ID

VAR-201812-0341


CVE

CVE-2018-13804


TITLE

plural SIMATIC Access control vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-014497

DESCRIPTION

A vulnerability has been identified in SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (Versions V7.1 < V7.1 Upd3), SIMATIC IT UA Discrete Manufacturing (Versions < V1.2), SIMATIC IT UA Discrete Manufacturing (Versions V1.2), SIMATIC IT UA Discrete Manufacturing (Versions V1.3), SIMATIC IT UA Discrete Manufacturing (Versions V2.3), SIMATIC IT UA Discrete Manufacturing (Versions V2.4). An attacker with network access to the installation could bypass the application-level authentication. In order to exploit the vulnerability, an attacker must obtain network access to an affected installation and must obtain a valid username to the system. Successful exploitation requires no user privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known. SIMATIC IT LMS , SIMATIC IT Production Suite , SIMATIC IT UA Discrete Manufacturing Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens SIMATIC IT LMS is a line monitoring system for overall equipment performance (OEE). The SIMATIC IT Production Suite is a factory production management suite. This may aid in further attacks. # ICS Advisory (ICSA-18-317-07) ## Siemens SIMATIC IT Production Suite Original release date: November 13, 2018 [Print Document](javascript:window.print\(\);) [Tweet](https://twitter.com/share?url=https%3A%2F%2Fus- cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-317-07) [Like Me](https://www.facebook.com/sharer.php?u=https%3A%2F%2Fus- cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-317-07) [Share](http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fus- cert.cisa.gov%2Fics%2Fadvisories%2FICSA-18-317-07) ### Legal Notice All information products included in [https://us-cert.gov/ics](/ics) are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information..

Trust: 2.7

sources: NVD: CVE-2018-13804 // JVNDB: JVNDB-2018-014497 // CNVD: CNVD-2018-25912 // BID: 105924 // IVD: 7d82d140-463f-11e9-9d7d-000c29342cb1 // VULHUB: VHN-123900

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 7d82d140-463f-11e9-9d7d-000c29342cb1 // CNVD: CNVD-2018-25912

AFFECTED PRODUCTS

vendor:siemensmodel:simatic it ua discrete manufacturingscope:eqversion:2.3

Trust: 1.1

vendor:siemensmodel:simatic it ua discrete manufacturingscope:eqversion:v2.4

Trust: 1.0

vendor:siemensmodel:simatic it ua discrete manufacturingscope:eqversion:v1.3

Trust: 1.0

vendor:siemensmodel:simatic it production suitescope:eqversion:v7.1

Trust: 1.0

vendor:siemensmodel:simatic it line monitoring systemscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic it ua discrete manufacturingscope:lteversion:v1.2

Trust: 1.0

vendor:siemensmodel:simatic it ua discrete manufacturingscope:eqversion:v2.3

Trust: 1.0

vendor:siemensmodel:simatic it ua discrete manufacturingscope:eqversion:2.4

Trust: 0.8

vendor:siemensmodel:simatic it lmsscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic it ua discrete manufacturingscope:eqversion:1.3

Trust: 0.8

vendor:siemensmodel:simatic it production suitescope:eqversion:7.1 upd3

Trust: 0.8

vendor:siemensmodel:simatic it ua discrete manufacturingscope:lteversion:1.2 and earlier

Trust: 0.8

vendor:siemensmodel:simatic it production suitescope:ltversion:7.1

Trust: 0.8

vendor:siemensmodel:simatic it lms allscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic it ua discrete manufacturingscope:ltversion:2.4

Trust: 0.6

vendor:siemensmodel:simatic it production suite upd3scope:eqversion:7.1.*<7.1

Trust: 0.6

vendor:siemensmodel:simatic it production suitescope:eqversion:7.1

Trust: 0.3

vendor:siemensmodel:simatic it production suitescope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic it lmsscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:telecontrol server basicscope:neversion:3.1

Trust: 0.3

vendor:siemensmodel:simatic it ua discrete manufacturingscope:neversion:2.4

Trust: 0.3

vendor:siemensmodel:simatic it production suite upd3scope:neversion:7.1

Trust: 0.3

vendor:simatic it line monitoring systemmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic it production suitemodel: - scope:eqversion:v7.1

Trust: 0.2

vendor:simatic it ua discrete manufacturingmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic it ua discrete manufacturingmodel: - scope:eqversion:v1.3

Trust: 0.2

vendor:simatic it ua discrete manufacturingmodel: - scope:eqversion:v2.3

Trust: 0.2

vendor:simatic it ua discrete manufacturingmodel: - scope:eqversion:v2.4

Trust: 0.2

sources: IVD: 7d82d140-463f-11e9-9d7d-000c29342cb1 // CNVD: CNVD-2018-25912 // BID: 105924 // JVNDB: JVNDB-2018-014497 // NVD: CVE-2018-13804

