ID

VAR-201702-0669


CVE

CVE-2017-2684


TITLE

Siemens SIMATIC Logon Vulnerabilities that bypass application-level authentication

Trust: 0.8

sources: JVNDB: JVNDB-2017-002227

DESCRIPTION

Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication. SIMATIC WinCC, SIMATIC PCS 7, SIMATIC PDM and SIMATIC IT are all industrial automation products from Siemens AG. There is a certification bypass vulnerability in SIEMENS SIMATIC Logon. An attacker could exploit the vulnerability to bypass authentication mechanisms and perform unauthorized operations. This may aid in further attacks. Siemens SIMATIC WinCC, etc. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC. A security vulnerability exists in versions prior to SIMATIC Logon 1.5 SP3 Update 2 in several Siemens SIMATIC products. The following products and versions are affected: Siemens SIMATIC WinCC Version 7.x; SIMATIC WinCC Runtime Professional; SIMATIC PCS 7; SIMATIC PDM; SIMATIC IT

Trust: 2.7

sources: NVD: CVE-2017-2684 // JVNDB: JVNDB-2017-002227 // CNVD: CNVD-2017-01343 // BID: 96208 // IVD: 9bc72032-e004-41ac-bce6-0e6ff85b8945 // VULHUB: VHN-110887

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 9bc72032-e004-41ac-bce6-0e6ff85b8945 // CNVD: CNVD-2017-01343

AFFECTED PRODUCTS

vendor:siemensmodel:simatic logonscope:lteversion:1.5

Trust: 1.0

vendor:siemensmodel:simatic logonscope:ltversion:1.5 sp3 update 2

Trust: 0.8

vendor:siemensmodel:simatic winccscope:eqversion:7.x

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professionalscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic pcsscope:eqversion:7

Trust: 0.6

vendor:siemensmodel:simatic pdmscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic itscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic logonscope:eqversion:1.5

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:eqversion:7.41

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:7.4

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:eqversion:7.32

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:eqversion:7.310

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:eqversion:7.31

Trust: 0.3

vendor:siemensmodel:simatic wincc upd4scope:eqversion:7.3

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:7.3

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:eqversion:7.29

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:eqversion:7.28

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:eqversion:7.21

Trust: 0.3

vendor:siemensmodel:simatic wincc upd4scope:eqversion:7.2

Trust: 0.3

vendor:siemensmodel:simatic wincc upd11scope:eqversion:7.2

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:7.2

Trust: 0.3

vendor:siemensmodel:simatic wincc sp3 updscope:eqversion:7.08

Trust: 0.3

vendor:siemensmodel:simatic wincc sp3scope:eqversion:7.0

Trust: 0.3

vendor:siemensmodel:simatic wincc sp2 updscope:eqversion:7.012

Trust: 0.3

vendor:siemensmodel:simatic wincc sp2scope:eqversion:7.0

Trust: 0.3

vendor:siemensmodel:simatic wincc spscope:eqversion:7.03

Trust: 0.3

vendor:siemensmodel:simatic wincc spscope:eqversion:7.02

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:7.0

Trust: 0.3

vendor:siemensmodel:simatic pdmscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:78.2

Trust: 0.3

vendor:siemensmodel:simatic pcs sp1scope:eqversion:78.1

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:78.1

Trust: 0.3

vendor:siemensmodel:simatic pcs sp1scope:eqversion:78.0

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:78.0

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:78

Trust: 0.3

vendor:siemensmodel:simatic pcs sp4scope:eqversion:77.1

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:77.1

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:77

Trust: 0.3

vendor:siemensmodel:simatic logonscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic itscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic logon sp3 updatescope:neversion:1.52

Trust: 0.3

vendor:simatic logonmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 9bc72032-e004-41ac-bce6-0e6ff85b8945 // CNVD: CNVD-2017-01343 // BID: 96208 // JVNDB: JVNDB-2017-002227 // CNNVD: CNNVD-201702-612 // NVD: CVE-2017-2684

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2684
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-2684
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-01343
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201702-612
value: CRITICAL

Trust: 0.6

IVD: 9bc72032-e004-41ac-bce6-0e6ff85b8945
value: CRITICAL

Trust: 0.2

VULHUB: VHN-110887
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2684
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-01343
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 9bc72032-e004-41ac-bce6-0e6ff85b8945
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-110887
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2684
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 6.0
version: 3.0

