ID

VAR-201708-0476


CVE

CVE-2017-12069


TITLE

Siemens OPC UA protocol XML External entity vulnerability

Trust: 0.8

sources: IVD: e3c681f4-90be-4763-9ea0-9bf8b55433bb // CNVD: CNVD-2017-24363

DESCRIPTION

An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions < V7.4 SP1), SIMATIC WinCC Runtime Professional (All versions < V14 SP1), SIMATIC NET PC Software, and SIMATIC IT Production Suite. By sending specially crafted packets to the OPC Discovery Server at port 4840/tcp, an attacker might cause the system to access various resources chosen by the attacker. Siemens industrial products are based on the OPC UAP protocol based on OPC to discover and configure LAN device information. The Siemens OPC UA protocol has an XML external entity vulnerability. Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions. Siemens SIMATIC PCS and so on are all products of German Siemens (Siemens). Siemens SIMATIC PCS is a process control system. SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system

Trust: 2.79

sources: NVD: CVE-2017-12069 // JVNDB: JVNDB-2017-008019 // CNVD: CNVD-2017-24363 // BID: 100559 // IVD: e3c681f4-90be-4763-9ea0-9bf8b55433bb // VULHUB: VHN-102554 // VULMON: CVE-2017-12069

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e3c681f4-90be-4763-9ea0-9bf8b55433bb // CNVD: CNVD-2017-24363

AFFECTED PRODUCTS

vendor:ocpfoundationmodel:local discovery serverscope:lteversion:1.01.333.0

Trust: 1.0

vendor:siemensmodel:winccscope:lteversion:7.4

Trust: 1.0

vendor:ocpfoundationmodel:ua .netscope:lteversion:2017-03-21

Trust: 1.0

vendor:siemensmodel:simatic pcs7scope:lteversion:8.1

Trust: 1.0

vendor:siemensmodel:simatic pcsscope:eqversion:78.0

Trust: 0.9

vendor:siemensmodel:simatic pcsscope:eqversion:78.1

Trust: 0.9

vendor:siemensmodel:simatic winccscope:eqversion:7.0

Trust: 0.9

vendor:siemensmodel:simatic winccscope:eqversion:7.2

Trust: 0.9

vendor:siemensmodel:simatic winccscope:eqversion:7.3

Trust: 0.9

vendor:opcmodel:local discovery serverscope:ltversion:1.03.367

Trust: 0.8

vendor:opcmodel:ua .netscope:eqversion:2017-03-21

Trust: 0.8

vendor:siemensmodel:simatic it production suitescope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic net pc softwarescope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic pcs 7scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic winccscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic wincc runtime professionalscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic it production suite allscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic net pc-softwarescope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic pcsscope:eqversion:7<=7.1

Trust: 0.6

vendor:siemensmodel:simatic wincc sp1scope:ltversion:v7.4

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professionalscope:ltversion:v13

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professional sp1scope:ltversion:v14

Trust: 0.6

vendor:ocpfoundationmodel:local discovery serverscope:eqversion:1.01.333.0

Trust: 0.6

vendor:ocpfoundationmodel:ua .netscope:eqversion:2017-03-21

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:14

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:13

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:7.4

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:77.1

Trust: 0.3

vendor:siemensmodel:simatic net pc-softwarescope:eqversion:14

Trust: 0.3

vendor:siemensmodel:simatic net pc-software sp2scope:eqversion:13

Trust: 0.3

vendor:siemensmodel:simatic net pc-software hf1scope:eqversion:13

Trust: 0.3

vendor:siemensmodel:simatic net pc-softwarescope:eqversion:13

Trust: 0.3

vendor:siemensmodel:simatic net pc-software sp2 hf3scope:eqversion:12

Trust: 0.3

vendor:siemensmodel:simatic net pc-softwarescope:eqversion:12

Trust: 0.3

vendor:siemensmodel:simatic it production suitescope:eqversion:0

Trust: 0.3

vendor:sapmodel:plant connectivityscope:eqversion:15.0

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime professional sp1scope:neversion:14

Trust: 0.3

vendor:siemensmodel:simatic wincc sp1scope:neversion:7.4

Trust: 0.3

vendor:simatic pcs7model: - scope:eqversion:*

Trust: 0.2

vendor:winccmodel: - scope:eqversion:*

Trust: 0.2

vendor:local discovery servermodel: - scope:eqversion:*

Trust: 0.2

vendor:ua netmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e3c681f4-90be-4763-9ea0-9bf8b55433bb // CNVD: CNVD-2017-24363 // BID: 100559 // JVNDB: JVNDB-2017-008019 // CNNVD: CNNVD-201708-1273 // NVD: CVE-2017-12069

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12069
value: HIGH

Trust: 1.0

NVD: CVE-2017-12069
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-24363
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201708-1273
value: HIGH

Trust: 0.6

IVD: e3c681f4-90be-4763-9ea0-9bf8b55433bb
value: MEDIUM

Trust: 0.2

VULHUB: VHN-102554
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-12069
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12069
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-24363
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e3c681f4-90be-4763-9ea0-9bf8b55433bb
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-102554
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12069
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.2
version: 3.0

Trust: 1.8

sources: IVD: e3c681f4-90be-4763-9ea0-9bf8b55433bb // CNVD: CNVD-2017-24363 // VULHUB: VHN-102554 // VULMON: CVE-2017-12069 // JVNDB: JVNDB-2017-008019 // CNNVD: CNNVD-201708-1273 // NVD: CVE-2017-12069

