Sign-up

ID

VAR-201708-0476


CVE

CVE-2017-12069


TITLE

Siemens OPC UA protocol XML External entity vulnerability

Trust: 0.8

sources: IVD: e3c681f4-90be-4763-9ea0-9bf8b55433bb // CNVD: CNVD-2017-24363

DESCRIPTION

An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions < V7.4 SP1), SIMATIC WinCC Runtime Professional (All versions < V14 SP1), SIMATIC NET PC Software, and SIMATIC IT Production Suite. By sending specially crafted packets to the OPC Discovery Server at port 4840/tcp, an attacker might cause the system to access various resources chosen by the attacker. Siemens industrial products are based on the OPC UAP protocol based on OPC to discover and configure LAN device information. The Siemens OPC UA protocol has an XML external entity vulnerability. Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions. Siemens SIMATIC PCS and so on are all products of German Siemens (Siemens). Siemens SIMATIC PCS is a process control system. SIMATIC WinCC is a set of automatic data acquisition and monitoring (SCADA) system

Trust: 2.79

sources: NVD: CVE-2017-12069 // JVNDB: JVNDB-2017-008019 // CNVD: CNVD-2017-24363 // BID: 100559 // IVD: e3c681f4-90be-4763-9ea0-9bf8b55433bb // VULHUB: VHN-102554 // VULMON: CVE-2017-12069

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e3c681f4-90be-4763-9ea0-9bf8b55433bb // CNVD: CNVD-2017-24363

AFFECTED PRODUCTS

vendor:ocpfoundationmodel:local discovery serverscope:lteversion:1.01.333.0

Trust: 1.0

vendor:siemensmodel:winccscope:lteversion:7.4

Trust: 1.0

vendor:ocpfoundationmodel:ua .netscope:lteversion:2017-03-21

Trust: 1.0

vendor:siemensmodel:simatic pcs7scope:lteversion:8.1

Trust: 1.0

vendor:siemensmodel:simatic pcsscope:eqversion:78.0

Trust: 0.9

vendor:siemensmodel:simatic pcsscope:eqversion:78.1

Trust: 0.9

vendor:siemensmodel:simatic winccscope:eqversion:7.0

Trust: 0.9

vendor:siemensmodel:simatic winccscope:eqversion:7.2

Trust: 0.9

vendor:siemensmodel:simatic winccscope:eqversion:7.3

Trust: 0.9

vendor:opcmodel:local discovery serverscope:ltversion:1.03.367

Trust: 0.8

vendor:opcmodel:ua .netscope:eqversion:2017-03-21

Trust: 0.8

vendor:siemensmodel:simatic it production suitescope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic net pc softwarescope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic pcs 7scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic winccscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic wincc runtime professionalscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic it production suite allscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic net pc-softwarescope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic pcsscope:eqversion:7<=7.1

Trust: 0.6

vendor:siemensmodel:simatic wincc sp1scope:ltversion:v7.4

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professionalscope:ltversion:v13

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professional sp1scope:ltversion:v14

Trust: 0.6

vendor:ocpfoundationmodel:local discovery serverscope:eqversion:1.01.333.0

Trust: 0.6

vendor:ocpfoundationmodel:ua .netscope:eqversion:2017-03-21

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:14

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:13

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:7.4

Trust: 0.3

vendor:siemensmodel:simatic pcsscope:eqversion:77.1

Trust: 0.3

vendor:siemensmodel:simatic net pc-softwarescope:eqversion:14

Trust: 0.3

vendor:siemensmodel:simatic net pc-software sp2scope:eqversion:13

Trust: 0.3

vendor:siemensmodel:simatic net pc-software hf1scope:eqversion:13

Trust: 0.3

vendor:siemensmodel:simatic net pc-softwarescope:eqversion:13

Trust: 0.3

vendor:siemensmodel:simatic net pc-software sp2 hf3scope:eqversion:12

Trust: 0.3

vendor:siemensmodel:simatic net pc-softwarescope:eqversion:12

Trust: 0.3

vendor:siemensmodel:simatic it production suitescope:eqversion:0

Trust: 0.3

vendor:sapmodel:plant connectivityscope:eqversion:15.0

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime professional sp1scope:neversion:14

Trust: 0.3

vendor:siemensmodel:simatic wincc sp1scope:neversion:7.4

Trust: 0.3

vendor:simatic pcs7model: - scope:eqversion:*

Trust: 0.2

vendor:winccmodel: - scope:eqversion:*

Trust: 0.2

vendor:local discovery servermodel: - scope:eqversion:*

Trust: 0.2

vendor:ua netmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e3c681f4-90be-4763-9ea0-9bf8b55433bb // CNVD: CNVD-2017-24363 // BID: 100559 // JVNDB: JVNDB-2017-008019 // CNNVD: CNNVD-201708-1273 // NVD: CVE-2017-12069

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12069
value: HIGH

Trust: 1.0

NVD: CVE-2017-12069
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-24363
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201708-1273
value: HIGH

Trust: 0.6

IVD: e3c681f4-90be-4763-9ea0-9bf8b55433bb
value: MEDIUM

Trust: 0.2

VULHUB: VHN-102554
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-12069
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12069
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-24363
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e3c681f4-90be-4763-9ea0-9bf8b55433bb
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-102554
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12069
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.2
version: 3.0

Trust: 1.8

sources: IVD: e3c681f4-90be-4763-9ea0-9bf8b55433bb // CNVD: CNVD-2017-24363 // VULHUB: VHN-102554 // VULMON: CVE-2017-12069 // JVNDB: JVNDB-2017-008019 // CNNVD: CNNVD-201708-1273 // NVD: CVE-2017-12069

