ID

VAR-201808-0743


CVE

CVE-2018-11453


TITLE

SIMATIC STEP 7 and WinCC Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-009209

DESCRIPTION

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially crafted files which may prevent TIA Portal startup (Denial-of-Service) or lead to local code execution. No special privileges are required, but the victim needs to attempt to start TIA Portal after the manipulation. SIMATIC STEP 7 and WinCC (TIA Portal ) Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens SIMATIC STEP 7 (TIA Portal) is a set of programming software for SIMATIC controllers. The software provides PLC programming, design option packages and advanced drive technology. WinCC (TIA Portal) is an automated data acquisition and monitoring (SCADA) system. The system provides functions such as process monitoring and data acquisition. The Portal starts, causing a denial of service or execution of code. Siemens SIMATIC STEP 7 and SIMATIC WinCC are prone to multiple insecure file-permissions vulnerabilities. A local attacker can exploit these issues by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks

Trust: 2.7

sources: NVD: CVE-2018-11453 // JVNDB: JVNDB-2018-009209 // CNVD: CNVD-2018-19601 // BID: 105115 // IVD: e2fc57cf-39ab-11e9-b215-000c29342cb1 // VULHUB: VHN-121314

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2fc57cf-39ab-11e9-b215-000c29342cb1 // CNVD: CNVD-2018-19601

AFFECTED PRODUCTS

vendor:siemensmodel:simatic wincc \scope:eqversion:14.0

Trust: 1.6

vendor:siemensmodel:simatic step 7 \scope:eqversion:14.0

Trust: 1.6

vendor:siemensmodel:simatic wincc \scope:eqversion:13.0

Trust: 1.6

vendor:siemensmodel:simatic wincc \scope:eqversion:15.0

Trust: 1.6

vendor:siemensmodel:simatic step 7 \scope:eqversion:13.0

Trust: 1.6

vendor:siemensmodel:simatic step 7 \scope:eqversion:15.0

Trust: 1.6

vendor:siemensmodel:simatic step 7 \scope:eqversion:12.0

Trust: 1.6

vendor:siemensmodel:simatic step 7 \scope:eqversion:11.0

Trust: 1.6

vendor:siemensmodel:simatic step 7 \scope:eqversion:10.0

Trust: 1.6

vendor:siemensmodel:simatic wincc \scope:eqversion:12.0

Trust: 1.0

vendor:siemensmodel:simatic wincc \scope:eqversion:10.0

Trust: 1.0

vendor:siemensmodel:simatic wincc \scope:eqversion:11.0

Trust: 1.0

vendor:siemensmodel:simatic step 7scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic winccscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic stepscope:eqversion:710

Trust: 0.6

vendor:siemensmodel:simatic stepscope:eqversion:711

Trust: 0.6

vendor:siemensmodel:simatic stepscope:eqversion:712

Trust: 0.6

vendor:siemensmodel:simatic stepscope:eqversion:713

Trust: 0.6

vendor:siemensmodel:simatic step sp1 updatescope:eqversion:714.*<146

Trust: 0.6

vendor:siemensmodel:simatic step updatescope:eqversion:715.*<152

Trust: 0.6

vendor:siemensmodel:winccscope:eqversion:10

Trust: 0.6

vendor:siemensmodel:winccscope:eqversion:11

Trust: 0.6

vendor:siemensmodel:winccscope:eqversion:12

Trust: 0.6

vendor:siemensmodel:winccscope:eqversion:13

Trust: 0.6

vendor:siemensmodel:wincc sp1 updatescope:eqversion:14.*<146

Trust: 0.6

vendor:siemensmodel:wincc updatescope:eqversion:15.*<152

Trust: 0.6

vendor:simatic step 7 tia portalmodel: - scope:eqversion:13.0

Trust: 0.4

vendor:siemensmodel:simatic winccscope:eqversion:v120

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:v110

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:v15

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:v13

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:v11

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:v10

Trust: 0.3

vendor:siemensmodel:simatic step tia portalscope:eqversion:7v14

Trust: 0.3

vendor:siemensmodel:simatic step tia portalscope:eqversion:7v13

Trust: 0.3

vendor:siemensmodel:simatic step tia portalscope:eqversion:7v12

Trust: 0.3

vendor:siemensmodel:simatic stepscope:eqversion:7v15

Trust: 0.3

vendor:siemensmodel:simatic stepscope:eqversion:7v11

Trust: 0.3

vendor:siemensmodel:simatic stepscope:eqversion:7v10

Trust: 0.3

vendor:simatic step 7 tia portalmodel: - scope:eqversion:10.0

Trust: 0.2

vendor:simatic step 7 tia portalmodel: - scope:eqversion:11.0

Trust: 0.2

vendor:simatic step 7 tia portalmodel: - scope:eqversion:12.0

Trust: 0.2

vendor:simatic step 7 tia portalmodel: - scope:eqversion:14.0

Trust: 0.2

vendor:simatic step 7 tia portalmodel: - scope:eqversion:15.0

Trust: 0.2

vendor:simatic wincc tia portalmodel: - scope:eqversion:10.0

Trust: 0.2

vendor:simatic wincc tia portalmodel: - scope:eqversion:11.0

Trust: 0.2

vendor:simatic wincc tia portalmodel: - scope:eqversion:12.0

Trust: 0.2

vendor:simatic wincc tia portalmodel: - scope:eqversion:13.0

Trust: 0.2

vendor:simatic wincc tia portalmodel: - scope:eqversion:14.0

Trust: 0.2

vendor:simatic wincc tia portalmodel: - scope:eqversion:15.0

Trust: 0.2

sources: IVD: e2fc57cf-39ab-11e9-b215-000c29342cb1 // CNVD: CNVD-2018-19601 // BID: 105115 // JVNDB: JVNDB-2018-009209 // CNNVD: CNNVD-201808-241 // NVD: CVE-2018-11453

