Details of VAR-201607-0465

ID

VAR-201607-0465

CVE

CVE-2016-5743

TITLE

plural Siemens SIMATIC Vulnerabilities in products that allow arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2016-004095

DESCRIPTION

Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets. The SIMATIC WinCC (Windows Control Center) window control center is Siemens' process monitoring system, providing complete monitoring and data acquisition (SCADA) functions for the industrial sector; the PCS 7 system is a seamlessly integrated automation solution for all industrial applications. field. A remote code execution vulnerability exists in SIMATIC WinCC/PCS 7/WinCC Runtime Professional. Multiple Siemens Products are prone to a remote code-execution vulnerability. An attacker can exploit this issue to inject and execute arbitrary code in the context of the affected application. Siemens SIMATIC WinCC, etc. are all industrial automation products of Siemens (Siemens) in Germany

Trust: 2.7

sources: NVD: CVE-2016-5743 // JVNDB: JVNDB-2016-004095 // CNVD: CNVD-2016-05346 // BID: 92112 // IVD: 649ab73e-2968-450b-b5d3-31e462571302 // VULHUB: VHN-94562

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 649ab73e-2968-450b-b5d3-31e462571302 // CNVD: CNVD-2016-05346

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic openpcs 7	scope:	lte	version:	8.1	Trust: 1.0
vendor:	siemens	model:	simatic wincc	scope:	lte	version:	7.3	Trust: 1.0
vendor:	siemens	model:	simatic batch	scope:	lte	version:	7.1	Trust: 1.0
vendor:	siemens	model:	simatic wincc	scope:	lte	version:	7.4	Trust: 1.0
vendor:	siemens	model:	simatic openpcs 7	scope:	lte	version:	8.2	Trust: 1.0
vendor:	siemens	model:	simatic pcs	scope:	eq	version:	78.0	Trust: 0.9
vendor:	siemens	model:	simatic pcs	scope:	eq	version:	78.1	Trust: 0.9
vendor:	siemens	model:	simatic pcs	scope:	eq	version:	78.2	Trust: 0.9
vendor:	siemens	model:	simatic wincc sp	scope:	eq	version:	7.03	Trust: 0.9
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	7.2	Trust: 0.9
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	7.4	Trust: 0.9
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	7.3	Trust: 0.9
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	7.4 update 1	Trust: 0.8
vendor:	siemens	model:	simatic wincc	scope:	lt	version:	7.4	Trust: 0.8
vendor:	siemens	model:	simatic pcs sp4	scope:	eq	version:	7<=7.1	Trust: 0.6
vendor:	siemens	model:	simatic wincc runtime professional sp update	scope:	lt	version:	v1319	Trust: 0.6
vendor:	siemens	model:	simatic wincc sp	scope:	lte	version:	<=7.02	Trust: 0.6
vendor:	siemens	model:	simatic wincc update	scope:	eq	version:	7.3x<7.310	Trust: 0.6
vendor:	siemens	model:	simatic wincc update	scope:	eq	version:	7.4x<7.41	Trust: 0.6
vendor:	siemens	model:	simatic openpcs 7	scope:	eq	version:	8.1	Trust: 0.6
vendor:	siemens	model:	simatic batch	scope:	eq	version:	7.1	Trust: 0.6
vendor:	siemens	model:	simatic openpcs 7	scope:	eq	version:	8.2	Trust: 0.6
vendor:	simatic wincc	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	simatic openpcs 7	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	siemens	model:	simatic wincc runtime professional sp1 upd2	scope:	eq	version:	13	Trust: 0.3
vendor:	siemens	model:	simatic wincc runtime professional	scope:	eq	version:	13	Trust: 0.3
vendor:	siemens	model:	simatic wincc update	scope:	eq	version:	7.32	Trust: 0.3
vendor:	siemens	model:	simatic wincc update	scope:	eq	version:	7.31	Trust: 0.3
vendor:	siemens	model:	simatic wincc update	scope:	eq	version:	7.29	Trust: 0.3
vendor:	siemens	model:	simatic wincc update	scope:	eq	version:	7.28	Trust: 0.3
vendor:	siemens	model:	simatic wincc update	scope:	eq	version:	7.21	Trust: 0.3
vendor:	siemens	model:	simatic wincc upd4	scope:	eq	version:	7.2	Trust: 0.3
vendor:	siemens	model:	simatic wincc upd11	scope:	eq	version:	7.2	Trust: 0.3
vendor:	siemens	model:	simatic wincc sp	scope:	eq	version:	7.02	Trust: 0.3
vendor:	siemens	model:	simatic pcs sp4	scope:	eq	version:	77.1	Trust: 0.3
vendor:	siemens	model:	simatic wincc runtime professional sp update	scope:	ne	version:	1319	Trust: 0.3
vendor:	siemens	model:	simatic wincc update	scope:	ne	version:	7.41	Trust: 0.3
vendor:	siemens	model:	simatic wincc update	scope:	ne	version:	7.310	Trust: 0.3
vendor:	simatic batch	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 649ab73e-2968-450b-b5d3-31e462571302 // CNVD: CNVD-2016-05346 // BID: 92112 // JVNDB: JVNDB-2016-004095 // CNNVD: CNNVD-201607-904 // NVD: CVE-2016-5743

