ID

VAR-201611-0019


CVE

CVE-2016-8673


TITLE

Siemens SIMATIC CP 343-1 Advanced devices Cross-Site Request Forgery Vulnerability

Trust: 0.8

sources: IVD: be3986e8-e8db-40fd-b919-49726aae4f2e // CNVD: CNVD-2016-11665

DESCRIPTION

A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server at port 80/TCP or port 443/TCP of the affected devices could allow remote attackers to perform actions with the permissions of an authenticated user, provided the targeted user has an active session and is induced to trigger the malicious request. plural Siemens SIMATIC Product integration Web The server contains a cross-site request forgery vulnerability.A remote attacker could hijack an arbitrary user's authentication. SiemensSIMATICCP343-1Advanceddevices is an Ethernet communication module from Siemens AG to support PROFINET, the next generation of industrial bus technology-based automation bus standard. A cross-site request forgery vulnerability exists in SiemensSIMATICCP343-1Advanceddevices. A successful exploit may allow an attacker to obtain sensitive information, and perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client

Trust: 2.7

sources: NVD: CVE-2016-8673 // JVNDB: JVNDB-2016-005923 // CNVD: CNVD-2016-11665 // BID: 94460 // IVD: be3986e8-e8db-40fd-b919-49726aae4f2e // VULHUB: VHN-97493

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: be3986e8-e8db-40fd-b919-49726aae4f2e // CNVD: CNVD-2016-11665

AFFECTED PRODUCTS

vendor:siemensmodel:simatic s7 300 cpuscope:eqversion: -

Trust: 1.6

vendor:siemensmodel:simatic cp 443-1scope:eqversion: -

Trust: 1.6

vendor:siemensmodel:simatic cp 343-1scope:eqversion: -

Trust: 1.6

vendor:siemensmodel:simatic s7 400 cpuscope:eqversion: -

Trust: 1.6

vendor:siemensmodel:simatic cp 343-1scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic cp 343-1scope:ltversion:3.0.53 (advanced)

Trust: 0.8

vendor:siemensmodel:simatic cp 443-1scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic cp 443-1scope:eqversion:(advanced)

Trust: 0.8

vendor:siemensmodel:simatic s7-300 cpuscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-300 cpuscope:eqversion: -

Trust: 0.8

vendor:siemensmodel:simatic s7-400 cpuscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic s7-400 cpuscope:eqversion: -

Trust: 0.8

vendor:siemensmodel:simatic cp advanced allscope:eqversion:443-1

Trust: 0.6

vendor:siemensmodel:simatic cp advancedscope:eqversion:343-1<3.0.53

Trust: 0.6

vendor:siemensmodel:simatic s7-400 cpuscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic s7-300 cpuscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic cp advancedscope:eqversion:443-10

Trust: 0.3

vendor:siemensmodel:simatic cp advancedscope:eqversion:343-10

Trust: 0.3

vendor:siemensmodel:simatic cp advancedscope:neversion:343-13.0.53

Trust: 0.3

vendor:simatic s7 300 cpumodel: - scope:eqversion: -

Trust: 0.2

vendor:simatic cp 443 1model: - scope:eqversion: -

Trust: 0.2

vendor:simatic cp 343 1model: - scope:eqversion: -

Trust: 0.2

vendor:simatic s7 400 cpumodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: be3986e8-e8db-40fd-b919-49726aae4f2e // CNVD: CNVD-2016-11665 // BID: 94460 // JVNDB: JVNDB-2016-005923 // CNNVD: CNNVD-201611-531 // NVD: CVE-2016-8673

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8673
value: HIGH

Trust: 1.0

NVD: CVE-2016-8673
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-11665
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201611-531
value: HIGH

