ID

VAR-201608-0193


CVE

CVE-2016-6486


TITLE

Siemens SINEMA Server privilege acquisition vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-004392

DESCRIPTION

Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors. Authentication is required to exploit this vulnerability.The specific flaw exists within the configuration of the product. The executables for new system services are stored in directories for which all users have full control allowing for new executables to be swapped for the system service executables. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. SINEMA Server is Siemens Industrial Network Management Software. It can quickly diagnose the communication status of industrial Ethernet, industrial switches SCALANCE, PROFINET and CP443-1, CP343-1, ET200 (PN) and other network devices. Allow authenticated system users to escalate privileges under certain conditions. Local attackers can exploit this issue to gain elevated privileges

Trust: 3.33

sources: NVD: CVE-2016-6486 // JVNDB: JVNDB-2016-004392 // ZDI: ZDI-16-478 // CNVD: CNVD-2016-05875 // BID: 92254 // IVD: 6111775d-5371-436c-8bcc-4bf046090b10 // VULHUB: VHN-95306

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 6111775d-5371-436c-8bcc-4bf046090b10 // CNVD: CNVD-2016-05875

AFFECTED PRODUCTS

vendor:siemensmodel:sinema serverscope: - version: -

Trust: 2.1

vendor:siemensmodel:sinema serverscope:eqversion: -

Trust: 1.6

vendor:siemensmodel:sinema server sp1scope:eqversion:v12

Trust: 0.3

vendor:siemensmodel:sinema serverscope:eqversion:v12

Trust: 0.3

vendor:siemensmodel:sinema server sp1scope:eqversion:12.0

Trust: 0.3

vendor:siemensmodel:sinema serverscope:eqversion:12.0-

Trust: 0.3

vendor:siemensmodel:sinema serverscope:eqversion:0

Trust: 0.3

vendor:sinema servermodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: 6111775d-5371-436c-8bcc-4bf046090b10 // ZDI: ZDI-16-478 // CNVD: CNVD-2016-05875 // BID: 92254 // JVNDB: JVNDB-2016-004392 // CNNVD: CNNVD-201608-182 // NVD: CVE-2016-6486

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6486
value: HIGH

Trust: 1.0

NVD: CVE-2016-6486
value: HIGH

Trust: 0.8

ZDI: CVE-2016-6486
value: HIGH

Trust: 0.7

CNVD: CNVD-2016-05875
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201608-182
value: HIGH

Trust: 0.6

IVD: 6111775d-5371-436c-8bcc-4bf046090b10
value: HIGH

Trust: 0.2

VULHUB: VHN-95306
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-6486
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.5

CNVD: CNVD-2016-05875
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 6111775d-5371-436c-8bcc-4bf046090b10
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-95306
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6486
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 6111775d-5371-436c-8bcc-4bf046090b10 // ZDI: ZDI-16-478 // CNVD: CNVD-2016-05875 // VULHUB: VHN-95306 // JVNDB: JVNDB-2016-004392 // CNNVD: CNNVD-201608-182 // NVD: CVE-2016-6486

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-95306 // JVNDB: JVNDB-2016-004392 // NVD: CVE-2016-6486

THREAT TYPE

local

Trust: 0.9

sources: BID: 92254 // CNNVD: CNNVD-201608-182

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201608-182

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004392

PATCH

title:SSA-321174url:http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-321174.pdf

Trust: 0.8

title:Siemens has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-16-215-02

Trust: 0.7

title:Patch for Siemens SINEMA Server Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/80056

Trust: 0.6

sources: ZDI: ZDI-16-478 // CNVD: CNVD-2016-05875 // JVNDB: JVNDB-2016-004392

EXTERNAL IDS

db:NVDid:CVE-2016-6486

Trust: 4.3

db:ICS CERTid:ICSA-16-215-02

Trust: 2.8

db:SIEMENSid:SSA-321174

Trust: 2.3

db:ZDIid:ZDI-16-478

Trust: 2.1

db:BIDid:92254

Trust: 1.4

db:CNNVDid:CNNVD-201608-182

Trust: 0.9

db:CNVDid:CNVD-2016-05875

Trust: 0.8

db:JVNDBid:JVNDB-2016-004392

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-3662

Trust: 0.7

db:IVDid:6111775D-5371-436C-8BCC-4BF046090B10

Trust: 0.2

db:VULHUBid:VHN-95306

Trust: 0.1

sources: IVD: 6111775d-5371-436c-8bcc-4bf046090b10 // ZDI: ZDI-16-478 // CNVD: CNVD-2016-05875 // VULHUB: VHN-95306 // BID: 92254 // JVNDB: JVNDB-2016-004392 // CNNVD: CNNVD-201608-182 // NVD: CVE-2016-6486

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-16-215-02

Trust: 3.5

url:http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-321174.pdf

Trust: 2.3

url:http://www.securityfocus.com/bid/92254

Trust: 1.1

url:http://www.zerodayinitiative.com/advisories/zdi-16-478

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6486

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6486

Trust: 0.8

url:http://support.automation.siemens.com/ww/llisapi.dll?func=cslib.csinfo&lang=de&siteid=cseus&aktprim=0&extranet=standard&viewreg=ww&objid=35228013&treelang=de

Trust: 0.3

url:http://www.zerodayinitiative.com/advisories/zdi-16-478/

Trust: 0.3

sources: ZDI: ZDI-16-478 // CNVD: CNVD-2016-05875 // VULHUB: VHN-95306 // BID: 92254 // JVNDB: JVNDB-2016-004392 // CNNVD: CNNVD-201608-182 // NVD: CVE-2016-6486

CREDITS

rgod

Trust: 0.7

sources: ZDI: ZDI-16-478

SOURCES

db:IVDid:6111775d-5371-436c-8bcc-4bf046090b10
db:ZDIid:ZDI-16-478
db:CNVDid:CNVD-2016-05875
db:VULHUBid:VHN-95306
db:BIDid:92254
db:JVNDBid:JVNDB-2016-004392
db:CNNVDid:CNNVD-201608-182
db:NVDid:CVE-2016-6486

LAST UPDATE DATE

2024-11-23T22:22:44.487000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-16-478date:2016-08-17T00:00:00
db:CNVDid:CNVD-2016-05875date:2016-08-03T00:00:00
db:VULHUBid:VHN-95306date:2016-11-28T00:00:00
db:BIDid:92254date:2016-08-18T13:00:00
db:JVNDBid:JVNDB-2016-004392date:2016-08-19T00:00:00
db:CNNVDid:CNNVD-201608-182date:2016-08-08T00:00:00
db:NVDid:CVE-2016-6486date:2024-11-21T02:56:12.937

SOURCES RELEASE DATE

db:IVDid:6111775d-5371-436c-8bcc-4bf046090b10date:2016-08-03T00:00:00
db:ZDIid:ZDI-16-478date:2016-08-17T00:00:00
db:CNVDid:CNVD-2016-05875date:2016-08-03T00:00:00
db:VULHUBid:VHN-95306date:2016-08-08T00:00:00
db:BIDid:92254date:2016-08-02T00:00:00
db:JVNDBid:JVNDB-2016-004392date:2016-08-19T00:00:00
db:CNNVDid:CNNVD-201608-182date:2016-08-08T00:00:00
db:NVDid:CVE-2016-6486date:2016-08-08T00:59:12.907