Details of VAR-201905-0115

ID

VAR-201905-0115

CVE

CVE-2019-6577

TITLE

plural SIMATIC Product cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004634

DESCRIPTION

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify particular parts of the device configuration via SNMP. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires system privileges and user interaction. An attacker could use the vulnerability to compromise confidentiality and the integrity of the affected system. At the stage of publishing this security advisory no public exploitation is known. plural SIMATIC The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Multiple Siemens Products are prone to following security vulnerabilities: 1. An information-disclosure vulnerability 2. A cross-site-scripting vulnerability 3. A security vulnerability An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Siemens SIMATIC WinCC, etc. are all products of Siemens (Siemens) in Germany. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. Siemens SIMATIC HMI Comfort Panels is a touch panel device. Siemens SIMATIC HMI Comfort Outdoor Panels is a touch panel device specially designed for outdoor use. The vulnerability stems from the lack of correct validation of client data in WEB applications

Trust: 1.98

sources: NVD: CVE-2019-6577 // JVNDB: JVNDB-2019-004634 // BID: 108412 // VULHUB: VHN-158012

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic wincc \	scope:	lt	version:	15.1	Trust: 1.0
vendor:	siemens	model:	simatic hmi ktp mobile panels ktp400f	scope:	lt	version:	15.1	Trust: 1.0
vendor:	siemens	model:	simatic hmi ktp mobile panels ktp900f	scope:	lt	version:	15.1	Trust: 1.0
vendor:	siemens	model:	simatic hmi mp	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic wincc runtime	scope:	lt	version:	15.1	Trust: 1.0
vendor:	siemens	model:	simatic hmi comfort panels	scope:	lt	version:	15.1	Trust: 1.0
vendor:	siemens	model:	simatic hmi comfort outdoor panels	scope:	lt	version:	15.1	Trust: 1.0
vendor:	siemens	model:	simatic hmi ktp mobile panels ktp900	scope:	lt	version:	15.1	Trust: 1.0
vendor:	siemens	model:	simatic hmi ktp mobile panels ktp700	scope:	lt	version:	15.1	Trust: 1.0
vendor:	siemens	model:	simatic hmi op	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic hmi ktp mobile panels ktp700f	scope:	lt	version:	15.1	Trust: 1.0
vendor:	siemens	model:	simatic hmi tp	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	simatic hmi comfort outdoor panels	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic hmi comfort panels	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic hmi ktp mobile panels ktp400f	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic hmi ktp mobile panels ktp700	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic hmi ktp mobile panels ktp700f	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic hmi ktp mobile panels ktp900	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic hmi ktp mobile panels ktp900f	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic wincc	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic wincc runtime advanced	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic wincc runtime professional	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic wincc runtime professional	scope:	eq	version:	15.1	Trust: 0.3
vendor:	siemens	model:	simatic wincc runtime professional	scope:	eq	version:	15	Trust: 0.3
vendor:	siemens	model:	simatic wincc runtime advanced	scope:	eq	version:	15.1	Trust: 0.3
vendor:	siemens	model:	simatic wincc runtime advanced	scope:	eq	version:	15	Trust: 0.3
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	v15.1	Trust: 0.3
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	v15	Trust: 0.3
vendor:	siemens	model:	simatic hmi ktp mobile panels	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	simatic hmi comfort panels	scope:	eq	version:	15.1	Trust: 0.3
vendor:	siemens	model:	simatic hmi comfort panels	scope:	eq	version:	15	Trust: 0.3
vendor:	siemens	model:	simatic hmi comfort outdoor panels	scope:	eq	version:	15.1	Trust: 0.3
vendor:	siemens	model:	simatic hmi comfort outdoor panels	scope:	eq	version:	15	Trust: 0.3
vendor:	siemens	model:	simatic hmi classic devices	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	simatic wincc runtime professional update	scope:	ne	version:	v15.11	Trust: 0.3
vendor:	siemens	model:	simatic wincc runtime advanced update	scope:	ne	version:	15.11	Trust: 0.3
vendor:	siemens	model:	simatic wincc update	scope:	ne	version:	v15.11	Trust: 0.3
vendor:	siemens	model:	simatic hmi ktp mobile update	scope:	ne	version:	15.11	Trust: 0.3
vendor:	siemens	model:	simatic hmi comfort panels update	scope:	ne	version:	15.11	Trust: 0.3
vendor:	siemens	model:	simatic hmi comfort outdoor panels update	scope:	ne	version:	15.11	Trust: 0.3

