ID

VAR-201612-0420


CVE

CVE-2016-9160


TITLE

SIEMENS SIMATIC WinCC and SIEMENS SIMATIC PCS 7 In ActiveX Vulnerability that can crash components

Trust: 0.8

sources: JVNDB: JVNDB-2016-006500

DESCRIPTION

A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC V7.2) and SIEMENS SIMATIC PCS 7 (All versions < SIMATIC PCS 7 V8.0 SP1) could allow a remote attacker to crash an ActiveX component or leak parts of the application memory if a user is tricked into clicking on a malicious link under certain conditions. Siemens SIMATIC WinCC and SIMATIC PCS 7 are industrial automation products from Siemens AG, Germany. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC. A security bypass vulnerability exists in versions prior to SIMATIC WinCC 7.2 and in versions prior to SIMATIC PCS 7 8.0 SP1. An attacker could exploit this vulnerability to execute ActiveX components. Attackers can exploit this issue to obtain sensitive information or cause denial-of-service condition

Trust: 2.7

sources: NVD: CVE-2016-9160 // JVNDB: JVNDB-2016-006500 // CNVD: CNVD-2016-12696 // BID: 94825 // IVD: f04157cb-edf5-490c-9e17-39c08ea58fa8 // VULHUB: VHN-97980

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: f04157cb-edf5-490c-9e17-39c08ea58fa8 // CNVD: CNVD-2016-12696

AFFECTED PRODUCTS

vendor:siemensmodel:simatic pcs 7scope:lteversion:8.0

Trust: 1.0

vendor:siemensmodel:simatic winccscope:lteversion:7.1

Trust: 1.0

vendor:siemensmodel:simatic pcs 7scope:ltversion:8.0 sp1

Trust: 0.8

vendor:siemensmodel:simatic winccscope:ltversion:7.2

Trust: 0.8

vendor:siemensmodel:winccscope:ltversion:7.2

Trust: 0.6

vendor:siemensmodel:simatic pcs sp1scope:eqversion:7<8.0

Trust: 0.6

vendor:siemensmodel:simatic pcs 7scope:eqversion:8.0

Trust: 0.6

vendor:siemensmodel:simatic winccscope:eqversion:7.1

Trust: 0.6

vendor:siemensmodel:simatic wincc sp3 updscope:eqversion:7.08

Trust: 0.3

vendor:siemensmodel:simatic wincc sp3scope:eqversion:7.0

Trust: 0.3

vendor:siemensmodel:simatic wincc sp2 updscope:eqversion:7.012

Trust: 0.3

vendor:siemensmodel:simatic wincc sp2scope:eqversion:7.0

Trust: 0.3

vendor:siemensmodel:simatic wincc spscope:eqversion:7.03

Trust: 0.3

vendor:siemensmodel:simatic wincc spscope:eqversion:7.02

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:7.0

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:6.2

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:78.0

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:78

Trust: 0.3

vendor:siemensmodel:simatic pcs sp4scope:eqversion:77.1

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:77.1

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:77

Trust: 0.3

vendor:siemensmodel:simatic winccscope:neversion:7.2

Trust: 0.3

vendor:siemensmodel:simatic pcs sp1scope:neversion:78.0

Trust: 0.3

vendor:simatic pcs 7model: - scope:eqversion:*

Trust: 0.2

vendor:simatic winccmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: f04157cb-edf5-490c-9e17-39c08ea58fa8 // CNVD: CNVD-2016-12696 // BID: 94825 // JVNDB: JVNDB-2016-006500 // CNNVD: CNNVD-201612-334 // NVD: CVE-2016-9160

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-9160
value: HIGH

Trust: 1.0

NVD: CVE-2016-9160
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-12696
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201612-334
value: MEDIUM

Trust: 0.6

IVD: f04157cb-edf5-490c-9e17-39c08ea58fa8
value: MEDIUM

Trust: 0.2

VULHUB: VHN-97980
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-9160
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-12696
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: f04157cb-edf5-490c-9e17-39c08ea58fa8
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-97980
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-9160
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: IVD: f04157cb-edf5-490c-9e17-39c08ea58fa8 // CNVD: CNVD-2016-12696 // VULHUB: VHN-97980 // JVNDB: JVNDB-2016-006500 // CNNVD: CNNVD-201612-334 // NVD: CVE-2016-9160

