ID

VAR-201607-0465


CVE

CVE-2016-5743


TITLE

plural Siemens SIMATIC Vulnerabilities in products that allow arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2016-004095

DESCRIPTION

Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets. The SIMATIC WinCC (Windows Control Center) window control center is Siemens' process monitoring system, providing complete monitoring and data acquisition (SCADA) functions for the industrial sector; the PCS 7 system is a seamlessly integrated automation solution for all industrial applications. field. A remote code execution vulnerability exists in SIMATIC WinCC/PCS 7/WinCC Runtime Professional. Multiple Siemens Products are prone to a remote code-execution vulnerability. An attacker can exploit this issue to inject and execute arbitrary code in the context of the affected application. Siemens SIMATIC WinCC, etc. are all industrial automation products of Siemens (Siemens) in Germany

Trust: 2.7

sources: NVD: CVE-2016-5743 // JVNDB: JVNDB-2016-004095 // CNVD: CNVD-2016-05346 // BID: 92112 // IVD: 649ab73e-2968-450b-b5d3-31e462571302 // VULHUB: VHN-94562

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 649ab73e-2968-450b-b5d3-31e462571302 // CNVD: CNVD-2016-05346

AFFECTED PRODUCTS

vendor:siemensmodel:simatic openpcs 7scope:lteversion:8.1

Trust: 1.0

vendor:siemensmodel:simatic winccscope:lteversion:7.3

Trust: 1.0

vendor:siemensmodel:simatic batchscope:lteversion:7.1

Trust: 1.0

vendor:siemensmodel:simatic winccscope:lteversion:7.4

Trust: 1.0

vendor:siemensmodel:simatic openpcs 7scope:lteversion:8.2

Trust: 1.0

vendor:siemensmodel:simatic pcsscope:eqversion:78.0

Trust: 0.9

vendor:siemensmodel:simatic pcsscope:eqversion:78.1

Trust: 0.9

vendor:siemensmodel:simatic pcsscope:eqversion:78.2

Trust: 0.9

vendor:siemensmodel:simatic wincc spscope:eqversion:7.03

Trust: 0.9

vendor:siemensmodel:simatic winccscope:eqversion:7.2

Trust: 0.9

vendor:siemensmodel:simatic winccscope:eqversion:7.4

Trust: 0.9

vendor:siemensmodel:simatic winccscope:eqversion:7.3

Trust: 0.9

vendor:siemensmodel:simatic winccscope:eqversion:7.4 update 1

Trust: 0.8

vendor:siemensmodel:simatic winccscope:ltversion:7.4

Trust: 0.8

vendor:siemensmodel:simatic pcs sp4scope:eqversion:7<=7.1

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professional sp updatescope:ltversion:v1319

Trust: 0.6

vendor:siemensmodel:simatic wincc spscope:lteversion:<=7.02

Trust: 0.6

vendor:siemensmodel:simatic wincc updatescope:eqversion:7.3x<7.310

Trust: 0.6

vendor:siemensmodel:simatic wincc updatescope:eqversion:7.4x<7.41

Trust: 0.6

vendor:siemensmodel:simatic openpcs 7scope:eqversion:8.1

Trust: 0.6

vendor:siemensmodel:simatic batchscope:eqversion:7.1

Trust: 0.6

vendor:siemensmodel:simatic openpcs 7scope:eqversion:8.2

Trust: 0.6

vendor:simatic winccmodel: - scope:eqversion:*

Trust: 0.4

vendor:simatic openpcs 7model: - scope:eqversion:*

Trust: 0.4

vendor:siemensmodel:simatic wincc runtime professional sp1 upd2scope:eqversion:13

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:13

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:eqversion:7.32

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:eqversion:7.31

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:eqversion:7.29

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:eqversion:7.28

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:eqversion:7.21

Trust: 0.3

vendor:siemensmodel:simatic wincc upd4scope:eqversion:7.2

Trust: 0.3

vendor:siemensmodel:simatic wincc upd11scope:eqversion:7.2

Trust: 0.3

vendor:siemensmodel:simatic wincc spscope:eqversion:7.02

Trust: 0.3

vendor:siemensmodel:simatic pcs sp4scope:eqversion:77.1

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime professional sp updatescope:neversion:1319

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:neversion:7.41

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:neversion:7.310

Trust: 0.3

vendor:simatic batchmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 649ab73e-2968-450b-b5d3-31e462571302 // CNVD: CNVD-2016-05346 // BID: 92112 // JVNDB: JVNDB-2016-004095 // CNNVD: CNNVD-201607-904 // NVD: CVE-2016-5743

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-5743
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-5743
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2016-05346
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201607-904
value: CRITICAL

