ID

VAR-201705-3974


CVE

CVE-2017-6867


TITLE

plural Siemens SIMATIC Vulnerability that can crash services in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-004058

DESCRIPTION

A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the "administrators" group to crash services by sending specially crafted messages to the DCOM interface. Siemens SIMATIC WinCC and SIMATIC WinCC Runtime Professional are industrial automation products from Siemens AG. SIMATIC WinCC is a monitoring and data acquisition (SCADA) system. SIMATIC WinCC Runtime Professional is the control and monitoring of the operator's visual runtime platform machines and equipment. Multiple SIMATIC WinCC Products are prone to a denial-of-service vulnerability. The following products are vulnerable: SIMATIC WinCC 7.3 versions prior to 7.3 Update 11 SIMATIC WinCC 7.4 versions prior to 7.4 SP1 SIMATIC WinCC Runtime Professional 13 versions prior to 13 SP2 SIMATIC WinCC Runtime Professional 14 versions prior to 14 SP1 SIMATIC WinCC (TIA Portal) Professional 13 versions prior to 13 SP2 SIMATIC WinCC (TIA Portal) Professional 14 versions prior to 14 SP1. Siemens SIMATIC WinCC, etc. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC. Security vulnerabilities exist in several Siemens products

Trust: 2.7

sources: NVD: CVE-2017-6867 // JVNDB: JVNDB-2017-004058 // CNVD: CNVD-2017-06154 // BID: 98368 // IVD: 81c5d14f-8537-4b60-aa16-b99aec0c6e39 // VULHUB: VHN-115070

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 81c5d14f-8537-4b60-aa16-b99aec0c6e39 // CNVD: CNVD-2017-06154

AFFECTED PRODUCTS

vendor:siemensmodel:simatic winccscope:eqversion:7.4

Trust: 1.9

vendor:siemensmodel:simatic winccscope:eqversion:7.3

Trust: 1.9

vendor:siemensmodel:simatic wincc \scope:eqversion:13

Trust: 1.6

vendor:siemensmodel:simatic wincc runtimescope:eqversion:13

Trust: 1.6

vendor:siemensmodel:simatic wincc \scope:eqversion:14

Trust: 1.6

vendor:siemensmodel:simatic wincc runtimescope:eqversion:14

Trust: 1.6

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:14 sp1

Trust: 0.8

vendor:siemensmodel:simatic winccscope:ltversion:13

Trust: 0.8

vendor:siemensmodel:simatic winccscope:eqversion:7.3 update 11

Trust: 0.8

vendor:siemensmodel:simatic winccscope:eqversion:7.4 sp1

Trust: 0.8

vendor:siemensmodel:simatic winccscope:ltversion:7.3

Trust: 0.8

vendor:siemensmodel:simatic wincc runtime professionalscope:ltversion:13

Trust: 0.8

vendor:siemensmodel:simatic winccscope:eqversion:14 sp1

Trust: 0.8

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:13 sp2

Trust: 0.8

vendor:siemensmodel:simatic winccscope:ltversion:7.4

Trust: 0.8

vendor:siemensmodel:simatic winccscope:ltversion:14

Trust: 0.8

vendor:siemensmodel:simatic winccscope:eqversion:13 sp2

Trust: 0.8

vendor:siemensmodel:simatic wincc runtime professionalscope:ltversion:14

Trust: 0.8

vendor:siemensmodel:simatic wincc updscope:ltversion:v7.311

Trust: 0.6

vendor:siemensmodel:simatic wincc sp1scope:ltversion:v7.4

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professional sp2scope:ltversion:v13

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professional sp1scope:ltversion:v14

Trust: 0.6

vendor:siemensmodel:simatic wincc professional sp2scope:ltversion:v13

Trust: 0.6

vendor:siemensmodel:simatic wincc professional sp1scope:ltversion:v14

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:14

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:13

Trust: 0.3

vendor:siemensmodel:simatic wincc professionalscope:eqversion:14

Trust: 0.3

vendor:siemensmodel:simatic wincc professionalscope:eqversion:13

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:eqversion:7.32

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:eqversion:7.310

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:eqversion:7.31

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime professional sp1scope:neversion:14

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime professional sp2scope:neversion:13

Trust: 0.3

vendor:siemensmodel:simatic wincc professional sp1scope:neversion:14

Trust: 0.3

vendor:siemensmodel:simatic wincc professional sp2scope:neversion:13

Trust: 0.3

vendor:siemensmodel:simatic wincc sp1scope:neversion:7.4

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:neversion:7.311

Trust: 0.3

vendor:simatic winccmodel: - scope:eqversion:7.3

Trust: 0.2

vendor:simatic winccmodel: - scope:eqversion:7.4

Trust: 0.2

vendor:simatic wincc tia portalmodel: - scope:eqversion:13

Trust: 0.2

vendor:simatic wincc tia portalmodel: - scope:eqversion:14

Trust: 0.2

vendor:simatic wincc runtimemodel: - scope:eqversion:13

Trust: 0.2

vendor:simatic wincc runtimemodel: - scope:eqversion:14

Trust: 0.2

sources: IVD: 81c5d14f-8537-4b60-aa16-b99aec0c6e39 // CNVD: CNVD-2017-06154 // BID: 98368 // JVNDB: JVNDB-2017-004058 // CNNVD: CNNVD-201703-630 // NVD: CVE-2017-6867