PROBLEMTYPE DATA

problemtype:CWE-254

Trust: 1.9

problemtype:CWE-111

Trust: 1.0

sources: VULHUB: VHN-97980 // JVNDB: JVNDB-2016-006500 // NVD: CVE-2016-9160

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-334

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201612-334

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-006500

PATCH

title:SSA-693129url:http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-693129.pdf

Trust: 0.8

title:Patch for security bypass bugs in SIMATIC WinCC and SIMATIC PCS 7 ActiveX controlsurl:https://www.cnvd.org.cn/patchInfo/show/86164

Trust: 0.6

title:SIMATIC WinCC and SIMATIC PCS 7 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66299

Trust: 0.6

sources: CNVD: CNVD-2016-12696 // JVNDB: JVNDB-2016-006500 // CNNVD: CNNVD-201612-334

EXTERNAL IDS

db:NVDid:CVE-2016-9160

Trust: 3.6

db:BIDid:94825

Trust: 2.6

db:ICS CERTid:ICSA-16-348-04

Trust: 2.2

db:SIEMENSid:SSA-693129

Trust: 2.0

db:SECTRACKid:1037435

Trust: 1.1

db:CNNVDid:CNNVD-201612-334

Trust: 0.9

db:CNVDid:CNVD-2016-12696

Trust: 0.8

db:JVNDBid:JVNDB-2016-006500

Trust: 0.8

db:IVDid:F04157CB-EDF5-490C-9E17-39C08EA58FA8

Trust: 0.2

db:VULHUBid:VHN-97980

Trust: 0.1

sources: IVD: f04157cb-edf5-490c-9e17-39c08ea58fa8 // CNVD: CNVD-2016-12696 // VULHUB: VHN-97980 // BID: 94825 // JVNDB: JVNDB-2016-006500 // CNNVD: CNNVD-201612-334 // NVD: CVE-2016-9160

REFERENCES

url:http://www.securityfocus.com/bid/94825

Trust: 2.3

url:https://ics-cert.us-cert.gov/advisories/icsa-16-348-04

Trust: 2.2

url:http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-693129.pdf

Trust: 2.0

url:http://www.securitytracker.com/id/1037435

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9160

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9160

Trust: 0.8

url:http://support.microsoft.com/kb/240797

Trust: 0.3

url:http://www.siemens.com/

Trust: 0.3

sources: CNVD: CNVD-2016-12696 // VULHUB: VHN-97980 // BID: 94825 // JVNDB: JVNDB-2016-006500 // CNNVD: CNNVD-201612-334 // NVD: CVE-2016-9160

CREDITS

Mingzheng Li from Acorn Network Security Lab

Trust: 0.9

sources: BID: 94825 // CNNVD: CNNVD-201612-334

SOURCES

db:IVDid:f04157cb-edf5-490c-9e17-39c08ea58fa8
db:CNVDid:CNVD-2016-12696
db:VULHUBid:VHN-97980
db:BIDid:94825
db:JVNDBid:JVNDB-2016-006500
db:CNNVDid:CNNVD-201612-334
db:NVDid:CVE-2016-9160

LAST UPDATE DATE

2024-08-14T14:39:56.316000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-12696date:2016-12-21T00:00:00
db:VULHUBid:VHN-97980date:2017-07-27T00:00:00
db:BIDid:94825date:2016-12-20T01:09:00
db:JVNDBid:JVNDB-2016-006500date:2017-01-05T00:00:00
db:CNNVDid:CNNVD-201612-334date:2016-12-19T00:00:00
db:NVDid:CVE-2016-9160date:2017-07-27T01:29:06.773

SOURCES RELEASE DATE

db:IVDid:f04157cb-edf5-490c-9e17-39c08ea58fa8date:2016-12-21T00:00:00
db:CNVDid:CNVD-2016-12696date:2016-12-21T00:00:00
db:VULHUBid:VHN-97980date:2016-12-17T00:00:00
db:BIDid:94825date:2016-12-09T00:00:00
db:JVNDBid:JVNDB-2016-006500date:2017-01-05T00:00:00
db:CNNVDid:CNNVD-201612-334date:2016-12-13T00:00:00
db:NVDid:CVE-2016-9160date:2016-12-17T03:59:00.263