ID

VAR-201711-1076


CVE

CVE-2017-14023


TITLE

Siemens SIMATIC PCS 7 Denial of service vulnerability

Trust: 0.8

sources: IVD: 0fe3415c-af39-4c5b-a5d8-06ff8b01db12 // CNVD: CNVD-2017-32563

DESCRIPTION

An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface. SIMATIC PCS 7 is a set of distributed process control systems using WinCC from Siemens AG, Germany. Siemens SIMATIC PCS 7 is prone to a denial-of-service vulnerability. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users

Trust: 2.7

sources: NVD: CVE-2017-14023 // JVNDB: JVNDB-2017-009948 // CNVD: CNVD-2017-32563 // BID: 101680 // IVD: 0fe3415c-af39-4c5b-a5d8-06ff8b01db12 // VULHUB: VHN-104704

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 0fe3415c-af39-4c5b-a5d8-06ff8b01db12 // CNVD: CNVD-2017-32563

AFFECTED PRODUCTS

vendor:siemensmodel:simatic pcs7scope:eqversion:8.2

Trust: 1.9

vendor:siemensmodel:simatic pcs7scope:eqversion:8.1

Trust: 1.3

vendor:siemensmodel:simatic winccscope:eqversion:7.3

Trust: 1.0

vendor:siemensmodel:simatic pcs 7scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic winccscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic pcs sp1scope:eqversion:7v8.1<v8.1

Trust: 0.6

vendor:siemensmodel:simatic pcs updscope:eqversion:7v7.313

Trust: 0.6

vendor:siemensmodel:simatic pcsscope:eqversion:7v8.2

Trust: 0.6

vendor:siemensmodel:simatic wincc updatescope:neversion:7.313

Trust: 0.3

vendor:siemensmodel:simatic pcs7 sp1scope:neversion:8.1

Trust: 0.3

vendor:siemensmodel:simatic pcs siemens simatic pcs upd 13siemens simatic pcsscope:eqversion:7v8.17v7.37v8.2

Trust: 0.2

sources: IVD: 0fe3415c-af39-4c5b-a5d8-06ff8b01db12 // CNVD: CNVD-2017-32563 // BID: 101680 // JVNDB: JVNDB-2017-009948 // CNNVD: CNNVD-201708-1252 // NVD: CVE-2017-14023

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14023
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-14023
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-32563
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201708-1252
value: MEDIUM

Trust: 0.6

IVD: 0fe3415c-af39-4c5b-a5d8-06ff8b01db12
value: MEDIUM

Trust: 0.2

VULHUB: VHN-104704
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-14023
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-32563
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 0fe3415c-af39-4c5b-a5d8-06ff8b01db12
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-104704
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-14023
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2017-14023
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 0fe3415c-af39-4c5b-a5d8-06ff8b01db12 // CNVD: CNVD-2017-32563 // VULHUB: VHN-104704 // JVNDB: JVNDB-2017-009948 // CNNVD: CNNVD-201708-1252 // NVD: CVE-2017-14023

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-104704 // JVNDB: JVNDB-2017-009948 // NVD: CVE-2017-14023

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-1252

TYPE

Input validation error

Trust: 1.1

sources: IVD: 0fe3415c-af39-4c5b-a5d8-06ff8b01db12 // BID: 101680 // CNNVD: CNNVD-201708-1252

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009948

PATCH

title:SSA-523365url:https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-523365.pdf

Trust: 0.8

title:Siemens SIMATIC PCS 7 patch for denial of service vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/105313

Trust: 0.6

title:Siemens SIMATIC PCS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100013

Trust: 0.6

sources: CNVD: CNVD-2017-32563 // JVNDB: JVNDB-2017-009948 // CNNVD: CNNVD-201708-1252

EXTERNAL IDS

db:NVDid:CVE-2017-14023

Trust: 3.6

db:ICS CERTid:ICSA-17-306-01

Trust: 3.4

db:BIDid:101680

Trust: 2.0

db:SECTRACKid:1039729

Trust: 1.7

db:CNNVDid:CNNVD-201708-1252

Trust: 0.9

db:CNVDid:CNVD-2017-32563

Trust: 0.8

db:JVNDBid:JVNDB-2017-009948

Trust: 0.8

db:IVDid:0FE3415C-AF39-4C5B-A5D8-06FF8B01DB12

Trust: 0.2

db:VULHUBid:VHN-104704

Trust: 0.1

sources: IVD: 0fe3415c-af39-4c5b-a5d8-06ff8b01db12 // CNVD: CNVD-2017-32563 // VULHUB: VHN-104704 // BID: 101680 // JVNDB: JVNDB-2017-009948 // CNNVD: CNNVD-201708-1252 // NVD: CVE-2017-14023

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-17-306-01

Trust: 3.4

url:http://www.securityfocus.com/bid/101680

Trust: 1.7

url:http://www.securitytracker.com/id/1039729

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14023

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-14023

Trust: 0.8

url:http://www.siemens.com/

Trust: 0.3

sources: CNVD: CNVD-2017-32563 // VULHUB: VHN-104704 // BID: 101680 // JVNDB: JVNDB-2017-009948 // CNNVD: CNNVD-201708-1252 // NVD: CVE-2017-14023

CREDITS

Sergey Temnikov and Vladimir Dashchenko of Kaspersky Labs.

Trust: 0.3

sources: BID: 101680

SOURCES

db:IVDid:0fe3415c-af39-4c5b-a5d8-06ff8b01db12
db:CNVDid:CNVD-2017-32563
db:VULHUBid:VHN-104704
db:BIDid:101680
db:JVNDBid:JVNDB-2017-009948
db:CNNVDid:CNNVD-201708-1252
db:NVDid:CVE-2017-14023

LAST UPDATE DATE

2024-08-14T13:56:21.084000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-32563date:2017-11-03T00:00:00
db:VULHUBid:VHN-104704date:2021-11-15T00:00:00
db:BIDid:101680date:2017-12-19T22:00:00
db:JVNDBid:JVNDB-2017-009948date:2017-11-29T00:00:00
db:CNNVDid:CNNVD-201708-1252date:2019-10-17T00:00:00
db:NVDid:CVE-2017-14023date:2021-11-15T19:49:09.827

SOURCES RELEASE DATE

db:IVDid:0fe3415c-af39-4c5b-a5d8-06ff8b01db12date:2017-11-03T00:00:00
db:CNVDid:CNVD-2017-32563date:2017-11-03T00:00:00
db:VULHUBid:VHN-104704date:2017-11-06T00:00:00
db:BIDid:101680date:2017-11-02T00:00:00
db:JVNDBid:JVNDB-2017-009948date:2017-11-29T00:00:00
db:CNNVDid:CNNVD-201708-1252date:2017-08-31T00:00:00
db:NVDid:CVE-2017-14023date:2017-11-06T22:29:00.270