Sign-up

ID

VAR-201607-0461


CVE

CVE-2016-5849


TITLE

Siemens SICAM PAS Vulnerability in which important setting information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2016-003480

DESCRIPTION

Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage. SICAM PAS is an energy automation solution for substation equipment operation. It has an open communication interface to meet the control requirements of power system control and industrial power supply equipment. An information disclosure vulnerability exists in Siemens SICAM PAS

Trust: 2.7

sources: NVD: CVE-2016-5849 // JVNDB: JVNDB-2016-003480 // CNVD: CNVD-2016-04434 // BID: 91525 // IVD: 054e979c-8898-11e7-a432-000c2975a0fc // VULHUB: VHN-94669

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 054e979c-8898-11e7-a432-000c2975a0fc // CNVD: CNVD-2016-04434

AFFECTED PRODUCTS

vendor:siemensmodel:sicam pas\/pqsscope:lteversion:8.07

Trust: 1.0

vendor:siemensmodel:sicam passcope:lteversion:8.07

Trust: 0.8

vendor:siemensmodel:sicam passcope: - version: -

Trust: 0.6

vendor:siemensmodel:sicam passcope:eqversion:8.06

Trust: 0.6

vendor:sicam pasmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 054e979c-8898-11e7-a432-000c2975a0fc // CNVD: CNVD-2016-04434 // JVNDB: JVNDB-2016-003480 // CNNVD: CNNVD-201606-675 // NVD: CVE-2016-5849

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-5849
value: LOW

Trust: 1.0

NVD: CVE-2016-5849
value: LOW

Trust: 0.8

CNVD: CNVD-2016-04434
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201606-675
value: LOW

Trust: 0.6

IVD: 054e979c-8898-11e7-a432-000c2975a0fc
value: LOW

Trust: 0.2

VULHUB: VHN-94669
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2016-5849
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-04434
severity: MEDIUM
baseScore: 4.0
vectorString: AV:L/AC:H/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 054e979c-8898-11e7-a432-000c2975a0fc
severity: MEDIUM
baseScore: 4.0
vectorString: AV:L/AC:H/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-94669
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-5849
baseSeverity: LOW
baseScore: 2.5
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.0
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2016-5849
baseSeverity: LOW
baseScore: 2.5
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 054e979c-8898-11e7-a432-000c2975a0fc // CNVD: CNVD-2016-04434 // VULHUB: VHN-94669 // JVNDB: JVNDB-2016-003480 // CNNVD: CNNVD-201606-675 // NVD: CVE-2016-5849

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-94669 // JVNDB: JVNDB-2016-003480 // NVD: CVE-2016-5849

THREAT TYPE

local

Trust: 0.9

sources: BID: 91525 // CNNVD: CNNVD-201606-675

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201606-675

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-003480

PATCH
title:SSA-444217url:http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdf
Trust: 0.8
title:Siemens SICAM PAS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62584
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-003480 // 
            
            
            
            CNNVD: CNNVD-201606-675

EXTERNAL IDS
db:NVDid:CVE-2016-5849
Trust: 3.6
db:ICS CERTid:ICSA-16-182-02
Trust: 2.5
db:SIEMENSid:SSA-444217
Trust: 2.3
db:BIDid:91525
Trust: 1.4
db:CNNVDid:CNNVD-201606-675
Trust: 0.9
db:CNVDid:CNVD-2016-04434
Trust: 0.8
db:JVNDBid:JVNDB-2016-003480
Trust: 0.8
db:IVDid:054E979C-8898-11E7-A432-000C2975A0FC
Trust: 0.2
db:VULHUBid:VHN-94669
Trust: 0.1
sources:
            
            
            IVD: 054e979c-8898-11e7-a432-000c2975a0fc // 
            
            
            
            CNVD: CNVD-2016-04434 // 
            
            
            
            VULHUB: VHN-94669 // 
            
            
            
            BID: 91525 // 
            
            
            
            JVNDB: JVNDB-2016-003480 // 
            
            
            
            CNNVD: CNNVD-201606-675 // 
            
            
            
            NVD: CVE-2016-5849

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-182-02
Trust: 2.5
url:http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdf
Trust: 2.3
url:http://www.securityfocus.com/bid/91525
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5849
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5849
Trust: 0.8
url:http://subscriber.communications.siemens.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-04434 // 
            
            
            
            VULHUB: VHN-94669 // 
            
            
            
            BID: 91525 // 
            
            
            
            JVNDB: JVNDB-2016-003480 // 
            
            
            
            CNNVD: CNNVD-201606-675 // 
            
            
            
            NVD: CVE-2016-5849

CREDITS
Ilya Karpov and Dmitry Sklyarov
Trust: 0.3
sources:
            
            
            BID: 91525

SOURCES
db:IVDid:054e979c-8898-11e7-a432-000c2975a0fc
db:CNVDid:CNVD-2016-04434
db:VULHUBid:VHN-94669
db:BIDid:91525
db:JVNDBid:JVNDB-2016-003480
db:CNNVDid:CNNVD-201606-675
db:NVDid:CVE-2016-5849

LAST UPDATE DATE
2024-11-23T22:27:01.076000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-04434date:2016-07-01T00:00:00
db:VULHUBid:VHN-94669date:2016-11-28T00:00:00
db:BIDid:91525date:2016-07-01T00:00:00
db:JVNDBid:JVNDB-2016-003480date:2016-12-08T00:00:00
db:CNNVDid:CNNVD-201606-675date:2016-07-01T00:00:00
db:NVDid:CVE-2016-5849date:2024-11-21T02:55:07.993

SOURCES RELEASE DATE
db:IVDid:054e979c-8898-11e7-a432-000c2975a0fcdate:2016-07-01T00:00:00
db:CNVDid:CNVD-2016-04434date:2016-07-01T00:00:00
db:VULHUBid:VHN-94669date:2016-07-04T00:00:00
db:BIDid:91525date:2016-07-01T00:00:00
db:JVNDBid:JVNDB-2016-003480date:2016-07-11T00:00:00
db:CNNVDid:CNNVD-201606-675date:2016-06-30T00:00:00
db:NVDid:CVE-2016-5849date:2016-07-04T16:59:02.973