Trust: 0.6

IVD: be3986e8-e8db-40fd-b919-49726aae4f2e
value: HIGH

Trust: 0.2

VULHUB: VHN-97493
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-8673
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-11665
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: be3986e8-e8db-40fd-b919-49726aae4f2e
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-97493
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8673
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: be3986e8-e8db-40fd-b919-49726aae4f2e // CNVD: CNVD-2016-11665 // VULHUB: VHN-97493 // JVNDB: JVNDB-2016-005923 // CNNVD: CNNVD-201611-531 // NVD: CVE-2016-8673

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-97493 // JVNDB: JVNDB-2016-005923 // NVD: CVE-2016-8673

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-531

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201611-531

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-005923

PATCH

title:SSA-603476url:http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476.pdf

Trust: 0.8

title:SiemensSIMATICCP343-1Advanceddevices patch for cross-site request forgery vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/84156

Trust: 0.6

title:Multiple Siemens Repair measures for product cross-site request forgery vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65866

Trust: 0.6

sources: CNVD: CNVD-2016-11665 // JVNDB: JVNDB-2016-005923 // CNNVD: CNNVD-201611-531

EXTERNAL IDS

db:NVDid:CVE-2016-8673

Trust: 3.6

db:SIEMENSid:SSA-603476

Trust: 2.6

db:ICS CERTid:ICSA-16-327-02

Trust: 1.7

db:CNNVDid:CNNVD-201611-531

Trust: 0.9

db:BIDid:94460

Trust: 0.9

db:CNVDid:CNVD-2016-11665

Trust: 0.8

db:JVNDBid:JVNDB-2016-005923

Trust: 0.8

db:IVDid:BE3986E8-E8DB-40FD-B919-49726AAE4F2E

Trust: 0.2

db:VULHUBid:VHN-97493

Trust: 0.1

sources: IVD: be3986e8-e8db-40fd-b919-49726aae4f2e // CNVD: CNVD-2016-11665 // VULHUB: VHN-97493 // BID: 94460 // JVNDB: JVNDB-2016-005923 // CNNVD: CNNVD-201611-531 // NVD: CVE-2016-8673

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-603476.pdf

Trust: 1.7

url:https://ics-cert.us-cert.gov/advisories/icsa-16-327-02

Trust: 1.1

url:http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476.pdf

Trust: 0.9

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8673

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8673

Trust: 0.8

url:https://www.us-cert.gov/ics/advisories/icsa-16-327-02

Trust: 0.6

url:http://www.siemens.com/

Trust: 0.3

sources: CNVD: CNVD-2016-11665 // VULHUB: VHN-97493 // BID: 94460 // JVNDB: JVNDB-2016-005923 // CNNVD: CNNVD-201611-531 // NVD: CVE-2016-8673

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 94460

SOURCES

db:IVDid:be3986e8-e8db-40fd-b919-49726aae4f2e
db:CNVDid:CNVD-2016-11665
db:VULHUBid:VHN-97493
db:BIDid:94460
db:JVNDBid:JVNDB-2016-005923
db:CNNVDid:CNNVD-201611-531
db:NVDid:CVE-2016-8673

LAST UPDATE DATE

2024-08-14T14:20:43.487000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-11665date:2016-11-30T00:00:00
db:VULHUBid:VHN-97493date:2019-12-12T00:00:00
db:BIDid:94460date:2016-11-24T00:16:00
db:JVNDBid:JVNDB-2016-005923date:2016-11-24T00:00:00
db:CNNVDid:CNNVD-201611-531date:2019-12-27T00:00:00
db:NVDid:CVE-2016-8673date:2019-12-12T19:15:12.827

SOURCES RELEASE DATE

db:IVDid:be3986e8-e8db-40fd-b919-49726aae4f2edate:2016-11-30T00:00:00
db:CNVDid:CNVD-2016-11665date:2016-11-30T00:00:00
db:VULHUBid:VHN-97493date:2016-11-23T00:00:00
db:BIDid:94460date:2016-11-21T00:00:00
db:JVNDBid:JVNDB-2016-005923date:2016-11-24T00:00:00
db:CNNVDid:CNNVD-201611-531date:2016-11-24T00:00:00
db:NVDid:CVE-2016-8673date:2016-11-23T11:59:01.657