ID

VAR-201905-0115


CVE

CVE-2019-6577


TITLE

plural SIMATIC Product cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004634

DESCRIPTION

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1 Update 1), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15.1 Update 1), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Update 1), SIMATIC WinCC Runtime Professional (All versions < V15.1 Update 1), SIMATIC WinCC (TIA Portal) (All versions < V15.1 Update 1), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify particular parts of the device configuration via SNMP. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires system privileges and user interaction. An attacker could use the vulnerability to compromise confidentiality and the integrity of the affected system. At the stage of publishing this security advisory no public exploitation is known. plural SIMATIC The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Multiple Siemens Products are prone to following security vulnerabilities: 1. An information-disclosure vulnerability 2. A cross-site-scripting vulnerability 3. A security vulnerability An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Siemens SIMATIC WinCC, etc. are all products of Siemens (Siemens) in Germany. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. Siemens SIMATIC HMI Comfort Panels is a touch panel device. Siemens SIMATIC HMI Comfort Outdoor Panels is a touch panel device specially designed for outdoor use. The vulnerability stems from the lack of correct validation of client data in WEB applications

Trust: 1.98

sources: NVD: CVE-2019-6577 // JVNDB: JVNDB-2019-004634 // BID: 108412 // VULHUB: VHN-158012

AFFECTED PRODUCTS

vendor:siemensmodel:simatic wincc \scope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panels ktp400fscope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panels ktp900fscope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi mpscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic wincc runtimescope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi comfort panelsscope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi comfort outdoor panelsscope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panels ktp900scope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panels ktp700scope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi opscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic hmi ktp mobile panels ktp700fscope:ltversion:15.1

Trust: 1.0

vendor:siemensmodel:simatic hmi tpscope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic hmi comfort outdoor panelsscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic hmi comfort panelsscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic hmi ktp mobile panels ktp400fscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic hmi ktp mobile panels ktp700scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic hmi ktp mobile panels ktp700fscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic hmi ktp mobile panels ktp900scope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic hmi ktp mobile panels ktp900fscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic winccscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic wincc runtime advancedscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic wincc runtime professionalscope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:15.1

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime professionalscope:eqversion:15

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime advancedscope:eqversion:15.1

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime advancedscope:eqversion:15

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:v15.1

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:v15

Trust: 0.3

vendor:siemensmodel:simatic hmi ktp mobile panelsscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic hmi comfort panelsscope:eqversion:15.1

Trust: 0.3

vendor:siemensmodel:simatic hmi comfort panelsscope:eqversion:15

Trust: 0.3

vendor:siemensmodel:simatic hmi comfort outdoor panelsscope:eqversion:15.1

Trust: 0.3

vendor:siemensmodel:simatic hmi comfort outdoor panelsscope:eqversion:15

Trust: 0.3

vendor:siemensmodel:simatic hmi classic devicesscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime professional updatescope:neversion:v15.11

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime advanced updatescope:neversion:15.11

Trust: 0.3

vendor:siemensmodel:simatic wincc updatescope:neversion:v15.11

Trust: 0.3

vendor:siemensmodel:simatic hmi ktp mobile updatescope:neversion:15.11

Trust: 0.3

vendor:siemensmodel:simatic hmi comfort panels updatescope:neversion:15.11

Trust: 0.3

vendor:siemensmodel:simatic hmi comfort outdoor panels updatescope:neversion:15.11

Trust: 0.3

sources: BID: 108412 // JVNDB: JVNDB-2019-004634 // NVD: CVE-2019-6577

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6577
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-6577
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-588
value: MEDIUM

Trust: 0.6

VULHUB: VHN-158012
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-6577
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-158012
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6577
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-158012 // JVNDB: JVNDB-2019-004634 // CNNVD: CNNVD-201905-588 // NVD: CVE-2019-6577

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

problemtype:CWE-80

Trust: 1.0

sources: VULHUB: VHN-158012 // JVNDB: JVNDB-2019-004634 // NVD: CVE-2019-6577

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-588

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201905-588

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004634

PATCH

title:SSA-804486url:https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf

Trust: 0.8

title:Siemens SIMATIC Panels and WinCC Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92738

Trust: 0.6

sources: JVNDB: JVNDB-2019-004634 // CNNVD: CNNVD-201905-588

EXTERNAL IDS

db:NVDid:CVE-2019-6577

Trust: 2.8

db:ICS CERTid:ICSA-19-134-09

Trust: 2.8

db:BIDid:108412

Trust: 2.0

db:SIEMENSid:SSA-804486

Trust: 1.7

db:JVNDBid:JVNDB-2019-004634

Trust: 0.8

db:CNNVDid:CNNVD-201905-588

Trust: 0.7

db:ICS CERTid:ICSA-19-134-02

Trust: 0.6

db:AUSCERTid:ESB-2019.1716.2

Trust: 0.6

db:CNVDid:CNVD-2021-54365

Trust: 0.1

db:VULHUBid:VHN-158012

Trust: 0.1

sources: VULHUB: VHN-158012 // BID: 108412 // JVNDB: JVNDB-2019-004634 // CNNVD: CNNVD-201905-588 // NVD: CVE-2019-6577

REFERENCES

url:http://www.securityfocus.com/bid/108412

Trust: 2.3

url:https://www.us-cert.gov/ics/advisories/icsa-19-134-09

Trust: 1.9

url:https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-6577

Trust: 1.4

url:http://subscriber.communications.siemens.com/

Trust: 0.9

url:https://ics-cert.us-cert.gov/advisories/icsa-19-134-09

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6577

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-19-134-02-0

Trust: 0.6

url:https://vigilance.fr/vulnerability/simatic-wincc-multiple-vulnerabilities-29288

Trust: 0.6

url:https://www.auscert.org.au/bulletins/80946

Trust: 0.6

sources: VULHUB: VHN-158012 // BID: 108412 // JVNDB: JVNDB-2019-004634 // CNNVD: CNNVD-201905-588 // NVD: CVE-2019-6577

CREDITS

Siemens ProductCERT reported these vulnerabilities to NCCIC.,Siemens ProductCERT

Trust: 0.6

sources: CNNVD: CNNVD-201905-588

SOURCES

db:VULHUBid:VHN-158012
db:BIDid:108412
db:JVNDBid:JVNDB-2019-004634
db:CNNVDid:CNNVD-201905-588
db:NVDid:CVE-2019-6577

LAST UPDATE DATE

2024-08-14T13:26:21.741000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-158012date:2019-05-22T00:00:00
db:BIDid:108412date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-004634date:2019-07-09T00:00:00
db:CNNVDid:CNNVD-201905-588date:2019-05-23T00:00:00
db:NVDid:CVE-2019-6577date:2019-05-22T16:29:01.823

SOURCES RELEASE DATE

db:VULHUBid:VHN-158012date:2019-05-14T00:00:00
db:BIDid:108412date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-004634date:2019-06-05T00:00:00
db:CNNVDid:CNNVD-201905-588date:2019-05-14T00:00:00
db:NVDid:CVE-2019-6577date:2019-05-14T20:29:04.623