Details of VAR-201808-0743

ID

VAR-201808-0743

CVE

CVE-2018-11453

TITLE

SIMATIC STEP 7 and WinCC Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-009209

DESCRIPTION

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially crafted files which may prevent TIA Portal startup (Denial-of-Service) or lead to local code execution. No special privileges are required, but the victim needs to attempt to start TIA Portal after the manipulation. SIMATIC STEP 7 and WinCC (TIA Portal ) Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens SIMATIC STEP 7 (TIA Portal) is a set of programming software for SIMATIC controllers. The software provides PLC programming, design option packages and advanced drive technology. WinCC (TIA Portal) is an automated data acquisition and monitoring (SCADA) system. The system provides functions such as process monitoring and data acquisition. The Portal starts, causing a denial of service or execution of code. Siemens SIMATIC STEP 7 and SIMATIC WinCC are prone to multiple insecure file-permissions vulnerabilities. A local attacker can exploit these issues by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks

Trust: 2.7

sources: NVD: CVE-2018-11453 // JVNDB: JVNDB-2018-009209 // CNVD: CNVD-2018-19601 // BID: 105115 // IVD: e2fc57cf-39ab-11e9-b215-000c29342cb1 // VULHUB: VHN-121314

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2fc57cf-39ab-11e9-b215-000c29342cb1 // CNVD: CNVD-2018-19601

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic wincc \	scope:	eq	version:	14.0	Trust: 1.6
vendor:	siemens	model:	simatic step 7 \	scope:	eq	version:	14.0	Trust: 1.6
vendor:	siemens	model:	simatic wincc \	scope:	eq	version:	13.0	Trust: 1.6
vendor:	siemens	model:	simatic wincc \	scope:	eq	version:	15.0	Trust: 1.6
vendor:	siemens	model:	simatic step 7 \	scope:	eq	version:	13.0	Trust: 1.6
vendor:	siemens	model:	simatic step 7 \	scope:	eq	version:	15.0	Trust: 1.6
vendor:	siemens	model:	simatic step 7 \	scope:	eq	version:	12.0	Trust: 1.6
vendor:	siemens	model:	simatic step 7 \	scope:	eq	version:	11.0	Trust: 1.6
vendor:	siemens	model:	simatic step 7 \	scope:	eq	version:	10.0	Trust: 1.6
vendor:	siemens	model:	simatic wincc \	scope:	eq	version:	12.0	Trust: 1.0
vendor:	siemens	model:	simatic wincc \	scope:	eq	version:	10.0	Trust: 1.0
vendor:	siemens	model:	simatic wincc \	scope:	eq	version:	11.0	Trust: 1.0
vendor:	siemens	model:	simatic step 7	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic wincc	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic step	scope:	eq	version:	710	Trust: 0.6
vendor:	siemens	model:	simatic step	scope:	eq	version:	711	Trust: 0.6
vendor:	siemens	model:	simatic step	scope:	eq	version:	712	Trust: 0.6
vendor:	siemens	model:	simatic step	scope:	eq	version:	713	Trust: 0.6
vendor:	siemens	model:	simatic step sp1 update	scope:	eq	version:	714.*<146	Trust: 0.6
vendor:	siemens	model:	simatic step update	scope:	eq	version:	715.*<152	Trust: 0.6
vendor:	siemens	model:	wincc	scope:	eq	version:	10	Trust: 0.6
vendor:	siemens	model:	wincc	scope:	eq	version:	11	Trust: 0.6
vendor:	siemens	model:	wincc	scope:	eq	version:	12	Trust: 0.6
vendor:	siemens	model:	wincc	scope:	eq	version:	13	Trust: 0.6
vendor:	siemens	model:	wincc sp1 update	scope:	eq	version:	14.*<146	Trust: 0.6
vendor:	siemens	model:	wincc update	scope:	eq	version:	15.*<152	Trust: 0.6
vendor:	simatic step 7 tia portal	model:	-	scope:	eq	version:	13.0	Trust: 0.4
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	v120	Trust: 0.3
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	v110	Trust: 0.3
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	v15	Trust: 0.3
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	v13	Trust: 0.3
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	v11	Trust: 0.3
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	v10	Trust: 0.3
vendor:	siemens	model:	simatic step tia portal	scope:	eq	version:	7v14	Trust: 0.3
vendor:	siemens	model:	simatic step tia portal	scope:	eq	version:	7v13	Trust: 0.3
vendor:	siemens	model:	simatic step tia portal	scope:	eq	version:	7v12	Trust: 0.3
vendor:	siemens	model:	simatic step	scope:	eq	version:	7v15	Trust: 0.3
vendor:	siemens	model:	simatic step	scope:	eq	version:	7v11	Trust: 0.3
vendor:	siemens	model:	simatic step	scope:	eq	version:	7v10	Trust: 0.3
vendor:	simatic step 7 tia portal	model:	-	scope:	eq	version:	10.0	Trust: 0.2
vendor:	simatic step 7 tia portal	model:	-	scope:	eq	version:	11.0	Trust: 0.2
vendor:	simatic step 7 tia portal	model:	-	scope:	eq	version:	12.0	Trust: 0.2
vendor:	simatic step 7 tia portal	model:	-	scope:	eq	version:	14.0	Trust: 0.2
vendor:	simatic step 7 tia portal	model:	-	scope:	eq	version:	15.0	Trust: 0.2
vendor:	simatic wincc tia portal	model:	-	scope:	eq	version:	10.0	Trust: 0.2
vendor:	simatic wincc tia portal	model:	-	scope:	eq	version:	11.0	Trust: 0.2
vendor:	simatic wincc tia portal	model:	-	scope:	eq	version:	12.0	Trust: 0.2
vendor:	simatic wincc tia portal	model:	-	scope:	eq	version:	13.0	Trust: 0.2
vendor:	simatic wincc tia portal	model:	-	scope:	eq	version:	14.0	Trust: 0.2
vendor:	simatic wincc tia portal	model:	-	scope:	eq	version:	15.0	Trust: 0.2