Trust: 0.6

IVD: 649ab73e-2968-450b-b5d3-31e462571302
value: CRITICAL

Trust: 0.2

VULHUB: VHN-94562
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-5743
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-05346
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 649ab73e-2968-450b-b5d3-31e462571302
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-94562
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-5743
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 649ab73e-2968-450b-b5d3-31e462571302 // CNVD: CNVD-2016-05346 // VULHUB: VHN-94562 // JVNDB: JVNDB-2016-004095 // CNNVD: CNNVD-201607-904 // NVD: CVE-2016-5743

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-94562 // JVNDB: JVNDB-2016-004095 // NVD: CVE-2016-5743

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-904

TYPE

Input validation

Trust: 0.8

sources: IVD: 649ab73e-2968-450b-b5d3-31e462571302 // CNNVD: CNNVD-201607-904

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004095

PATCH

title:SSA-378531url:http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531.pdf

Trust: 0.8

title:Patch for remote code execution vulnerability in SIMATIC WinCC/PCS 7/WinCCRuntime Professionalurl:https://www.cnvd.org.cn/patchInfo/show/79586

Trust: 0.6

title:Multiple Siemens Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63264

Trust: 0.6

sources: CNVD: CNVD-2016-05346 // JVNDB: JVNDB-2016-004095 // CNNVD: CNNVD-201607-904

EXTERNAL IDS

db:NVDid:CVE-2016-5743

Trust: 3.6

db:SIEMENSid:SSA-378531

Trust: 2.6

db:ICS CERTid:ICSA-16-208-01

Trust: 2.2

db:BIDid:92112

Trust: 2.0

db:SECTRACKid:1036441

Trust: 1.1

db:CNNVDid:CNNVD-201607-904

Trust: 0.9

db:CNVDid:CNVD-2016-05346

Trust: 0.8

db:JVNDBid:JVNDB-2016-004095

Trust: 0.8

db:IVDid:649AB73E-2968-450B-B5D3-31E462571302

Trust: 0.2

db:VULHUBid:VHN-94562

Trust: 0.1

sources: IVD: 649ab73e-2968-450b-b5d3-31e462571302 // CNVD: CNVD-2016-05346 // VULHUB: VHN-94562 // BID: 92112 // JVNDB: JVNDB-2016-004095 // CNNVD: CNNVD-201607-904 // NVD: CVE-2016-5743

REFERENCES

url:http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531.pdf

Trust: 2.6

url:https://ics-cert.us-cert.gov/advisories/icsa-16-208-01

Trust: 2.2

url:http://www.securityfocus.com/bid/92112

Trust: 1.1

url:http://www.securitytracker.com/id/1036441

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5743

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5743

Trust: 0.8

url:http://www.siemens.com/

Trust: 0.3

sources: CNVD: CNVD-2016-05346 // VULHUB: VHN-94562 // BID: 92112 // JVNDB: JVNDB-2016-004095 // CNNVD: CNNVD-201607-904 // NVD: CVE-2016-5743

CREDITS

Sergey Temnikov and Vladimir Dashchenko, Critical Infrastructure Defence Team, Kaspersky Lab.

Trust: 0.3

sources: BID: 92112

SOURCES

db:IVDid:649ab73e-2968-450b-b5d3-31e462571302
db:CNVDid:CNVD-2016-05346
db:VULHUBid:VHN-94562
db:BIDid:92112
db:JVNDBid:JVNDB-2016-004095
db:CNNVDid:CNNVD-201607-904
db:NVDid:CVE-2016-5743

LAST UPDATE DATE

2024-08-14T13:32:31.360000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-05346date:2016-07-25T00:00:00
db:VULHUBid:VHN-94562date:2016-11-28T00:00:00
db:BIDid:92112date:2016-07-22T00:00:00
db:JVNDBid:JVNDB-2016-004095date:2016-08-01T00:00:00
db:CNNVDid:CNNVD-201607-904date:2016-07-25T00:00:00
db:NVDid:CVE-2016-5743date:2016-11-28T20:29:09.843

SOURCES RELEASE DATE

db:IVDid:649ab73e-2968-450b-b5d3-31e462571302date:2016-07-25T00:00:00
db:CNVDid:CNVD-2016-05346date:2016-07-25T00:00:00
db:VULHUBid:VHN-94562date:2016-07-22T00:00:00
db:BIDid:92112date:2016-07-22T00:00:00
db:JVNDBid:JVNDB-2016-004095date:2016-08-01T00:00:00
db:CNNVDid:CNNVD-201607-904date:2016-07-25T00:00:00
db:NVDid:CVE-2016-5743date:2016-07-22T15:59:00.147