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11453
value: HIGH

Trust: 1.0

NVD: CVE-2018-11453
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-19601
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201808-241
value: HIGH

Trust: 0.6

IVD: e2fc57cf-39ab-11e9-b215-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-121314
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-11453
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-19601
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2fc57cf-39ab-11e9-b215-000c29342cb1
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-121314
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-11453
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2fc57cf-39ab-11e9-b215-000c29342cb1 // CNVD: CNVD-2018-19601 // VULHUB: VHN-121314 // JVNDB: JVNDB-2018-009209 // CNNVD: CNNVD-201808-241 // NVD: CVE-2018-11453

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:CWE-276

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-121314 // JVNDB: JVNDB-2018-009209 // NVD: CVE-2018-11453

THREAT TYPE

local

Trust: 0.9

sources: BID: 105115 // CNNVD: CNNVD-201808-241

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201808-241

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-009209

PATCH

title:SSA-979106url:https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf

Trust: 0.8

title:Patch for Siemens SIMATIC STEP 7 and WinCC Denial of Service Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/140877

Trust: 0.6

title:Siemens SIMATIC STEP 7 and WinCC Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83960

Trust: 0.6

sources: CNVD: CNVD-2018-19601 // JVNDB: JVNDB-2018-009209 // CNNVD: CNNVD-201808-241

EXTERNAL IDS

db:NVDid:CVE-2018-11453

Trust: 3.6

db:SIEMENSid:SSA-979106

Trust: 2.3

db:BIDid:105115

Trust: 2.0

db:ICS CERTid:ICSA-18-226-01

Trust: 1.1

db:CNNVDid:CNNVD-201808-241

Trust: 0.9

db:CNVDid:CNVD-2018-19601

Trust: 0.8

db:JVNDBid:JVNDB-2018-009209

Trust: 0.8

db:IVDid:E2FC57CF-39AB-11E9-B215-000C29342CB1

Trust: 0.2

db:VULHUBid:VHN-121314

Trust: 0.1

sources: IVD: e2fc57cf-39ab-11e9-b215-000c29342cb1 // CNVD: CNVD-2018-19601 // VULHUB: VHN-121314 // BID: 105115 // JVNDB: JVNDB-2018-009209 // CNNVD: CNNVD-201808-241 // NVD: CVE-2018-11453

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf

Trust: 2.3

url:http://www.securityfocus.com/bid/105115

Trust: 1.7

url:https://ics-cert.us-cert.gov/advisories/icsa-18-226-01

Trust: 1.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11453

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-11453

Trust: 0.8

url:http://www.siemens.com/

Trust: 0.3

sources: CNVD: CNVD-2018-19601 // VULHUB: VHN-121314 // BID: 105115 // JVNDB: JVNDB-2018-009209 // CNNVD: CNNVD-201808-241 // NVD: CVE-2018-11453

CREDITS

Younes Dragoni from Nozomi Networks.

Trust: 0.3

sources: BID: 105115

SOURCES

db:IVDid:e2fc57cf-39ab-11e9-b215-000c29342cb1
db:CNVDid:CNVD-2018-19601
db:VULHUBid:VHN-121314
db:BIDid:105115
db:JVNDBid:JVNDB-2018-009209
db:CNNVDid:CNNVD-201808-241
db:NVDid:CVE-2018-11453

LAST UPDATE DATE

2024-08-14T14:57:09.488000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-19601date:2018-09-21T00:00:00
db:VULHUBid:VHN-121314date:2019-10-09T00:00:00
db:BIDid:105115date:2018-08-14T00:00:00
db:JVNDBid:JVNDB-2018-009209date:2019-01-08T00:00:00
db:CNNVDid:CNNVD-201808-241date:2019-10-17T00:00:00
db:NVDid:CVE-2018-11453date:2019-10-09T23:33:32.137

SOURCES RELEASE DATE

db:IVDid:e2fc57cf-39ab-11e9-b215-000c29342cb1date:2018-09-21T00:00:00
db:CNVDid:CNVD-2018-19601date:2018-09-21T00:00:00
db:VULHUBid:VHN-121314date:2018-08-07T00:00:00
db:BIDid:105115date:2018-08-14T00:00:00
db:JVNDBid:JVNDB-2018-009209date:2018-11-12T00:00:00
db:CNNVDid:CNNVD-201808-241date:2018-08-08T00:00:00
db:NVDid:CVE-2018-11453date:2018-08-07T15:29:00.247