Details of VAR-201607-0463

ID

VAR-201607-0463

CVE

CVE-2016-5874

TITLE

Siemens SIMATIC NET PCSoftware Denial of service vulnerability

Trust: 0.8

sources: IVD: 5524f002-9108-4173-a9a0-5c2688ac020e // CNVD: CNVD-2016-05347

DESCRIPTION

Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service (OPC UA service outage) via crafted TCP packets. SIMATIC NET is an open and diverse communication system from Siemens at the industrial control level. A denial of service vulnerability exists in Siemens SIMATIC NET PCSoftware. Need to manually restart the recovery system. An attacker can exploit this issue to cause the affected application to restart, denying service to legitimate users. Siemens SIMATIC NET PC-Software is a set of software from Siemens, Germany, which supports PLC (programmable logic controller) and personal computer network communication

Trust: 2.7

sources: NVD: CVE-2016-5874 // JVNDB: JVNDB-2016-004081 // CNVD: CNVD-2016-05347 // BID: 92110 // IVD: 5524f002-9108-4173-a9a0-5c2688ac020e // VULHUB: VHN-94694

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 5524f002-9108-4173-a9a0-5c2688ac020e // CNVD: CNVD-2016-05347

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic net pc-software	scope:	lte	version:	13	Trust: 1.0
vendor:	siemens	model:	simatic net pc-software	scope:	eq	version:	13	Trust: 0.9
vendor:	siemens	model:	simatic net pc software	scope:	lt	version:	13 sp2	Trust: 0.8
vendor:	siemens	model:	simatic net pc-software sp2	scope:	lt	version:	v13	Trust: 0.6
vendor:	siemens	model:	simatic net pc-software hf1	scope:	eq	version:	13	Trust: 0.3
vendor:	siemens	model:	simatic net pc-software sp2 hf3	scope:	eq	version:	12	Trust: 0.3
vendor:	siemens	model:	simatic net pc-software	scope:	eq	version:	12	Trust: 0.3
vendor:	siemens	model:	simatic net pc-software sp2	scope:	ne	version:	13	Trust: 0.3
vendor:	simatic net pc	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 5524f002-9108-4173-a9a0-5c2688ac020e // CNVD: CNVD-2016-05347 // BID: 92110 // JVNDB: JVNDB-2016-004081 // CNNVD: CNNVD-201607-906 // NVD: CVE-2016-5874

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-5874
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-5874
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-05347
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201607-906
value:	MEDIUM
Trust: 0.6
IVD:	5524f002-9108-4173-a9a0-5c2688ac020e
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-94694
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-5874
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-05347
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	5524f002-9108-4173-a9a0-5c2688ac020e
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-94694
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-5874
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: IVD: 5524f002-9108-4173-a9a0-5c2688ac020e // CNVD: CNVD-2016-05347 // VULHUB: VHN-94694 // JVNDB: JVNDB-2016-004081 // CNNVD: CNNVD-201607-906 // NVD: CVE-2016-5874

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-94694 // JVNDB: JVNDB-2016-004081 // NVD: CVE-2016-5874

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-906

TYPE

Input validation

Trust: 0.8

sources: IVD: 5524f002-9108-4173-a9a0-5c2688ac020e // CNNVD: CNNVD-201607-906

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004081

PATCH

title:	SSA-453276	url:	http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-453276.pdf	Trust: 0.8
title:	Siemens SIMATIC NET PCSoftware denial of service vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/79539	Trust: 0.6
title:	Siemens SIMATIC NET PC-Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63266	Trust: 0.6

sources: CNVD: CNVD-2016-05347 // JVNDB: JVNDB-2016-004081 // CNNVD: CNNVD-201607-906

EXTERNAL IDS

db:	NVD	id:	CVE-2016-5874	Trust: 3.6
db:	SIEMENS	id:	SSA-453276	Trust: 2.6
db:	ICS CERT	id:	ICSA-16-208-02	Trust: 2.2
db:	BID	id:	92110	Trust: 2.0
db:	CNNVD	id:	CNNVD-201607-906	Trust: 0.9
db:	CNVD	id:	CNVD-2016-05347	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-004081	Trust: 0.8
db:	IVD	id:	5524F002-9108-4173-A9A0-5C2688AC020E	Trust: 0.2
db:	VULHUB	id:	VHN-94694	Trust: 0.1

sources: IVD: 5524f002-9108-4173-a9a0-5c2688ac020e // CNVD: CNVD-2016-05347 // VULHUB: VHN-94694 // BID: 92110 // JVNDB: JVNDB-2016-004081 // CNNVD: CNNVD-201607-906 // NVD: CVE-2016-5874

REFERENCES

url:	http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-453276.pdf	Trust: 2.6
url:	https://ics-cert.us-cert.gov/advisories/icsa-16-208-02	Trust: 2.2
url:	http://www.securityfocus.com/bid/92110	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5874	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5874	Trust: 0.8
url:	http://www.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2016-05347 // VULHUB: VHN-94694 // BID: 92110 // JVNDB: JVNDB-2016-004081 // CNNVD: CNNVD-201607-906 // NVD: CVE-2016-5874

CREDITS

Vladimir Dashchenko from Kaspersky Labs.

Trust: 0.3

sources: BID: 92110

SOURCES

db:	IVD	id:	5524f002-9108-4173-a9a0-5c2688ac020e
db:	CNVD	id:	CNVD-2016-05347
db:	VULHUB	id:	VHN-94694
db:	BID	id:	92110
db:	JVNDB	id:	JVNDB-2016-004081
db:	CNNVD	id:	CNNVD-201607-906
db:	NVD	id:	CVE-2016-5874

LAST UPDATE DATE

2024-11-23T21:54:30.370000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-05347	date:	2016-07-25T00:00:00
db:	VULHUB	id:	VHN-94694	date:	2016-11-28T00:00:00
db:	BID	id:	92110	date:	2016-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2016-004081	date:	2016-08-01T00:00:00
db:	CNNVD	id:	CNNVD-201607-906	date:	2016-07-25T00:00:00
db:	NVD	id:	CVE-2016-5874	date:	2024-11-21T02:55:10.807

SOURCES RELEASE DATE

db:	IVD	id:	5524f002-9108-4173-a9a0-5c2688ac020e	date:	2016-07-25T00:00:00
db:	CNVD	id:	CNVD-2016-05347	date:	2016-07-25T00:00:00
db:	VULHUB	id:	VHN-94694	date:	2016-07-22T00:00:00
db:	BID	id:	92110	date:	2016-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2016-004081	date:	2016-08-01T00:00:00
db:	CNNVD	id:	CNNVD-201607-906	date:	2016-07-25T00:00:00
db:	NVD	id:	CVE-2016-5874	date:	2016-07-22T15:59:02.897