Sign-up

ID

VAR-201608-0193


CVE

CVE-2016-6486


TITLE

Siemens SINEMA Server privilege acquisition vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-004392

DESCRIPTION

Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors. Authentication is required to exploit this vulnerability.The specific flaw exists within the configuration of the product. The executables for new system services are stored in directories for which all users have full control allowing for new executables to be swapped for the system service executables. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. SINEMA Server is Siemens Industrial Network Management Software. It can quickly diagnose the communication status of industrial Ethernet, industrial switches SCALANCE, PROFINET and CP443-1, CP343-1, ET200 (PN) and other network devices. Allow authenticated system users to escalate privileges under certain conditions. Local attackers can exploit this issue to gain elevated privileges

Trust: 3.33

sources: NVD: CVE-2016-6486 // JVNDB: JVNDB-2016-004392 // ZDI: ZDI-16-478 // CNVD: CNVD-2016-05875 // BID: 92254 // IVD: 6111775d-5371-436c-8bcc-4bf046090b10 // VULHUB: VHN-95306

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 6111775d-5371-436c-8bcc-4bf046090b10 // CNVD: CNVD-2016-05875

AFFECTED PRODUCTS

vendor:siemensmodel:sinema serverscope: - version: -

Trust: 2.1

vendor:siemensmodel:sinema serverscope:eqversion: -

Trust: 1.6

vendor:siemensmodel:sinema server sp1scope:eqversion:v12

Trust: 0.3

vendor:siemensmodel:sinema serverscope:eqversion:v12

Trust: 0.3

vendor:siemensmodel:sinema server sp1scope:eqversion:12.0

Trust: 0.3

vendor:siemensmodel:sinema serverscope:eqversion:12.0-

Trust: 0.3

vendor:siemensmodel:sinema serverscope:eqversion:0

Trust: 0.3

vendor:sinema servermodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: 6111775d-5371-436c-8bcc-4bf046090b10 // ZDI: ZDI-16-478 // CNVD: CNVD-2016-05875 // BID: 92254 // JVNDB: JVNDB-2016-004392 // CNNVD: CNNVD-201608-182 // NVD: CVE-2016-6486

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6486
value: HIGH

Trust: 1.0

NVD: CVE-2016-6486
value: HIGH

Trust: 0.8

ZDI: CVE-2016-6486
value: HIGH

Trust: 0.7

CNVD: CNVD-2016-05875
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201608-182
value: HIGH

Trust: 0.6

IVD: 6111775d-5371-436c-8bcc-4bf046090b10
value: HIGH

Trust: 0.2

VULHUB: VHN-95306
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-6486
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.5

CNVD: CNVD-2016-05875
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 6111775d-5371-436c-8bcc-4bf046090b10
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-95306
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6486
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 6111775d-5371-436c-8bcc-4bf046090b10 // ZDI: ZDI-16-478 // CNVD: CNVD-2016-05875 // VULHUB: VHN-95306 // JVNDB: JVNDB-2016-004392 // CNNVD: CNNVD-201608-182 // NVD: CVE-2016-6486

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-95306 // JVNDB: JVNDB-2016-004392 // NVD: CVE-2016-6486

THREAT TYPE

local

Trust: 0.9

sources: BID: 92254 // CNNVD: CNNVD-201608-182

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201608-182

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004392

PATCH
title:SSA-321174url:http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-321174.pdf
Trust: 0.8
title:Siemens has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-16-215-02
Trust: 0.7
title:Patch for Siemens SINEMA Server Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/80056
Trust: 0.6
sources:
            
            
            ZDI: ZDI-16-478 // 
            
            
            
            CNVD: CNVD-2016-05875 // 
            
            
            
            JVNDB: JVNDB-2016-004392

EXTERNAL IDS
db:NVDid:CVE-2016-6486
Trust: 4.3
db:ICS CERTid:ICSA-16-215-02
Trust: 2.8
db:SIEMENSid:SSA-321174
Trust: 2.3
db:ZDIid:ZDI-16-478
Trust: 2.1
db:BIDid:92254
Trust: 1.4
db:CNNVDid:CNNVD-201608-182
Trust: 0.9
db:CNVDid:CNVD-2016-05875
Trust: 0.8
db:JVNDBid:JVNDB-2016-004392
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-3662
Trust: 0.7
db:IVDid:6111775D-5371-436C-8BCC-4BF046090B10
Trust: 0.2
db:VULHUBid:VHN-95306
Trust: 0.1
sources:
            
            
            IVD: 6111775d-5371-436c-8bcc-4bf046090b10 // 
            
            
            
            ZDI: ZDI-16-478 // 
            
            
            
            CNVD: CNVD-2016-05875 // 
            
            
            
            VULHUB: VHN-95306 // 
            
            
            
            BID: 92254 // 
            
            
            
            JVNDB: JVNDB-2016-004392 // 
            
            
            
            CNNVD: CNNVD-201608-182 // 
            
            
            
            NVD: CVE-2016-6486

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-215-02
Trust: 3.5
url:http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-321174.pdf
Trust: 2.3
url:http://www.securityfocus.com/bid/92254
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-16-478
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6486
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6486
Trust: 0.8
url:http://support.automation.siemens.com/ww/llisapi.dll?func=cslib.csinfo&lang=de&siteid=cseus&aktprim=0&extranet=standard&viewreg=ww&objid=35228013&treelang=de
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-16-478/
Trust: 0.3
sources:
            
            
            ZDI: ZDI-16-478 // 
            
            
            
            CNVD: CNVD-2016-05875 // 
            
            
            
            VULHUB: VHN-95306 // 
            
            
            
            BID: 92254 // 
            
            
            
            JVNDB: JVNDB-2016-004392 // 
            
            
            
            CNNVD: CNNVD-201608-182 // 
            
            
            
            NVD: CVE-2016-6486

CREDITS
rgod
Trust: 0.7
sources:
            
            
            ZDI: ZDI-16-478

SOURCES
db:IVDid:6111775d-5371-436c-8bcc-4bf046090b10
db:ZDIid:ZDI-16-478
db:CNVDid:CNVD-2016-05875
db:VULHUBid:VHN-95306
db:BIDid:92254
db:JVNDBid:JVNDB-2016-004392
db:CNNVDid:CNNVD-201608-182
db:NVDid:CVE-2016-6486

LAST UPDATE DATE
2024-08-14T14:52:09.583000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-16-478date:2016-08-17T00:00:00
db:CNVDid:CNVD-2016-05875date:2016-08-03T00:00:00
db:VULHUBid:VHN-95306date:2016-11-28T00:00:00
db:BIDid:92254date:2016-08-18T13:00:00
db:JVNDBid:JVNDB-2016-004392date:2016-08-19T00:00:00
db:CNNVDid:CNNVD-201608-182date:2016-08-08T00:00:00
db:NVDid:CVE-2016-6486date:2016-11-28T20:33:19.327

SOURCES RELEASE DATE
db:IVDid:6111775d-5371-436c-8bcc-4bf046090b10date:2016-08-03T00:00:00
db:ZDIid:ZDI-16-478date:2016-08-17T00:00:00
db:CNVDid:CNVD-2016-05875date:2016-08-03T00:00:00
db:VULHUBid:VHN-95306date:2016-08-08T00:00:00
db:BIDid:92254date:2016-08-02T00:00:00
db:JVNDBid:JVNDB-2016-004392date:2016-08-19T00:00:00
db:CNNVDid:CNNVD-201608-182date:2016-08-08T00:00:00
db:NVDid:CVE-2016-6486date:2016-08-08T00:59:12.907