Trust: 1.8

sources: IVD: 9bc72032-e004-41ac-bce6-0e6ff85b8945 // CNVD: CNVD-2017-01343 // VULHUB: VHN-110887 // JVNDB: JVNDB-2017-002227 // CNNVD: CNNVD-201702-612 // NVD: CVE-2017-2684

PROBLEMTYPE DATA

problemtype:CWE-592

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-110887 // JVNDB: JVNDB-2017-002227 // NVD: CVE-2017-2684

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-612

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201702-612

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-002227

PATCH

title:SSA-931064url:https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-931064.pdf

Trust: 0.8

title:Patch for SIEMENS SIMATIC Logon Certification Bypass Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/176385

Trust: 0.6

title:Multiple Siemens SIMATIC Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68203

Trust: 0.6

sources: CNVD: CNVD-2017-01343 // JVNDB: JVNDB-2017-002227 // CNNVD: CNNVD-201702-612

EXTERNAL IDS

db:NVDid:CVE-2017-2684

Trust: 3.6

db:SIEMENSid:SSA-931064

Trust: 2.3

db:BIDid:96208

Trust: 2.0

db:ICS CERTid:ICSA-17-045-03

Trust: 1.1

db:CNNVDid:CNNVD-201702-612

Trust: 0.9

db:CNVDid:CNVD-2017-01343

Trust: 0.8

db:JVNDBid:JVNDB-2017-002227

Trust: 0.8

db:IVDid:9BC72032-E004-41AC-BCE6-0E6FF85B8945

Trust: 0.2

db:VULHUBid:VHN-110887

Trust: 0.1

sources: IVD: 9bc72032-e004-41ac-bce6-0e6ff85b8945 // CNVD: CNVD-2017-01343 // VULHUB: VHN-110887 // BID: 96208 // JVNDB: JVNDB-2017-002227 // CNNVD: CNNVD-201702-612 // NVD: CVE-2017-2684

REFERENCES

url:https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-931064.pdf

Trust: 2.3

url:http://www.securityfocus.com/bid/96208

Trust: 1.7

url:https://ics-cert.us-cert.gov/advisories/icsa-17-045-03

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2684

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-2684

Trust: 0.8

url:http://www.siemens.com/cert/en/cert-security-advisories.htm

Trust: 0.6

url:http://www.siemens.com/

Trust: 0.3

sources: CNVD: CNVD-2017-01343 // VULHUB: VHN-110887 // BID: 96208 // JVNDB: JVNDB-2017-002227 // CNNVD: CNNVD-201702-612 // NVD: CVE-2017-2684

CREDITS

The vendor reported the issue.

Trust: 0.3

sources: BID: 96208

SOURCES

db:IVDid:9bc72032-e004-41ac-bce6-0e6ff85b8945
db:CNVDid:CNVD-2017-01343
db:VULHUBid:VHN-110887
db:BIDid:96208
db:JVNDBid:JVNDB-2017-002227
db:CNNVDid:CNNVD-201702-612
db:NVDid:CVE-2017-2684

LAST UPDATE DATE

2024-08-14T14:05:55.036000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-01343date:2019-08-22T00:00:00
db:VULHUBid:VHN-110887date:2019-10-09T00:00:00
db:BIDid:96208date:2017-03-07T04:02:00
db:JVNDBid:JVNDB-2017-002227date:2017-09-11T00:00:00
db:CNNVDid:CNNVD-201702-612date:2019-10-17T00:00:00
db:NVDid:CVE-2017-2684date:2019-10-09T23:27:06.587

SOURCES RELEASE DATE

db:IVDid:9bc72032-e004-41ac-bce6-0e6ff85b8945date:2017-02-14T00:00:00
db:CNVDid:CNVD-2017-01343date:2017-02-14T00:00:00
db:VULHUBid:VHN-110887date:2017-02-22T00:00:00
db:BIDid:96208date:2017-02-14T00:00:00
db:JVNDBid:JVNDB-2017-002227date:2017-04-05T00:00:00
db:CNNVDid:CNNVD-201702-612date:2017-02-20T00:00:00
db:NVDid:CVE-2017-2684date:2017-02-22T02:59:00.153