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6867
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6867
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-06154
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201703-630
value: MEDIUM

Trust: 0.6

IVD: 81c5d14f-8537-4b60-aa16-b99aec0c6e39
value: MEDIUM

Trust: 0.2

VULHUB: VHN-115070
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6867
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-06154
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 81c5d14f-8537-4b60-aa16-b99aec0c6e39
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-115070
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6867
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: 81c5d14f-8537-4b60-aa16-b99aec0c6e39 // CNVD: CNVD-2017-06154 // VULHUB: VHN-115070 // JVNDB: JVNDB-2017-004058 // CNNVD: CNNVD-201703-630 // NVD: CVE-2017-6867

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-787

Trust: 1.0

sources: VULHUB: VHN-115070 // JVNDB: JVNDB-2017-004058 // NVD: CVE-2017-6867

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-630

TYPE

Input validation

Trust: 0.8

sources: IVD: 81c5d14f-8537-4b60-aa16-b99aec0c6e39 // CNNVD: CNNVD-201703-630

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004058

PATCH

title:SSA-156872url:https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf

Trust: 0.8

title:Patch for Siemens SIMATIC WinCC and SIMATIC WinCC Runtime Professional Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/176383

Trust: 0.6

sources: CNVD: CNVD-2017-06154 // JVNDB: JVNDB-2017-004058

EXTERNAL IDS

db:NVDid:CVE-2017-6867

Trust: 3.6

db:SIEMENSid:SSA-156872

Trust: 2.3

db:BIDid:98368

Trust: 2.0

db:SIEMENSid:SSA-523365

Trust: 1.1

db:CNNVDid:CNNVD-201703-630

Trust: 0.9

db:CNVDid:CNVD-2017-06154

Trust: 0.8

db:ICS CERTid:ICSA-17-306-01

Trust: 0.8

db:JVNDBid:JVNDB-2017-004058

Trust: 0.8

db:ICS CERTid:ICSA-17-129-03

Trust: 0.3

db:IVDid:81C5D14F-8537-4B60-AA16-B99AEC0C6E39

Trust: 0.2

db:VULHUBid:VHN-115070

Trust: 0.1

sources: IVD: 81c5d14f-8537-4b60-aa16-b99aec0c6e39 // CNVD: CNVD-2017-06154 // VULHUB: VHN-115070 // BID: 98368 // JVNDB: JVNDB-2017-004058 // CNNVD: CNNVD-201703-630 // NVD: CVE-2017-6867

REFERENCES

url:https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-156872.pdf

Trust: 2.3

url:http://www.securityfocus.com/bid/98368

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-523365.pdf

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6867

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-17-306-01

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-6867

Trust: 0.8

url:http://www.siemens.com/cert/en/cert-security-advisories.htm

Trust: 0.6

url:http://www.siemens.com/

Trust: 0.3

url:https://ics-cert.us-cert.gov/advisories/icsa-17-129-03

Trust: 0.3

sources: CNVD: CNVD-2017-06154 // VULHUB: VHN-115070 // BID: 98368 // JVNDB: JVNDB-2017-004058 // CNNVD: CNNVD-201703-630 // NVD: CVE-2017-6867

CREDITS

Sergey Temnikov and Vladimir Dashchenko of the Kaspersky Lab Critical Infrastructure Defense Team

Trust: 0.3

sources: BID: 98368

SOURCES

db:IVDid:81c5d14f-8537-4b60-aa16-b99aec0c6e39
db:CNVDid:CNVD-2017-06154
db:VULHUBid:VHN-115070
db:BIDid:98368
db:JVNDBid:JVNDB-2017-004058
db:CNNVDid:CNNVD-201703-630
db:NVDid:CVE-2017-6867

LAST UPDATE DATE

2024-08-14T13:56:21.126000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-06154date:2019-08-22T00:00:00
db:VULHUBid:VHN-115070date:2018-06-14T00:00:00
db:BIDid:98368date:2017-05-23T16:23:00
db:JVNDBid:JVNDB-2017-004058date:2018-06-13T00:00:00
db:CNNVDid:CNNVD-201703-630date:2017-05-31T00:00:00
db:NVDid:CVE-2017-6867date:2018-06-14T01:29:31.133

SOURCES RELEASE DATE

db:IVDid:81c5d14f-8537-4b60-aa16-b99aec0c6e39date:2017-05-09T00:00:00
db:CNVDid:CNVD-2017-06154date:2017-05-09T00:00:00
db:VULHUBid:VHN-115070date:2017-05-11T00:00:00
db:BIDid:98368date:2017-05-09T00:00:00
db:JVNDBid:JVNDB-2017-004058date:2017-06-15T00:00:00
db:CNNVDid:CNNVD-201703-630date:2017-03-16T00:00:00
db:NVDid:CVE-2017-6867date:2017-05-11T10:29:00.260