cp 443-1	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic tim 4r-ie	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic cp 343-1	scope:	eq	version:	none	Trust: 0.8
vendor:	siemens	model:	simatic cp 343-1	scope:	lt	version:	advanced ( firmware 3.0.44 )	Trust: 0.8
vendor:	siemens	model:	simatic cp 343-1	scope:	lt	version:	3.0.44 (advanced)	Trust: 0.8
vendor:	siemens	model:	simatic cp 343-1	scope:	eq	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic cp 443-1	scope:	eq	version:	none	Trust: 0.8
vendor:	siemens	model:	simatic cp 443-1	scope:	eq	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic tim 3v-ie	scope:	eq	version:	none	Trust: 0.8
vendor:	siemens	model:	simatic tim 3v-ie	scope:	eq	version:	advanced	Trust: 0.8
vendor:	siemens	model:	simatic tim 3v-ie	scope:	eq	version:	dnp3	Trust: 0.8
vendor:	siemens	model:	simatic tim 4r-ie	scope:	eq	version:	none	Trust: 0.8
vendor:	siemens	model:	simatic tim 4r-ie	scope:	eq	version:	-	Trust: 0.8
vendor:	simatic tim 3v ie	model:	-	scope:	eq	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic cp advanced devices	scope:	eq	version:	343-1<3.0.44	Trust: 0.6
vendor:	siemens	model:	cp lean devices	scope:	eq	version:	343-1	Trust: 0.6
vendor:	siemens	model:	cp devices	scope:	eq	version:	343-1	Trust: 0.6
vendor:	siemens	model:	tim 3v-ie devices	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	tim 3v-ie advanced devices	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	tim 3v-ie dnp3 devices	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	tim 4r-ie devices	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	tim 4r-ie dnp3 devices	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	cp devices	scope:	eq	version:	443-1	Trust: 0.6
vendor:	siemens	model:	cp advanced devices	scope:	eq	version:	443-1	Trust: 0.6
vendor:	siemens	model:	simatic cp 343-1	scope:	eq	version:	3.0	Trust: 0.6
vendor:	siemens	model:	simatic tim 4r-ie	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic cp 443-1	scope:	-	version:	-	Trust: 0.6
vendor:	simatic cp 443 1	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	simatic tim 4r ie	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	simatic cp 343 1	model:	-	scope:	eq	version:	*	Trust: 0.4

sources: IVD: 6bf20e1e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07864 // JVNDB: JVNDB-2015-006055 // CNNVD: CNNVD-201511-434 // NVD: CVE-2015-8214

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-8214
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-8214
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-07864
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201511-434
value:	CRITICAL
Trust: 0.6
IVD:	6bf20e1e-2351-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-86175
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-8214
severity:	HIGH
baseScore:	9.7
vectorString:	AV:N/AC:L/AU:N/C:P/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	9.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-07864
severity:	HIGH
baseScore:	9.7
vectorString:	AV:N/AC:L/AU:N/C:P/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	9.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	6bf20e1e-2351-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	9.7
vectorString:	AV:N/AC:L/AU:N/C:P/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	9.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-86175
severity:	HIGH
baseScore:	9.7
vectorString:	AV:N/AC:L/AU:N/C:P/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	9.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 6bf20e1e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07864 // VULHUB: VHN-86175 // JVNDB: JVNDB-2015-006055 // CNNVD: CNNVD-201511-434 // NVD: CVE-2015-8214

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-86175 // JVNDB: JVNDB-2015-006055 // NVD: CVE-2015-8214

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201511-434

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201511-434

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006055

PATCH

title:	SSA-763427	url:	http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf	Trust: 0.8
title:	Patch for Siemens SIMATIC Communicator Module Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/67396	Trust: 0.6
title:	Multiple Siemens SIMATIC Product Privilege License and Access Control Vulnerability Fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58866	Trust: 0.6

sources: CNVD: CNVD-2015-07864 // JVNDB: JVNDB-2015-006055 // CNNVD: CNNVD-201511-434

EXTERNAL IDS

db:	NVD	id:	CVE-2015-8214	Trust: 3.6
db:	SIEMENS	id:	SSA-763427	Trust: 2.3
db:	BID	id:	78345	Trust: 2.0
db:	SECTRACK	id:	1034279	Trust: 1.7
db:	CNNVD	id:	CNNVD-201511-434	Trust: 0.9
db:	CNVD	id:	CNVD-2015-07864	Trust: 0.8
db:	ICS CERT	id:	ICSA-15-335-03	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-006055	Trust: 0.8
db:	ICS CERT	id:	ICSA-15-335-03A	Trust: 0.6
db:	IVD	id:	6BF20E1E-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-86175	Trust: 0.1

sources: IVD: 6bf20e1e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-07864 // VULHUB: VHN-86175 // BID: 78345 // JVNDB: JVNDB-2015-006055 // CNNVD: CNNVD-201511-434 // NVD: CVE-2015-8214

REFERENCES

url:	http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-763427.pdf	Trust: 2.3
url:	http://www.securityfocus.com/bid/78345	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf	Trust: 1.7
url:	http://www.securitytracker.com/id/1034279	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8214	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-15-335-03	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8214	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-15-335-03a	Trust: 0.6
url:	http://subscriber.communications.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2015-07864 // VULHUB: VHN-86175 // BID: 78345 // JVNDB: JVNDB-2015-006055 // CNNVD: CNNVD-201511-434 // NVD: CVE-2015-8214

CREDITS

Lei ChengLin (Z-0ne) from Fengtai Technologies.

Trust: 0.3

sources: BID: 78345

SOURCES

db:	IVD	id:	6bf20e1e-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2015-07864
db:	VULHUB	id:	VHN-86175
db:	BID	id:	78345
db:	JVNDB	id:	JVNDB-2015-006055
db:	CNNVD	id:	CNNVD-201511-434
db:	NVD	id:	CVE-2015-8214

LAST UPDATE DATE

2024-08-14T15:08:34.879000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-07864	date:	2015-12-01T00:00:00
db:	VULHUB	id:	VHN-86175	date:	2016-12-07T00:00:00
db:	BID	id:	78345	date:	2015-12-08T22:20:00
db:	JVNDB	id:	JVNDB-2015-006055	date:	2015-12-02T00:00:00
db:	CNNVD	id:	CNNVD-201511-434	date:	2021-04-23T00:00:00
db:	NVD	id:	CVE-2015-8214	date:	2021-04-22T21:15:08.047

SOURCES RELEASE DATE

db:	IVD	id:	6bf20e1e-2351-11e6-abef-000c29c66e3d	date:	2015-12-01T00:00:00
db:	CNVD	id:	CNVD-2015-07864	date:	2015-12-01T00:00:00
db:	VULHUB	id:	VHN-86175	date:	2015-11-27T00:00:00
db:	BID	id:	78345	date:	2015-11-27T00:00:00
db:	JVNDB	id:	JVNDB-2015-006055	date:	2015-12-01T00:00:00
db:	CNNVD	id:	CNNVD-201511-434	date:	2015-11-30T00:00:00
db:	NVD	id:	CVE-2015-8214	date:	2015-11-27T15:59:00.133