PROBLEMTYPE DATA

problemtype:CWE-611

Trust: 1.9

sources: VULHUB: VHN-102554 // JVNDB: JVNDB-2017-008019 // NVD: CVE-2017-12069

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-1273

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201708-1273

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-008019

PATCH
title:Security Update for the OPC UA .NET Sample Codeurl:https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-12069.pdf
Trust: 0.8
title:SSA-535640url:https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-535640.pdf
Trust: 0.8
title:Patch for Siemens OPC UA Protocol XML External Entity Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/176381
Trust: 0.6
title:Multiple Siemens product OPC Foundation UA .NET Sample Code  and Local Discovery Server Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74833
Trust: 0.6
title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=0561e5e7e515f186e8a5589cf02f38a8
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-24363 // 
            
            
            
            VULMON: CVE-2017-12069 // 
            
            
            
            JVNDB: JVNDB-2017-008019 // 
            
            
            
            CNNVD: CNNVD-201708-1273

EXTERNAL IDS
db:NVDid:CVE-2017-12069
Trust: 3.7
db:SIEMENSid:SSA-535640
Trust: 1.8
db:ICS CERTid:ICSA-17-243-01
Trust: 1.6
db:BIDid:100559
Trust: 1.5
db:SECTRACKid:1039510
Trust: 1.2
db:CNNVDid:CNNVD-201708-1273
Trust: 0.9
db:CNVDid:CNVD-2017-24363
Trust: 0.8
db:ICS CERTid:ICSA-17-243-01B
Trust: 0.8
db:JVNDBid:JVNDB-2017-008019
Trust: 0.8
db:IVDid:E3C681F4-90BE-4763-9EA0-9BF8B55433BB
Trust: 0.2
db:VULHUBid:VHN-102554
Trust: 0.1
db:VULMONid:CVE-2017-12069
Trust: 0.1
sources:
            
            
            IVD: e3c681f4-90be-4763-9ea0-9bf8b55433bb // 
            
            
            
            CNVD: CNVD-2017-24363 // 
            
            
            
            VULHUB: VHN-102554 // 
            
            
            
            VULMON: CVE-2017-12069 // 
            
            
            
            BID: 100559 // 
            
            
            
            JVNDB: JVNDB-2017-008019 // 
            
            
            
            CNNVD: CNNVD-201708-1273 // 
            
            
            
            NVD: CVE-2017-12069

REFERENCES
url:https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-535640.pdf
Trust: 1.8
url:https://opcfoundation-onlineapplications.org/faq/securitybulletins/opc_foundation_security_bulletin_cve-2017-12069.pdf
Trust: 1.5
url:http://www.securityfocus.com/bid/100559
Trust: 1.2
url:http://www.securitytracker.com/id/1039510
Trust: 1.2
url:https://ics-cert.us-cert.gov/advisories/icsa-17-243-01
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12069
Trust: 0.8
url:https://ics-cert.us-cert.gov/advisories/icsa-17-243-01b
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12069
Trust: 0.8
url:https://support.industry.siemens.com/cs/ww/en/view/109746038
Trust: 0.6
url:https://support.industry.siemens.com/cs/ww/en/view/109746276
Trust: 0.6
url:https://us-cert.cisa.gov/ics/advisories/icsa-17-243-01-0
Trust: 0.6
url:http://subscriber.communications.siemens.com/
Trust: 0.3
url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=500633095
Trust: 0.3
url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=499356993
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/611.html
Trust: 0.1
url:https://tools.cisco.com/security/center/viewalert.x?alertid=55504
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.cisa.gov/uscert/ics/advisories/icsa-17-243-01-0
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-24363 // 
            
            
            
            VULHUB: VHN-102554 // 
            
            
            
            VULMON: CVE-2017-12069 // 
            
            
            
            BID: 100559 // 
            
            
            
            JVNDB: JVNDB-2017-008019 // 
            
            
            
            CNNVD: CNNVD-201708-1273 // 
            
            
            
            NVD: CVE-2017-12069

CREDITS
Sergey Temnikov of Kaspersky Lab.
Trust: 0.3
sources:
            
            
            BID: 100559

SOURCES
db:IVDid:e3c681f4-90be-4763-9ea0-9bf8b55433bb
db:CNVDid:CNVD-2017-24363
db:VULHUBid:VHN-102554
db:VULMONid:CVE-2017-12069
db:BIDid:100559
db:JVNDBid:JVNDB-2017-008019
db:CNNVDid:CNNVD-201708-1273
db:NVDid:CVE-2017-12069

LAST UPDATE DATE
2024-08-14T14:57:37.273000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-24363date:2019-08-28T00:00:00
db:VULHUBid:VHN-102554date:2017-10-06T00:00:00
db:VULMONid:CVE-2017-12069date:2017-10-06T00:00:00
db:BIDid:100559date:2018-10-12T04:00:00
db:JVNDBid:JVNDB-2017-008019date:2017-10-05T00:00:00
db:CNNVDid:CNNVD-201708-1273date:2020-08-12T00:00:00
db:NVDid:CVE-2017-12069date:2017-10-06T01:29:00.443

SOURCES RELEASE DATE
db:IVDid:e3c681f4-90be-4763-9ea0-9bf8b55433bbdate:2017-09-02T00:00:00
db:CNVDid:CNVD-2017-24363date:2017-09-01T00:00:00
db:VULHUBid:VHN-102554date:2017-08-30T00:00:00
db:VULMONid:CVE-2017-12069date:2017-08-30T00:00:00
db:BIDid:100559date:2017-08-31T00:00:00
db:JVNDBid:JVNDB-2017-008019date:2017-10-05T00:00:00
db:CNNVDid:CNNVD-201708-1273date:2017-08-30T00:00:00
db:NVDid:CVE-2017-12069date:2017-08-30T19:29:00.210