ID

VAR-201809-0289


CVE

CVE-2018-13799


TITLE

SIMATIC WinCC OA Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-011290

DESCRIPTION

A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability could be exploited by an attacker with network access to port 5678/TCP of the SIMATIC WinCC OA V3.14 server. Successful exploitation requires no user privileges and no user interaction. This vulnerability could allow an attacker to compromise integrity and availability of the SIMATIC WinCC OA system. At the time of advisory publication no public exploitation of this vulnerability was known. SIMATIC WinCC OA Contains an access control vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. The client-server HMI (Human Machine Interface) system SIMATIC WinCC Open Architecture (OA) is part of the SIMATIC HMI family. It is designed for applications that require a high degree of customer-specific adaptation, large or complex applications, and projects that impose specific system requirements or functionality. A privilege elevation vulnerability exists in SIMATIC WinCC OAV 3.14 and earlier, allowing unauthenticated remote users to upgrade their rights in the context of SIMATIC WinCC OAV 3.14. Siemens SIMATIC WinCC OA is prone to an access-bypass vulnerability. An attacker can exploit this issue to gain elevated privileges. Siemens SIMATIC WinCC OA (Open Architecture) is a SCADA system of Siemens (Siemens) in Germany, and it is also an integral part of the HMI series. The system is mainly applicable to industries such as rail transit, building automation and public power supply

Trust: 2.7

sources: NVD: CVE-2018-13799 // JVNDB: JVNDB-2018-011290 // CNVD: CNVD-2018-18613 // BID: 105332 // IVD: e2fa34f0-39ab-11e9-96c7-000c29342cb1 // VULHUB: VHN-123894

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e2fa34f0-39ab-11e9-96c7-000c29342cb1 // CNVD: CNVD-2018-18613

AFFECTED PRODUCTS

vendor:siemensmodel:simatic wincc open architecturescope:lteversion:3.14

Trust: 1.0

vendor:siemensmodel:wincc oascope:lteversion:<=v3.14

Trust: 0.8

vendor:siemensmodel:simatic wincc oascope:ltversion:3.14-p021

Trust: 0.8

vendor:siemensmodel:simatic wincc open architecturescope:eqversion:3.14

Trust: 0.6

vendor:siemensmodel:simatic wincc oascope:eqversion:3.8

Trust: 0.3

vendor:siemensmodel:simatic wincc oascope:eqversion:3.14

Trust: 0.3

vendor:siemensmodel:simatic wincc oa p002scope:eqversion:3.12

Trust: 0.3

vendor:siemensmodel:simatic wincc oascope:eqversion:3.12

Trust: 0.3

vendor:siemensmodel:simatic wincc oa 3.14-p021scope:neversion: -

Trust: 0.3

sources: IVD: e2fa34f0-39ab-11e9-96c7-000c29342cb1 // CNVD: CNVD-2018-18613 // BID: 105332 // JVNDB: JVNDB-2018-011290 // CNNVD: CNNVD-201809-573 // NVD: CVE-2018-13799

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13799
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-13799
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-18613
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201809-573
value: CRITICAL

Trust: 0.6

IVD: e2fa34f0-39ab-11e9-96c7-000c29342cb1
value: CRITICAL

Trust: 0.2

VULHUB: VHN-123894
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-13799
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-18613
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2fa34f0-39ab-11e9-96c7-000c29342cb1
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-123894
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13799
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: IVD: e2fa34f0-39ab-11e9-96c7-000c29342cb1 // CNVD: CNVD-2018-18613 // VULHUB: VHN-123894 // JVNDB: JVNDB-2018-011290 // CNNVD: CNNVD-201809-573 // NVD: CVE-2018-13799

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-269

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-123894 // JVNDB: JVNDB-2018-011290 // NVD: CVE-2018-13799

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-573

TYPE

Access control error

Trust: 0.8

sources: IVD: e2fa34f0-39ab-11e9-96c7-000c29342cb1 // CNNVD: CNNVD-201809-573

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011290

PATCH

title:SSA-346256url:https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf

Trust: 0.8

title:Patch for SIMATIC WinCCOA privilege escalation vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/140015

Trust: 0.6

title:Siemens SIMATIC WinCC OA Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84840

Trust: 0.6

sources: CNVD: CNVD-2018-18613 // JVNDB: JVNDB-2018-011290 // CNNVD: CNNVD-201809-573

EXTERNAL IDS

db:NVDid:CVE-2018-13799

Trust: 3.6

db:SIEMENSid:SSA-346256

Trust: 2.3

db:BIDid:105332

Trust: 2.0

db:ICS CERTid:ICSA-18-254-04

Trust: 1.1

db:CNNVDid:CNNVD-201809-573

Trust: 0.9

db:CNVDid:CNVD-2018-18613

Trust: 0.8

db:JVNDBid:JVNDB-2018-011290

Trust: 0.8

db:IVDid:E2FA34F0-39AB-11E9-96C7-000C29342CB1

Trust: 0.2

db:SEEBUGid:SSVID-98899

Trust: 0.1

db:VULHUBid:VHN-123894

Trust: 0.1

sources: IVD: e2fa34f0-39ab-11e9-96c7-000c29342cb1 // CNVD: CNVD-2018-18613 // VULHUB: VHN-123894 // BID: 105332 // JVNDB: JVNDB-2018-011290 // CNNVD: CNNVD-201809-573 // NVD: CVE-2018-13799

REFERENCES

url:http://www.securityfocus.com/bid/105332

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf

Trust: 1.7

url:https://ics-cert.us-cert.gov/advisories/icsa-18-254-04

Trust: 1.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13799

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-13799

Trust: 0.8

url:https://cert-portal.siemens.com/productcert/txt/ssa-346256.txt

Trust: 0.6

url:http://www.siemens.com/

Trust: 0.3

sources: CNVD: CNVD-2018-18613 // VULHUB: VHN-123894 // BID: 105332 // JVNDB: JVNDB-2018-011290 // CNNVD: CNNVD-201809-573 // NVD: CVE-2018-13799

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 105332

SOURCES

db:IVDid:e2fa34f0-39ab-11e9-96c7-000c29342cb1
db:CNVDid:CNVD-2018-18613
db:VULHUBid:VHN-123894
db:BIDid:105332
db:JVNDBid:JVNDB-2018-011290
db:CNNVDid:CNNVD-201809-573
db:NVDid:CVE-2018-13799

LAST UPDATE DATE

2024-08-14T15:07:53.340000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-18613date:2018-09-13T00:00:00
db:VULHUBid:VHN-123894date:2019-10-09T00:00:00
db:BIDid:105332date:2018-09-11T00:00:00
db:JVNDBid:JVNDB-2018-011290date:2019-01-09T00:00:00
db:CNNVDid:CNNVD-201809-573date:2019-10-17T00:00:00
db:NVDid:CVE-2018-13799date:2019-10-09T23:34:31.967

SOURCES RELEASE DATE

db:IVDid:e2fa34f0-39ab-11e9-96c7-000c29342cb1date:2018-09-13T00:00:00
db:CNVDid:CNVD-2018-18613date:2018-09-13T00:00:00
db:VULHUBid:VHN-123894date:2018-09-12T00:00:00
db:BIDid:105332date:2018-09-11T00:00:00
db:JVNDBid:JVNDB-2018-011290date:2019-01-09T00:00:00
db:CNNVDid:CNNVD-201809-573date:2018-09-13T00:00:00
db:NVDid:CVE-2018-13799date:2018-09-12T13:29:00.907