PROBLEMTYPE DATA

problemtype:CWE-611

Trust: 1.9

sources: VULHUB: VHN-102554 // JVNDB: JVNDB-2017-008019 // NVD: CVE-2017-12069

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-1273

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201708-1273

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-008019

PATCH

title:Security Update for the OPC UA .NET Sample Codeurl:https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-12069.pdf

Trust: 0.8

title:SSA-535640url:https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-535640.pdf

Trust: 0.8

title:Patch for Siemens OPC UA Protocol XML External Entity Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/176381

Trust: 0.6

title:Multiple Siemens product OPC Foundation UA .NET Sample Code and Local Discovery Server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74833

Trust: 0.6

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=0561e5e7e515f186e8a5589cf02f38a8

Trust: 0.1

sources: CNVD: CNVD-2017-24363 // VULMON: CVE-2017-12069 // JVNDB: JVNDB-2017-008019 // CNNVD: CNNVD-201708-1273

EXTERNAL IDS

db:NVDid:CVE-2017-12069

Trust: 3.7

db:SIEMENSid:SSA-535640

Trust: 1.8

db:ICS CERTid:ICSA-17-243-01

Trust: 1.6

db:BIDid:100559

Trust: 1.5

db:SECTRACKid:1039510

Trust: 1.2

db:CNNVDid:CNNVD-201708-1273

Trust: 0.9

db:CNVDid:CNVD-2017-24363

Trust: 0.8

db:ICS CERTid:ICSA-17-243-01B

Trust: 0.8

db:JVNDBid:JVNDB-2017-008019

Trust: 0.8

db:IVDid:E3C681F4-90BE-4763-9EA0-9BF8B55433BB

Trust: 0.2

db:VULHUBid:VHN-102554

Trust: 0.1

db:VULMONid:CVE-2017-12069

Trust: 0.1

sources: IVD: e3c681f4-90be-4763-9ea0-9bf8b55433bb // CNVD: CNVD-2017-24363 // VULHUB: VHN-102554 // VULMON: CVE-2017-12069 // BID: 100559 // JVNDB: JVNDB-2017-008019 // CNNVD: CNNVD-201708-1273 // NVD: CVE-2017-12069

REFERENCES

url:https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-535640.pdf

Trust: 1.8

url:https://opcfoundation-onlineapplications.org/faq/securitybulletins/opc_foundation_security_bulletin_cve-2017-12069.pdf

Trust: 1.5

url:http://www.securityfocus.com/bid/100559

Trust: 1.2

url:http://www.securitytracker.com/id/1039510

Trust: 1.2

url:https://ics-cert.us-cert.gov/advisories/icsa-17-243-01

Trust: 0.9

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12069

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-17-243-01b

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-12069

Trust: 0.8

url:https://support.industry.siemens.com/cs/ww/en/view/109746038

Trust: 0.6

url:https://support.industry.siemens.com/cs/ww/en/view/109746276

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-17-243-01-0

Trust: 0.6

url:http://subscriber.communications.siemens.com/

Trust: 0.3

url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=500633095

Trust: 0.3

url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=499356993

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/611.html

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=55504

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsa-17-243-01-0

Trust: 0.1

sources: CNVD: CNVD-2017-24363 // VULHUB: VHN-102554 // VULMON: CVE-2017-12069 // BID: 100559 // JVNDB: JVNDB-2017-008019 // CNNVD: CNNVD-201708-1273 // NVD: CVE-2017-12069

CREDITS

Sergey Temnikov of Kaspersky Lab.

Trust: 0.3

sources: BID: 100559

SOURCES

db:IVDid:e3c681f4-90be-4763-9ea0-9bf8b55433bb
db:CNVDid:CNVD-2017-24363
db:VULHUBid:VHN-102554
db:VULMONid:CVE-2017-12069
db:BIDid:100559
db:JVNDBid:JVNDB-2017-008019
db:CNNVDid:CNNVD-201708-1273
db:NVDid:CVE-2017-12069

LAST UPDATE DATE

2024-08-14T14:57:37.273000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-24363date:2019-08-28T00:00:00
db:VULHUBid:VHN-102554date:2017-10-06T00:00:00
db:VULMONid:CVE-2017-12069date:2017-10-06T00:00:00
db:BIDid:100559date:2018-10-12T04:00:00
db:JVNDBid:JVNDB-2017-008019date:2017-10-05T00:00:00
db:CNNVDid:CNNVD-201708-1273date:2020-08-12T00:00:00
db:NVDid:CVE-2017-12069date:2017-10-06T01:29:00.443

SOURCES RELEASE DATE

db:IVDid:e3c681f4-90be-4763-9ea0-9bf8b55433bbdate:2017-09-02T00:00:00
db:CNVDid:CNVD-2017-24363date:2017-09-01T00:00:00
db:VULHUBid:VHN-102554date:2017-08-30T00:00:00
db:VULMONid:CVE-2017-12069date:2017-08-30T00:00:00
db:BIDid:100559date:2017-08-31T00:00:00
db:JVNDBid:JVNDB-2017-008019date:2017-10-05T00:00:00
db:CNNVDid:CNNVD-201708-1273date:2017-08-30T00:00:00
db:NVDid:CVE-2017-12069date:2017-08-30T19:29:00.210