sources: IVD: e2fc57cf-39ab-11e9-b215-000c29342cb1 // CNVD: CNVD-2018-19601 // BID: 105115 // JVNDB: JVNDB-2018-009209 // CNNVD: CNNVD-201808-241 // NVD: CVE-2018-11453

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-11453
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-11453
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-19601
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201808-241
value:	HIGH
Trust: 0.6
IVD:	e2fc57cf-39ab-11e9-b215-000c29342cb1
value:	HIGH
Trust: 0.2
VULHUB:	VHN-121314
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-11453
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-19601
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2fc57cf-39ab-11e9-b215-000c29342cb1
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-121314
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-11453
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: e2fc57cf-39ab-11e9-b215-000c29342cb1 // CNVD: CNVD-2018-19601 // VULHUB: VHN-121314 // JVNDB: JVNDB-2018-009209 // CNNVD: CNNVD-201808-241 // NVD: CVE-2018-11453

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.1
problemtype:	CWE-276	Trust: 1.0
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-121314 // JVNDB: JVNDB-2018-009209 // NVD: CVE-2018-11453

THREAT TYPE

local

Trust: 0.9

sources: BID: 105115 // CNNVD: CNNVD-201808-241

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201808-241

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-009209

PATCH

title:	SSA-979106	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf	Trust: 0.8
title:	Patch for Siemens SIMATIC STEP 7 and WinCC Denial of Service Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/140877	Trust: 0.6
title:	Siemens SIMATIC STEP 7 and WinCC Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83960	Trust: 0.6

sources: CNVD: CNVD-2018-19601 // JVNDB: JVNDB-2018-009209 // CNNVD: CNNVD-201808-241

EXTERNAL IDS

db:	NVD	id:	CVE-2018-11453	Trust: 3.6
db:	SIEMENS	id:	SSA-979106	Trust: 2.3
db:	BID	id:	105115	Trust: 2.0
db:	ICS CERT	id:	ICSA-18-226-01	Trust: 1.1
db:	CNNVD	id:	CNNVD-201808-241	Trust: 0.9
db:	CNVD	id:	CNVD-2018-19601	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-009209	Trust: 0.8
db:	IVD	id:	E2FC57CF-39AB-11E9-B215-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-121314	Trust: 0.1

sources: IVD: e2fc57cf-39ab-11e9-b215-000c29342cb1 // CNVD: CNVD-2018-19601 // VULHUB: VHN-121314 // BID: 105115 // JVNDB: JVNDB-2018-009209 // CNNVD: CNNVD-201808-241 // NVD: CVE-2018-11453

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf	Trust: 2.3
url:	http://www.securityfocus.com/bid/105115	Trust: 1.7
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-226-01	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11453	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-11453	Trust: 0.8
url:	http://www.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2018-19601 // VULHUB: VHN-121314 // BID: 105115 // JVNDB: JVNDB-2018-009209 // CNNVD: CNNVD-201808-241 // NVD: CVE-2018-11453

CREDITS

Younes Dragoni from Nozomi Networks.

Trust: 0.3

sources: BID: 105115

SOURCES

db:	IVD	id:	e2fc57cf-39ab-11e9-b215-000c29342cb1
db:	CNVD	id:	CNVD-2018-19601
db:	VULHUB	id:	VHN-121314
db:	BID	id:	105115
db:	JVNDB	id:	JVNDB-2018-009209
db:	CNNVD	id:	CNNVD-201808-241
db:	NVD	id:	CVE-2018-11453

LAST UPDATE DATE

2024-08-14T14:57:09.488000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-19601	date:	2018-09-21T00:00:00
db:	VULHUB	id:	VHN-121314	date:	2019-10-09T00:00:00
db:	BID	id:	105115	date:	2018-08-14T00:00:00
db:	JVNDB	id:	JVNDB-2018-009209	date:	2019-01-08T00:00:00
db:	CNNVD	id:	CNNVD-201808-241	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-11453	date:	2019-10-09T23:33:32.137

SOURCES RELEASE DATE

db:	IVD	id:	e2fc57cf-39ab-11e9-b215-000c29342cb1	date:	2018-09-21T00:00:00
db:	CNVD	id:	CNVD-2018-19601	date:	2018-09-21T00:00:00
db:	VULHUB	id:	VHN-121314	date:	2018-08-07T00:00:00
db:	BID	id:	105115	date:	2018-08-14T00:00:00
db:	JVNDB	id:	JVNDB-2018-009209	date:	2018-11-12T00:00:00
db:	CNNVD	id:	CNNVD-201808-241	date:	2018-08-08T00:00:00
db:	NVD	id:	CVE-2018-11453	date:	2018-08-07T15:29:00.247