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13804
value: HIGH

Trust: 1.0

NVD: CVE-2018-13804
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-25912
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201811-484
value: HIGH

Trust: 0.6

IVD: 7d82d140-463f-11e9-9d7d-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-123900
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-13804
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-25912
severity: HIGH
baseScore: 7.3
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7d82d140-463f-11e9-9d7d-000c29342cb1
severity: HIGH
baseScore: 7.3
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-123900
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13804
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 7d82d140-463f-11e9-9d7d-000c29342cb1 // CNVD: CNVD-2018-25912 // VULHUB: VHN-123900 // JVNDB: JVNDB-2018-014497 // CNNVD: CNNVD-201811-484 // NVD: CVE-2018-13804

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-287

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-123900 // JVNDB: JVNDB-2018-014497 // NVD: CVE-2018-13804

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-484

TYPE

Access control error

Trust: 0.8

sources: IVD: 7d82d140-463f-11e9-9d7d-000c29342cb1 // CNNVD: CNNVD-201811-484

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014497

PATCH

title:SSA-886615url:https://cert-portal.siemens.com/productcert/pdf/ssa-886615.pdf

Trust: 0.8

title:Patch for Siemens SIMATIC IT LMS, SIMATIC IT Production Suite and SIMATIC IT UA Discrete Manufacturing Authorization Issue Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/147647

Trust: 0.6

title:Siemens SIMATIC IT LMS , SIMATIC IT Production Suite and SIMATIC IT UA Discrete Manufacturing Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86885

Trust: 0.6

sources: CNVD: CNVD-2018-25912 // JVNDB: JVNDB-2018-014497 // CNNVD: CNNVD-201811-484

EXTERNAL IDS

db:NVDid:CVE-2018-13804

Trust: 3.6

db:BIDid:105924

Trust: 2.0

db:ICS CERTid:ICSA-18-317-07

Trust: 1.7

db:SIEMENSid:SSA-886615

Trust: 1.7

db:CNVDid:CNVD-2018-25912

Trust: 0.8

db:CNNVDid:CNNVD-201811-484

Trust: 0.8

db:JVNDBid:JVNDB-2018-014497

Trust: 0.8

db:IVDid:7D82D140-463F-11E9-9D7D-000C29342CB1

Trust: 0.2

db:SEEBUGid:SSVID-98857

Trust: 0.1

db:VULHUBid:VHN-123900

Trust: 0.1

sources: IVD: 7d82d140-463f-11e9-9d7d-000c29342cb1 // CNVD: CNVD-2018-25912 // VULHUB: VHN-123900 // BID: 105924 // JVNDB: JVNDB-2018-014497 // CNNVD: CNNVD-201811-484 // NVD: CVE-2018-13804

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-18-317-07

Trust: 1.7

url:http://www.securityfocus.com/bid/105924

Trust: 1.7

url:https://cert-portal.siemens.com/productcert/pdf/ssa-886615.pdf

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13804

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-13804

Trust: 0.8

url:http://www.siemens.com/

Trust: 0.3

sources: CNVD: CNVD-2018-25912 // VULHUB: VHN-123900 // BID: 105924 // JVNDB: JVNDB-2018-014497 // CNNVD: CNNVD-201811-484 // NVD: CVE-2018-13804

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 105924

SOURCES

db:IVDid:7d82d140-463f-11e9-9d7d-000c29342cb1
db:CNVDid:CNVD-2018-25912
db:VULHUBid:VHN-123900
db:BIDid:105924
db:JVNDBid:JVNDB-2018-014497
db:CNNVDid:CNNVD-201811-484
db:NVDid:CVE-2018-13804

LAST UPDATE DATE

2024-08-14T13:55:40.457000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-25912date:2018-12-20T00:00:00
db:VULHUBid:VHN-123900date:2019-10-09T00:00:00
db:BIDid:105924date:2018-11-13T00:00:00
db:JVNDBid:JVNDB-2018-014497date:2019-03-29T00:00:00
db:CNNVDid:CNNVD-201811-484date:2019-10-17T00:00:00
db:NVDid:CVE-2018-13804date:2019-10-09T23:34:32.683

SOURCES RELEASE DATE

db:IVDid:7d82d140-463f-11e9-9d7d-000c29342cb1date:2018-12-20T00:00:00
db:CNVDid:CNVD-2018-25912date:2018-12-20T00:00:00
db:VULHUBid:VHN-123900date:2018-12-13T00:00:00
db:BIDid:105924date:2018-11-13T00:00:00
db:JVNDBid:JVNDB-2018-014497date:2019-03-25T00:00:00
db:CNNVDid:CNNVD-201811-484date:2018-11-15T00:00:00
db:NVDid:CVE-2018-13804date:2018-12-13T16:29:00.210