Details of VAR-201705-3974

ID

VAR-201705-3974

CVE

CVE-2017-6867

TITLE

plural Siemens SIMATIC Vulnerability that can crash services in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-004058

DESCRIPTION

A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the "administrators" group to crash services by sending specially crafted messages to the DCOM interface. Siemens SIMATIC WinCC and SIMATIC WinCC Runtime Professional are industrial automation products from Siemens AG. SIMATIC WinCC is a monitoring and data acquisition (SCADA) system. SIMATIC WinCC Runtime Professional is the control and monitoring of the operator's visual runtime platform machines and equipment. Multiple SIMATIC WinCC Products are prone to a denial-of-service vulnerability. The following products are vulnerable: SIMATIC WinCC 7.3 versions prior to 7.3 Update 11 SIMATIC WinCC 7.4 versions prior to 7.4 SP1 SIMATIC WinCC Runtime Professional 13 versions prior to 13 SP2 SIMATIC WinCC Runtime Professional 14 versions prior to 14 SP1 SIMATIC WinCC (TIA Portal) Professional 13 versions prior to 13 SP2 SIMATIC WinCC (TIA Portal) Professional 14 versions prior to 14 SP1. Siemens SIMATIC WinCC, etc. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC. Security vulnerabilities exist in several Siemens products

Trust: 2.7

sources: NVD: CVE-2017-6867 // JVNDB: JVNDB-2017-004058 // CNVD: CNVD-2017-06154 // BID: 98368 // IVD: 81c5d14f-8537-4b60-aa16-b99aec0c6e39 // VULHUB: VHN-115070

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 81c5d14f-8537-4b60-aa16-b99aec0c6e39 // CNVD: CNVD-2017-06154

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic wincc	scope:	eq	version:	7.4	Trust: 1.9
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	7.3	Trust: 1.9
vendor:	siemens	model:	simatic wincc \	scope:	eq	version:	13	Trust: 1.6
vendor:	siemens	model:	simatic wincc runtime	scope:	eq	version:	13	Trust: 1.6
vendor:	siemens	model:	simatic wincc \	scope:	eq	version:	14	Trust: 1.6
vendor:	siemens	model:	simatic wincc runtime	scope:	eq	version:	14	Trust: 1.6
vendor:	siemens	model:	simatic wincc runtime professional	scope:	eq	version:	14 sp1	Trust: 0.8
vendor:	siemens	model:	simatic wincc	scope:	lt	version:	13	Trust: 0.8
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	7.3 update 11	Trust: 0.8
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	7.4 sp1	Trust: 0.8
vendor:	siemens	model:	simatic wincc	scope:	lt	version:	7.3	Trust: 0.8
vendor:	siemens	model:	simatic wincc runtime professional	scope:	lt	version:	13	Trust: 0.8
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	14 sp1	Trust: 0.8
vendor:	siemens	model:	simatic wincc runtime professional	scope:	eq	version:	13 sp2	Trust: 0.8
vendor:	siemens	model:	simatic wincc	scope:	lt	version:	7.4	Trust: 0.8
vendor:	siemens	model:	simatic wincc	scope:	lt	version:	14	Trust: 0.8
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	13 sp2	Trust: 0.8
vendor:	siemens	model:	simatic wincc runtime professional	scope:	lt	version:	14	Trust: 0.8
vendor:	siemens	model:	simatic wincc upd	scope:	lt	version:	v7.311	Trust: 0.6
vendor:	siemens	model:	simatic wincc sp1	scope:	lt	version:	v7.4	Trust: 0.6
vendor:	siemens	model:	simatic wincc runtime professional sp2	scope:	lt	version:	v13	Trust: 0.6
vendor:	siemens	model:	simatic wincc runtime professional sp1	scope:	lt	version:	v14	Trust: 0.6
vendor:	siemens	model:	simatic wincc professional sp2	scope:	lt	version:	v13	Trust: 0.6
vendor:	siemens	model:	simatic wincc professional sp1	scope:	lt	version:	v14	Trust: 0.6
vendor:	siemens	model:	simatic wincc runtime professional	scope:	eq	version:	14	Trust: 0.3
vendor:	siemens	model:	simatic wincc runtime professional	scope:	eq	version:	13	Trust: 0.3
vendor:	siemens	model:	simatic wincc professional	scope:	eq	version:	14	Trust: 0.3
vendor:	siemens	model:	simatic wincc professional	scope:	eq	version:	13	Trust: 0.3
vendor:	siemens	model:	simatic wincc update	scope:	eq	version:	7.32	Trust: 0.3
vendor:	siemens	model:	simatic wincc update	scope:	eq	version:	7.310	Trust: 0.3
vendor:	siemens	model:	simatic wincc update	scope:	eq	version:	7.31	Trust: 0.3
vendor:	siemens	model:	simatic wincc runtime professional sp1	scope:	ne	version:	14	Trust: 0.3
vendor:	siemens	model:	simatic wincc runtime professional sp2	scope:	ne	version:	13	Trust: 0.3
vendor:	siemens	model:	simatic wincc professional sp1	scope:	ne	version:	14	Trust: 0.3
vendor:	siemens	model:	simatic wincc professional sp2	scope:	ne	version:	13	Trust: 0.3
vendor:	siemens	model:	simatic wincc sp1	scope:	ne	version:	7.4	Trust: 0.3
vendor:	siemens	model:	simatic wincc update	scope:	ne	version:	7.311	Trust: 0.3
vendor:	simatic wincc	model:	-	scope:	eq	version:	7.3	Trust: 0.2
vendor:	simatic wincc	model:	-	scope:	eq	version:	7.4	Trust: 0.2
vendor:	simatic wincc tia portal	model:	-	scope:	eq	version:	13	Trust: 0.2
vendor:	simatic wincc tia portal	model:	-	scope:	eq	version:	14	Trust: 0.2
vendor:	simatic wincc runtime	model:	-	scope:	eq	version:	13	Trust: 0.2
vendor:	simatic wincc runtime	model:	-	scope:	eq	version:	14	Trust: 0.2

sources: IVD: 81c5d14f-8537-4b60-aa16-b99aec0c6e39 // CNVD: CNVD-2017-06154 // BID: 98368 // JVNDB: JVNDB-2017-004058 // CNNVD: CNNVD-201703-630 // NVD: CVE-2017-6867