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-5743
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-5743
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2016-05346
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201607-904
value:	CRITICAL
Trust: 0.6
IVD:	649ab73e-2968-450b-b5d3-31e462571302
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-94562
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-5743
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-05346
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	649ab73e-2968-450b-b5d3-31e462571302
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-94562
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-5743
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: 649ab73e-2968-450b-b5d3-31e462571302 // CNVD: CNVD-2016-05346 // VULHUB: VHN-94562 // JVNDB: JVNDB-2016-004095 // CNNVD: CNNVD-201607-904 // NVD: CVE-2016-5743

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-94562 // JVNDB: JVNDB-2016-004095 // NVD: CVE-2016-5743

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-904

TYPE

Input validation

Trust: 0.8

sources: IVD: 649ab73e-2968-450b-b5d3-31e462571302 // CNNVD: CNNVD-201607-904

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004095

PATCH

title:	SSA-378531	url:	http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531.pdf	Trust: 0.8
title:	Patch for remote code execution vulnerability in SIMATIC WinCC/PCS 7/WinCCRuntime Professional	url:	https://www.cnvd.org.cn/patchInfo/show/79586	Trust: 0.6
title:	Multiple Siemens Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63264	Trust: 0.6

sources: CNVD: CNVD-2016-05346 // JVNDB: JVNDB-2016-004095 // CNNVD: CNNVD-201607-904

EXTERNAL IDS

db:	NVD	id:	CVE-2016-5743	Trust: 3.6
db:	SIEMENS	id:	SSA-378531	Trust: 2.6
db:	ICS CERT	id:	ICSA-16-208-01	Trust: 2.2
db:	BID	id:	92112	Trust: 2.0
db:	SECTRACK	id:	1036441	Trust: 1.1
db:	CNNVD	id:	CNNVD-201607-904	Trust: 0.9
db:	CNVD	id:	CNVD-2016-05346	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-004095	Trust: 0.8
db:	IVD	id:	649AB73E-2968-450B-B5D3-31E462571302	Trust: 0.2
db:	VULHUB	id:	VHN-94562	Trust: 0.1

sources: IVD: 649ab73e-2968-450b-b5d3-31e462571302 // CNVD: CNVD-2016-05346 // VULHUB: VHN-94562 // BID: 92112 // JVNDB: JVNDB-2016-004095 // CNNVD: CNNVD-201607-904 // NVD: CVE-2016-5743

REFERENCES

url:	http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531.pdf	Trust: 2.6
url:	https://ics-cert.us-cert.gov/advisories/icsa-16-208-01	Trust: 2.2
url:	http://www.securityfocus.com/bid/92112	Trust: 1.1
url:	http://www.securitytracker.com/id/1036441	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5743	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5743	Trust: 0.8
url:	http://www.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2016-05346 // VULHUB: VHN-94562 // BID: 92112 // JVNDB: JVNDB-2016-004095 // CNNVD: CNNVD-201607-904 // NVD: CVE-2016-5743

CREDITS

Sergey Temnikov and Vladimir Dashchenko, Critical Infrastructure Defence Team, Kaspersky Lab.

Trust: 0.3

sources: BID: 92112

SOURCES

db:	IVD	id:	649ab73e-2968-450b-b5d3-31e462571302
db:	CNVD	id:	CNVD-2016-05346
db:	VULHUB	id:	VHN-94562
db:	BID	id:	92112
db:	JVNDB	id:	JVNDB-2016-004095
db:	CNNVD	id:	CNNVD-201607-904
db:	NVD	id:	CVE-2016-5743

LAST UPDATE DATE

2024-08-14T13:32:31.360000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-05346	date:	2016-07-25T00:00:00
db:	VULHUB	id:	VHN-94562	date:	2016-11-28T00:00:00
db:	BID	id:	92112	date:	2016-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2016-004095	date:	2016-08-01T00:00:00
db:	CNNVD	id:	CNNVD-201607-904	date:	2016-07-25T00:00:00
db:	NVD	id:	CVE-2016-5743	date:	2016-11-28T20:29:09.843

SOURCES RELEASE DATE

db:	IVD	id:	649ab73e-2968-450b-b5d3-31e462571302	date:	2016-07-25T00:00:00
db:	CNVD	id:	CNVD-2016-05346	date:	2016-07-25T00:00:00
db:	VULHUB	id:	VHN-94562	date:	2016-07-22T00:00:00
db:	BID	id:	92112	date:	2016-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2016-004095	date:	2016-08-01T00:00:00
db:	CNNVD	id:	CNNVD-201607-904	date:	2016-07-25T00:00:00
db:	NVD	id:	CVE-2016-5743	date:	2016-07-22T15:59:00.147