Details of VAR-201612-0419

ID

VAR-201612-0419

CVE

CVE-2016-9159

TITLE

SIEMENS SIMATIC S7-300 PN CPU and SIMATIC S7-400 PN CPU In PLC Vulnerability to obtain credentials from

Trust: 0.8

sources: JVNDB: JVNDB-2016-006499

DESCRIPTION

A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices. SIEMENS SIMATIC S7-300 PN CPU and SIMATIC S7-400 PN CPU Has a protection level on the affected system. The SIMATIC S7-300 CPUs and S7-400 CPUs are central processing unit modules for programmable controllers from Siemens AG, Germany. An information disclosure vulnerability exists in the SIMATIC S7-300 CPU and S7-400 CPU. An attacker could exploit the vulnerability to gain access to sensitive information. SIMATIC S7-300 and S7-400 CPUs are prone to remote denial-of-service and information-disclosure vulnerabilities. This vulnerability affects all listed affected products. Siemens SIMATIC S7-400 is a programmable logic controller product used in the field of manufacturing and process automation

Trust: 2.7

sources: NVD: CVE-2016-9159 // JVNDB: JVNDB-2016-006499 // CNVD: CNVD-2016-12694 // BID: 94820 // IVD: 6349d109-6ce3-4f0a-ac08-2da74b024060 // VULHUB: VHN-97979

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 6349d109-6ce3-4f0a-ac08-2da74b024060 // CNVD: CNVD-2016-12694

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic s7-300 cpu	scope:	eq	version:	-	Trust: 2.4
vendor:	siemens	model:	simatic s7-400 cpu	scope:	eq	version:	-	Trust: 2.4
vendor:	siemens	model:	simatic s7-300 cpu 312	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-300 cpu 314	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-300 cpu 315-2 dp	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-300 cpu 315-2 pn/dp	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-300 cpu 317-2 dp	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-300 cpu 317-2 pn/dp	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-300 cpu 319-3 pn/dp	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-400 cpu 412-1	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-400 cpu 412-2	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-400 cpu 412-2 pn	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-400 cpu 414-2	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-400 cpu 414-3	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-400 cpu 414-3 pn/dp	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-400 cpu 416-2	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-400 cpu 416-3	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-400 cpu 416-3 pn/dp	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-400 cpu 416f-2	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-400 cpu 416f-3 pn/dp	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-400 cpu 417-4	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic s7-300 cpu	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic s7-400 cpu	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic s7-400 cpu	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	simatic s7-300 cpu	scope:	eq	version:	0	Trust: 0.3
vendor:	simatic s7 300 cpu	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	simatic s7 400 cpu	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: 6349d109-6ce3-4f0a-ac08-2da74b024060 // CNVD: CNVD-2016-12694 // BID: 94820 // JVNDB: JVNDB-2016-006499 // CNNVD: CNNVD-201612-339 // NVD: CVE-2016-9159

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-9159
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-9159
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-12694
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201612-339
value:	MEDIUM
Trust: 0.6
IVD:	6349d109-6ce3-4f0a-ac08-2da74b024060
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-97979
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-9159
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-12694
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	6349d109-6ce3-4f0a-ac08-2da74b024060
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-97979
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-9159
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: IVD: 6349d109-6ce3-4f0a-ac08-2da74b024060 // CNVD: CNVD-2016-12694 // VULHUB: VHN-97979 // JVNDB: JVNDB-2016-006499 // CNNVD: CNNVD-201612-339 // NVD: CVE-2016-9159

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-97979 // JVNDB: JVNDB-2016-006499 // NVD: CVE-2016-9159

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-339

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201612-339

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-006499

PATCH

title:	SSA-731239	url:	http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf	Trust: 0.8
title:	Patch for SIMATIC S7-300 and S7-400 CPU Information Disclosure Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/86182	Trust: 0.6
title:	SIMATIC S7-300 and S7-400 CPU Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66375	Trust: 0.6

sources: CNVD: CNVD-2016-12694 // JVNDB: JVNDB-2016-006499 // CNNVD: CNNVD-201612-339

EXTERNAL IDS

db:	NVD	id:	CVE-2016-9159	Trust: 3.6
db:	ICS CERT	id:	ICSA-16-348-05	Trust: 2.8
db:	BID	id:	94820	Trust: 2.6
db:	SIEMENS	id:	SSA-731239	Trust: 2.0
db:	SECTRACK	id:	1037434	Trust: 1.7
db:	CNNVD	id:	CNNVD-201612-339	Trust: 0.9
db:	CNVD	id:	CNVD-2016-12694	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-006499	Trust: 0.8
db:	IVD	id:	6349D109-6CE3-4F0A-AC08-2DA74B024060	Trust: 0.2
db:	VULHUB	id:	VHN-97979	Trust: 0.1

sources: IVD: 6349d109-6ce3-4f0a-ac08-2da74b024060 // CNVD: CNVD-2016-12694 // VULHUB: VHN-97979 // BID: 94820 // JVNDB: JVNDB-2016-006499 // CNNVD: CNNVD-201612-339 // NVD: CVE-2016-9159

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-348-05	Trust: 2.8
url:	http://www.securityfocus.com/bid/94820	Trust: 2.3
url:	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-731239.pdf	Trust: 2.0
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-731239.pdf	Trust: 1.7
url:	http://www.securitytracker.com/id/1037434	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9159	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9159	Trust: 0.8
url:	https://www.us-cert.gov/ics/advisories/icsa-16-348-05	Trust: 0.6
url:	http://www.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2016-12694 // VULHUB: VHN-97979 // BID: 94820 // JVNDB: JVNDB-2016-006499 // CNNVD: CNNVD-201612-339 // NVD: CVE-2016-9159

CREDITS

Zhu WenZhe from Beijing Acorn Network Technology Co

Trust: 0.9

sources: BID: 94820 // CNNVD: CNNVD-201612-339

SOURCES

db:	IVD	id:	6349d109-6ce3-4f0a-ac08-2da74b024060
db:	CNVD	id:	CNVD-2016-12694
db:	VULHUB	id:	VHN-97979
db:	BID	id:	94820
db:	JVNDB	id:	JVNDB-2016-006499
db:	CNNVD	id:	CNNVD-201612-339
db:	NVD	id:	CVE-2016-9159

LAST UPDATE DATE

2024-08-14T13:57:06.918000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-12694	date:	2016-12-21T00:00:00
db:	VULHUB	id:	VHN-97979	date:	2020-03-10T00:00:00
db:	BID	id:	94820	date:	2016-12-20T00:09:00
db:	JVNDB	id:	JVNDB-2016-006499	date:	2017-01-05T00:00:00
db:	CNNVD	id:	CNNVD-201612-339	date:	2020-05-11T00:00:00
db:	NVD	id:	CVE-2016-9159	date:	2020-03-10T20:15:12.087

SOURCES RELEASE DATE

db:	IVD	id:	6349d109-6ce3-4f0a-ac08-2da74b024060	date:	2016-12-21T00:00:00
db:	CNVD	id:	CNVD-2016-12694	date:	2016-12-21T00:00:00
db:	VULHUB	id:	VHN-97979	date:	2016-12-17T00:00:00
db:	BID	id:	94820	date:	2016-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2016-006499	date:	2017-01-05T00:00:00
db:	CNNVD	id:	CNNVD-201612-339	date:	2016-12-13T00:00:00
db:	NVD	id:	CVE-2016-9159	date:	2016-12-17T03:59:00.233