Details of VAR-201611-0019

ID

VAR-201611-0019

CVE

CVE-2016-8673

TITLE

Siemens SIMATIC CP 343-1 Advanced devices Cross-Site Request Forgery Vulnerability

Trust: 0.8

sources: IVD: be3986e8-e8db-40fd-b919-49726aae4f2e // CNVD: CNVD-2016-11665

DESCRIPTION

A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.0.53), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variant) (All versions < V3.2.17), SIMATIC S7-300 PN/DP CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP CPU family (incl. SIPLUS variants) (All versions). The integrated web server at port 80/TCP or port 443/TCP of the affected devices could allow remote attackers to perform actions with the permissions of an authenticated user, provided the targeted user has an active session and is induced to trigger the malicious request. plural Siemens SIMATIC Product integration Web The server contains a cross-site request forgery vulnerability.A remote attacker could hijack an arbitrary user's authentication. SiemensSIMATICCP343-1Advanceddevices is an Ethernet communication module from Siemens AG to support PROFINET, the next generation of industrial bus technology-based automation bus standard. A cross-site request forgery vulnerability exists in SiemensSIMATICCP343-1Advanceddevices. A successful exploit may allow an attacker to obtain sensitive information, and perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client

Trust: 2.7

sources: NVD: CVE-2016-8673 // JVNDB: JVNDB-2016-005923 // CNVD: CNVD-2016-11665 // BID: 94460 // IVD: be3986e8-e8db-40fd-b919-49726aae4f2e // VULHUB: VHN-97493

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: be3986e8-e8db-40fd-b919-49726aae4f2e // CNVD: CNVD-2016-11665

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic s7 300 cpu	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	simatic cp 443-1	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	simatic cp 343-1	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	simatic s7 400 cpu	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	simatic cp 343-1	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic cp 343-1	scope:	lt	version:	3.0.53 (advanced)	Trust: 0.8
vendor:	siemens	model:	simatic cp 443-1	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic cp 443-1	scope:	eq	version:	(advanced)	Trust: 0.8
vendor:	siemens	model:	simatic s7-300 cpu	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-300 cpu	scope:	eq	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-400 cpu	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-400 cpu	scope:	eq	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic cp advanced all	scope:	eq	version:	443-1	Trust: 0.6
vendor:	siemens	model:	simatic cp advanced	scope:	eq	version:	343-1<3.0.53	Trust: 0.6
vendor:	siemens	model:	simatic s7-400 cpu	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	simatic s7-300 cpu	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	simatic cp advanced	scope:	eq	version:	443-10	Trust: 0.3
vendor:	siemens	model:	simatic cp advanced	scope:	eq	version:	343-10	Trust: 0.3
vendor:	siemens	model:	simatic cp advanced	scope:	ne	version:	343-13.0.53	Trust: 0.3
vendor:	simatic s7 300 cpu	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	simatic cp 443 1	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	simatic cp 343 1	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	simatic s7 400 cpu	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: be3986e8-e8db-40fd-b919-49726aae4f2e // CNVD: CNVD-2016-11665 // BID: 94460 // JVNDB: JVNDB-2016-005923 // CNNVD: CNNVD-201611-531 // NVD: CVE-2016-8673

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-8673
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-8673
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-11665
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201611-531
value:	HIGH
Trust: 0.6
IVD:	be3986e8-e8db-40fd-b919-49726aae4f2e
value:	HIGH
Trust: 0.2
VULHUB:	VHN-97493
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-8673
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-11665
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	be3986e8-e8db-40fd-b919-49726aae4f2e
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-97493
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-8673
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: be3986e8-e8db-40fd-b919-49726aae4f2e // CNVD: CNVD-2016-11665 // VULHUB: VHN-97493 // JVNDB: JVNDB-2016-005923 // CNNVD: CNNVD-201611-531 // NVD: CVE-2016-8673

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-97493 // JVNDB: JVNDB-2016-005923 // NVD: CVE-2016-8673

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-531

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201611-531

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-005923

PATCH

title:	SSA-603476	url:	http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476.pdf	Trust: 0.8
title:	SiemensSIMATICCP343-1Advanceddevices patch for cross-site request forgery vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/84156	Trust: 0.6
title:	Multiple Siemens Repair measures for product cross-site request forgery vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65866	Trust: 0.6

sources: CNVD: CNVD-2016-11665 // JVNDB: JVNDB-2016-005923 // CNNVD: CNNVD-201611-531

EXTERNAL IDS

db:	NVD	id:	CVE-2016-8673	Trust: 3.6
db:	SIEMENS	id:	SSA-603476	Trust: 2.6
db:	ICS CERT	id:	ICSA-16-327-02	Trust: 1.7
db:	CNNVD	id:	CNNVD-201611-531	Trust: 0.9
db:	BID	id:	94460	Trust: 0.9
db:	CNVD	id:	CNVD-2016-11665	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-005923	Trust: 0.8
db:	IVD	id:	BE3986E8-E8DB-40FD-B919-49726AAE4F2E	Trust: 0.2
db:	VULHUB	id:	VHN-97493	Trust: 0.1

sources: IVD: be3986e8-e8db-40fd-b919-49726aae4f2e // CNVD: CNVD-2016-11665 // VULHUB: VHN-97493 // BID: 94460 // JVNDB: JVNDB-2016-005923 // CNNVD: CNNVD-201611-531 // NVD: CVE-2016-8673

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-603476.pdf	Trust: 1.7
url:	https://ics-cert.us-cert.gov/advisories/icsa-16-327-02	Trust: 1.1
url:	http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-603476.pdf	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8673	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8673	Trust: 0.8
url:	https://www.us-cert.gov/ics/advisories/icsa-16-327-02	Trust: 0.6
url:	http://www.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2016-11665 // VULHUB: VHN-97493 // BID: 94460 // JVNDB: JVNDB-2016-005923 // CNNVD: CNNVD-201611-531 // NVD: CVE-2016-8673

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 94460

SOURCES

db:	IVD	id:	be3986e8-e8db-40fd-b919-49726aae4f2e
db:	CNVD	id:	CNVD-2016-11665
db:	VULHUB	id:	VHN-97493
db:	BID	id:	94460
db:	JVNDB	id:	JVNDB-2016-005923
db:	CNNVD	id:	CNNVD-201611-531
db:	NVD	id:	CVE-2016-8673

LAST UPDATE DATE

2024-08-14T14:20:43.487000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-11665	date:	2016-11-30T00:00:00
db:	VULHUB	id:	VHN-97493	date:	2019-12-12T00:00:00
db:	BID	id:	94460	date:	2016-11-24T00:16:00
db:	JVNDB	id:	JVNDB-2016-005923	date:	2016-11-24T00:00:00
db:	CNNVD	id:	CNNVD-201611-531	date:	2019-12-27T00:00:00
db:	NVD	id:	CVE-2016-8673	date:	2019-12-12T19:15:12.827

SOURCES RELEASE DATE

db:	IVD	id:	be3986e8-e8db-40fd-b919-49726aae4f2e	date:	2016-11-30T00:00:00
db:	CNVD	id:	CNVD-2016-11665	date:	2016-11-30T00:00:00
db:	VULHUB	id:	VHN-97493	date:	2016-11-23T00:00:00
db:	BID	id:	94460	date:	2016-11-21T00:00:00
db:	JVNDB	id:	JVNDB-2016-005923	date:	2016-11-24T00:00:00
db:	CNNVD	id:	CNNVD-201611-531	date:	2016-11-24T00:00:00
db:	NVD	id:	CVE-2016-8673	date:	2016-11-23T11:59:01.657