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6867
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-6867
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-06154
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201703-630
value:	MEDIUM
Trust: 0.6
IVD:	81c5d14f-8537-4b60-aa16-b99aec0c6e39
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-115070
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6867
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-06154
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	81c5d14f-8537-4b60-aa16-b99aec0c6e39
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-115070
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6867
baseSeverity:	MEDIUM
baseScore:	4.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: IVD: 81c5d14f-8537-4b60-aa16-b99aec0c6e39 // CNVD: CNVD-2017-06154 // VULHUB: VHN-115070 // JVNDB: JVNDB-2017-004058 // CNNVD: CNNVD-201703-630 // NVD: CVE-2017-6867

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-787	Trust: 1.0

sources: VULHUB: VHN-115070 // JVNDB: JVNDB-2017-004058 // NVD: CVE-2017-6867

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-630

TYPE

Input validation

Trust: 0.8

sources: IVD: 81c5d14f-8537-4b60-aa16-b99aec0c6e39 // CNNVD: CNNVD-201703-630

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004058

PATCH

title:	SSA-156872	url:	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf	Trust: 0.8
title:	Patch for Siemens SIMATIC WinCC and SIMATIC WinCC Runtime Professional Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/176383	Trust: 0.6

sources: CNVD: CNVD-2017-06154 // JVNDB: JVNDB-2017-004058

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6867	Trust: 3.6
db:	SIEMENS	id:	SSA-156872	Trust: 2.3
db:	BID	id:	98368	Trust: 2.0
db:	SIEMENS	id:	SSA-523365	Trust: 1.1
db:	CNNVD	id:	CNNVD-201703-630	Trust: 0.9
db:	CNVD	id:	CNVD-2017-06154	Trust: 0.8
db:	ICS CERT	id:	ICSA-17-306-01	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-004058	Trust: 0.8
db:	ICS CERT	id:	ICSA-17-129-03	Trust: 0.3
db:	IVD	id:	81C5D14F-8537-4B60-AA16-B99AEC0C6E39	Trust: 0.2
db:	VULHUB	id:	VHN-115070	Trust: 0.1

sources: IVD: 81c5d14f-8537-4b60-aa16-b99aec0c6e39 // CNVD: CNVD-2017-06154 // VULHUB: VHN-115070 // BID: 98368 // JVNDB: JVNDB-2017-004058 // CNNVD: CNNVD-201703-630 // NVD: CVE-2017-6867

REFERENCES

url:	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf	Trust: 2.3
url:	http://www.securityfocus.com/bid/98368	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6867	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-306-01	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6867	Trust: 0.8
url:	http://www.siemens.com/cert/en/cert-security-advisories.htm	Trust: 0.6
url:	http://www.siemens.com/	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-129-03	Trust: 0.3

sources: CNVD: CNVD-2017-06154 // VULHUB: VHN-115070 // BID: 98368 // JVNDB: JVNDB-2017-004058 // CNNVD: CNNVD-201703-630 // NVD: CVE-2017-6867

CREDITS

Sergey Temnikov and Vladimir Dashchenko of the Kaspersky Lab Critical Infrastructure Defense Team

Trust: 0.3

sources: BID: 98368

SOURCES

db:	IVD	id:	81c5d14f-8537-4b60-aa16-b99aec0c6e39
db:	CNVD	id:	CNVD-2017-06154
db:	VULHUB	id:	VHN-115070
db:	BID	id:	98368
db:	JVNDB	id:	JVNDB-2017-004058
db:	CNNVD	id:	CNNVD-201703-630
db:	NVD	id:	CVE-2017-6867

LAST UPDATE DATE

2024-08-14T13:56:21.126000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-06154	date:	2019-08-22T00:00:00
db:	VULHUB	id:	VHN-115070	date:	2018-06-14T00:00:00
db:	BID	id:	98368	date:	2017-05-23T16:23:00
db:	JVNDB	id:	JVNDB-2017-004058	date:	2018-06-13T00:00:00
db:	CNNVD	id:	CNNVD-201703-630	date:	2017-05-31T00:00:00
db:	NVD	id:	CVE-2017-6867	date:	2018-06-14T01:29:31.133

SOURCES RELEASE DATE

db:	IVD	id:	81c5d14f-8537-4b60-aa16-b99aec0c6e39	date:	2017-05-09T00:00:00
db:	CNVD	id:	CNVD-2017-06154	date:	2017-05-09T00:00:00
db:	VULHUB	id:	VHN-115070	date:	2017-05-11T00:00:00
db:	BID	id:	98368	date:	2017-05-09T00:00:00
db:	JVNDB	id:	JVNDB-2017-004058	date:	2017-06-15T00:00:00
db:	CNNVD	id:	CNNVD-201703-630	date:	2017-03-16T00:00:00
db:	NVD	id:	CVE-2017-6867	date:	2017-05-11T10:29:00.260