sources: BID: 108412 // JVNDB: JVNDB-2019-004634 // NVD: CVE-2019-6577

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6577
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-6577
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201905-588
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-158012
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-6577
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-158012
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6577
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-158012 // JVNDB: JVNDB-2019-004634 // CNNVD: CNNVD-201905-588 // NVD: CVE-2019-6577

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.9
problemtype:	CWE-80	Trust: 1.0

sources: VULHUB: VHN-158012 // JVNDB: JVNDB-2019-004634 // NVD: CVE-2019-6577

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-588

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201905-588

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004634

PATCH

title:	SSA-804486	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf	Trust: 0.8
title:	Siemens SIMATIC Panels and WinCC Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92738	Trust: 0.6

sources: JVNDB: JVNDB-2019-004634 // CNNVD: CNNVD-201905-588

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6577	Trust: 2.8
db:	ICS CERT	id:	ICSA-19-134-09	Trust: 2.8
db:	BID	id:	108412	Trust: 2.0
db:	SIEMENS	id:	SSA-804486	Trust: 1.7
db:	JVNDB	id:	JVNDB-2019-004634	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-588	Trust: 0.7
db:	ICS CERT	id:	ICSA-19-134-02	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1716.2	Trust: 0.6
db:	CNVD	id:	CNVD-2021-54365	Trust: 0.1
db:	VULHUB	id:	VHN-158012	Trust: 0.1

sources: VULHUB: VHN-158012 // BID: 108412 // JVNDB: JVNDB-2019-004634 // CNNVD: CNNVD-201905-588 // NVD: CVE-2019-6577

REFERENCES

url:	http://www.securityfocus.com/bid/108412	Trust: 2.3
url:	https://www.us-cert.gov/ics/advisories/icsa-19-134-09	Trust: 1.9
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6577	Trust: 1.4
url:	http://subscriber.communications.siemens.com/	Trust: 0.9
url:	https://ics-cert.us-cert.gov/advisories/icsa-19-134-09	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6577	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-19-134-02-0	Trust: 0.6
url:	https://vigilance.fr/vulnerability/simatic-wincc-multiple-vulnerabilities-29288	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/80946	Trust: 0.6

sources: VULHUB: VHN-158012 // BID: 108412 // JVNDB: JVNDB-2019-004634 // CNNVD: CNNVD-201905-588 // NVD: CVE-2019-6577

CREDITS

Siemens ProductCERT reported these vulnerabilities to NCCIC.,Siemens ProductCERT

Trust: 0.6

sources: CNNVD: CNNVD-201905-588

SOURCES

db:	VULHUB	id:	VHN-158012
db:	BID	id:	108412
db:	JVNDB	id:	JVNDB-2019-004634
db:	CNNVD	id:	CNNVD-201905-588
db:	NVD	id:	CVE-2019-6577

LAST UPDATE DATE

2024-08-14T13:26:21.741000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-158012	date:	2019-05-22T00:00:00
db:	BID	id:	108412	date:	2019-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-004634	date:	2019-07-09T00:00:00
db:	CNNVD	id:	CNNVD-201905-588	date:	2019-05-23T00:00:00
db:	NVD	id:	CVE-2019-6577	date:	2019-05-22T16:29:01.823

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-158012	date:	2019-05-14T00:00:00
db:	BID	id:	108412	date:	2019-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-004634	date:	2019-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201905-588	date:	2019-05-14T00:00:00
db:	NVD	id:	CVE-2019-6577	date:	2019-05-14T20:29:04.623