Sign-up

ID

VAR-201708-1519


CVE

CVE-2017-9942


TITLE

Siemens SiPass integrated Credential acquisition vulnerability

Trust: 0.8

sources: IVD: 47137c94-f064-4aa1-96c4-9cad2593f752 // CNVD: CNVD-2017-14601

DESCRIPTION

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with local access to the SiPass integrated server or SiPass integrated client to potentially obtain credentials from the systems. Siemens SiPass integrated Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The SiPass server is a component of the SiPass centralized access control system that receives the client's connection for communication. Siemens SiPass integrated is prone to the following security vulnerabilities: 1. An authentication-bypass vulnerability 2. A privilege-escalation vulnerability 3. A man-in-the-middle security bypass vulnerability 4. An information-disclosure vulnerability An attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions by conducting a man-in-the-middle attack, gain unauthorized access or elevated privileges. Versions prior to SiPass integrated 2.70 are vulnerable. An attacker could exploit this vulnerability to obtain certificates on the system

Trust: 2.7

sources: NVD: CVE-2017-9942 // JVNDB: JVNDB-2017-006974 // CNVD: CNVD-2017-14601 // BID: 99578 // IVD: 47137c94-f064-4aa1-96c4-9cad2593f752 // VULHUB: VHN-118145

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 47137c94-f064-4aa1-96c4-9cad2593f752 // CNVD: CNVD-2017-14601

AFFECTED PRODUCTS

vendor:siemensmodel:sipass integratedscope:lteversion:2.65

Trust: 1.0

vendor:siemensmodel:sipass integratedscope:eqversion:2.70

Trust: 0.8

vendor:siemensmodel:sipass integratedscope:ltversion:2.70

Trust: 0.6

vendor:siemensmodel:sipass integratedscope:eqversion:2.65

Trust: 0.6

vendor:siemensmodel:sipass integrated mp2.6scope: - version: -

Trust: 0.3

vendor:siemensmodel:sipass integrated mp2.5scope: - version: -

Trust: 0.3

vendor:siemensmodel:sipass integrated mp2.4scope: - version: -

Trust: 0.3

vendor:siemensmodel:sipass integratedscope:neversion:2.70

Trust: 0.3

vendor:sipass integratedmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 47137c94-f064-4aa1-96c4-9cad2593f752 // CNVD: CNVD-2017-14601 // BID: 99578 // JVNDB: JVNDB-2017-006974 // CNNVD: CNNVD-201707-604 // NVD: CVE-2017-9942

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-9942
value: HIGH

Trust: 1.0

NVD: CVE-2017-9942
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-14601
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201707-604
value: HIGH

Trust: 0.6

IVD: 47137c94-f064-4aa1-96c4-9cad2593f752
value: HIGH

Trust: 0.2

VULHUB: VHN-118145
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-9942
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-14601
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 47137c94-f064-4aa1-96c4-9cad2593f752
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-118145
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-9942
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 47137c94-f064-4aa1-96c4-9cad2593f752 // CNVD: CNVD-2017-14601 // VULHUB: VHN-118145 // JVNDB: JVNDB-2017-006974 // CNNVD: CNNVD-201707-604 // NVD: CVE-2017-9942

PROBLEMTYPE DATA

problemtype:CWE-257

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-118145 // JVNDB: JVNDB-2017-006974 // NVD: CVE-2017-9942

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201707-604

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201707-604

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-006974

PATCH
title:SSA-339433url:https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf
Trust: 0.8
title:Siemens SiPass integrated credentials to obtain patches for vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/98174
Trust: 0.6
title:Siemens SiPass integrated Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71718
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-14601 // 
            
            
            
            JVNDB: JVNDB-2017-006974 // 
            
            
            
            CNNVD: CNNVD-201707-604

EXTERNAL IDS
db:NVDid:CVE-2017-9942
Trust: 3.6
db:SIEMENSid:SSA-339433
Trust: 2.6
db:BIDid:99578
Trust: 2.0
db:CNVDid:CNVD-2017-14601
Trust: 0.8
db:CNNVDid:CNNVD-201707-604
Trust: 0.8
db:JVNDBid:JVNDB-2017-006974
Trust: 0.8
db:ICS CERTid:ICSA-17-194-01
Trust: 0.3
db:IVDid:47137C94-F064-4AA1-96C4-9CAD2593F752
Trust: 0.2
db:VULHUBid:VHN-118145
Trust: 0.1
sources:
            
            
            IVD: 47137c94-f064-4aa1-96c4-9cad2593f752 // 
            
            
            
            CNVD: CNVD-2017-14601 // 
            
            
            
            VULHUB: VHN-118145 // 
            
            
            
            BID: 99578 // 
            
            
            
            JVNDB: JVNDB-2017-006974 // 
            
            
            
            CNNVD: CNNVD-201707-604 // 
            
            
            
            NVD: CVE-2017-9942

REFERENCES
url:https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf
Trust: 2.6
url:http://www.securityfocus.com/bid/99578
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9942
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-9942
Trust: 0.8
url:http://subscriber.communications.siemens.com/
Trust: 0.3
url:https://ics-cert.us-cert.gov/advisories/icsa-17-194-01
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-14601 // 
            
            
            
            VULHUB: VHN-118145 // 
            
            
            
            BID: 99578 // 
            
            
            
            JVNDB: JVNDB-2017-006974 // 
            
            
            
            CNNVD: CNNVD-201707-604 // 
            
            
            
            NVD: CVE-2017-9942

CREDITS
Siemens
Trust: 0.3
sources:
            
            
            BID: 99578

SOURCES
db:IVDid:47137c94-f064-4aa1-96c4-9cad2593f752
db:CNVDid:CNVD-2017-14601
db:VULHUBid:VHN-118145
db:BIDid:99578
db:JVNDBid:JVNDB-2017-006974
db:CNNVDid:CNNVD-201707-604
db:NVDid:CVE-2017-9942

LAST UPDATE DATE
2024-11-23T21:53:48.740000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-14601date:2017-07-15T00:00:00
db:VULHUBid:VHN-118145date:2019-10-09T00:00:00
db:BIDid:99578date:2017-07-13T00:00:00
db:JVNDBid:JVNDB-2017-006974date:2017-09-07T00:00:00
db:CNNVDid:CNNVD-201707-604date:2019-10-17T00:00:00
db:NVDid:CVE-2017-9942date:2024-11-21T03:37:13.413

SOURCES RELEASE DATE
db:IVDid:47137c94-f064-4aa1-96c4-9cad2593f752date:2017-07-15T00:00:00
db:CNVDid:CNVD-2017-14601date:2017-07-15T00:00:00
db:VULHUBid:VHN-118145date:2017-08-08T00:00:00
db:BIDid:99578date:2017-07-13T00:00:00
db:JVNDBid:JVNDB-2017-006974date:2017-09-07T00:00:00
db:CNNVDid:CNNVD-201707-604date:2017-07-14T00:00:00
db:NVDid:CVE-2017-9942date:2017-08-08T00:29:00.477